aboutsummaryrefslogtreecommitdiff
path: root/android/configs
Commit message (Collapse)AuthorAgeFilesLines
* android: base-cfg: disable CONFIG_NFSD and CONFIG_NFS_FSRoberto Pereira2017-06-281-1/+2
| | | | | | Signed-off-by: Roberto Pereira <rpere@google.com> Bug:37753761 Change-Id: Ie98651c777b3729400ff8876d56f4008703cc785
* disable aio support in recommended configurationDaniel Micay2017-05-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | The aio interface adds substantial attack surface for a feature that's not being exposed by Android at all. It's unlikely that anyone is using the kernel feature directly either. This feature is rarely used even on servers. The glibc POSIX aio calls really use thread pools. The lack of widespread usage also means this is relatively poorly audited/tested. The kernel's aio rarely provides performance benefits over using a thread pool and is quite incomplete in terms of system call coverage along with having edge cases where blocking can occur. Part of the performance issue is the fact that it only supports direct io, not buffered io. The existing API is considered fundamentally flawed and it's unlikely it will be expanded, but rather replaced: https://marc.info/?l=linux-aio&m=145255815216051&w=2 Since ext4 encryption means no direct io support, kernel aio isn't even going to work properly on Android devices using file-based encryption. Change-Id: Iccc7cab4437791240817e6275a23e1d3f4a47f2d Signed-off-by: Daniel Micay <danielmicay@gmail.com>
* ANDROID: android-base.cfg: add CONFIG_MODULES optionGreg Kroah-Hartman2017-04-131-0/+3
| | | | | | | | This adds CONFIG_MODULES, CONFIG_MODULE_UNLOAD, and CONFIG_MODVERSIONS which are required by the O release. Bug: 35803310 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
* ANDROID: android-base.cfg: add CONFIG_IKCONFIG optionGreg Kroah-Hartman2017-04-131-0/+2
| | | | | | | | This adds CONFIG_IKCONFIG and CONFIG_IKCONFIG_PROC options, which are a requirement for the O release. Bug: 35803310 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
* ANDROID: android-base.cfg: properly sort the fileGreg Kroah-Hartman2017-04-131-1/+1
| | | | | | | It somehow got out of alphabetical order, fix it to make merges and testing easier. Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
* ANDROID: base-cfg: enable CONFIG_IP_NF_NATAmit Pundir2017-04-131-0/+1
| | | | | | | | | | | | | | IP_NF_TARGET_{MASQUERADE,NETMAP,REDIRECT} configs, already enabled in android-base.cfg for tethering, are of no use if CONFIG_IP_NF_NAT is not enabled. Don't rely on platform config for that and enable CONFIG_IP_NF_NAT in android-base.cfg as well. Change-Id: Ic72bcebbd925b142b09539466bf963188c83108a Signed-off-by: Amit Pundir <amit.pundir@linaro.org> (cherry picked from commit 9f6bbb427fc67e5caceec70741def34234078f97) Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
* android: base-cfg: Add CONFIG_INET_DIAG_DESTROYDmitry Shmidt2017-04-131-0/+1
| | | | | | | Change-Id: I67430b05eca8fd520d2795d3db60faf2ec0fab9e Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> (cherry picked from commit 03fbd079bac71e15a414082cb5aee980ce2935be) Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
* config/android: Remove CONFIG_IPV6_PRIVACYBorislav Petkov2017-04-131-1/+0
| | | | | | | | | | | | | Option is long gone, see commit 5d9efa7ee99e ("ipv6: Remove privacy config option.") Link: http://lkml.kernel.org/r/20160811170340.9859-1-bp@alien8.de Signed-off-by: Borislav Petkov <bp@suse.de> Cc: Rob Herring <robh@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit a2c6a235dbf4318fc7f7981932478e6c47f093ab) Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
* android: base-cfg: remove CONFIG_IP[6]_NF_TARGET_REJECT_SKERRLorenzo Colitti2017-04-111-2/+0
| | | | | | | The corresponding code is gone and the unit tests check for its absence. Change-Id: Ia1d63f3af21242e38418db208ec222e61e633615
* android: base-cfg: enable CONFIG_INET_DIAG_DESTROYLorenzo Colitti2017-04-111-0/+1
| | | | | | | As of Android N, this is required to close sockets when a network disconnects. Change-Id: I9fe81c5fc5224c17bfd8d9e236ea9e436b5971cb
* ANDROID: android-base: Enable QUOTA related configsJin Qian2017-04-111-0/+4
| | | | | Bug: 33757366 Change-Id: Iec4f55c3ca4a16dbc8695054f481d9261c56d0f6
* ANDROID: base-cfg: enable SECCOMP configYongqin Liu2017-04-111-0/+1
| | | | | | | | | | | | | | Enable seccomp config CONFIG_SECCOMP=y Otherwise we will get mediacode error like this on Android N: E /system/bin/mediaextractor: libminijail: prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER): Invalid argument Change-Id: I2477b6a2cfdded5c0ebf6ffbb6150b0e5fe2ba12 Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org> Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
* android: base-cfg: enable CONFIG_QUOTARom Lemarchand2017-04-111-0/+1
| | | | | | Bug: 28032718 Change-Id: I7cb6b641f72085e69b90dca11d2ea68adcd02390 (cherry picked from commit e1b53a388e9cfcf870520a6899a37456cf1ae2c6)
* ANDROID: android: base-cfg: disable CONFIG_SYSVIPCGreg Hackmann2017-04-111-1/+1
| | | | | | | | | | Android SELinux policies block SysV IPC. New kernels should not be built with it. Bug: 22300191 Change-Id: Ia4bcb179ff71825cab19eed603d4064a8d061a93 Signed-off-by: Greg Hackmann <ghackmann@google.com>
* add CC_STACK_PROTECTOR_STRONG to android-recommended.cfg so regening defconf ↵Moyster2016-11-181-0/+1
| | | | doesn't unset it
* ANDROID: restrict access to perf eventsJeff Vander Stoep2016-09-101-0/+6
| | | | | | | | | | | | | | Add: CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y to android-base.cfg The kernel.perf_event_paranoid sysctl is set to 3 by default. No unprivileged use of the perf_event_open syscall will be permitted unless it is changed. Bug: 29054680 Change-Id: Ie7512259150e146d8e382dc64d40e8faaa438917
* first commitMeizu OpenSource2016-08-153-0/+277
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-14 05:58:40 +0000