diff options
author | Daniel Micay <danielmicay@gmail.com> | 2015-09-04 16:23:01 -0400 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2016-07-21 15:12:28 -0700 |
commit | 32fb3656b2948a811df17a24b02b15186578160d (patch) | |
tree | 5c8b833ebd2c348701f6b156b284122f2db5d20e | |
parent | edd2a148a60c3e7d987703048a68b167ad43489e (diff) | |
download | core-marshmallow-dr-dragon-release.tar.gz |
add a property for controlling perf_event_paranoidandroid-6.0.1_r63marshmallow-dr-dragon-release
This adds a system property for controlling unprivileged access to
perf_event_paranoid. It depends on adding kernel support for
perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to
completely disable unprivileged access to perf. A minimal port of this
feature is used in the vanilla Debian kernel by default.
It hides the non-hardened value as an implementation detail, since while
it is currently 1, it will probably become 2 in the future.
(Cherry picked from commit 2b22a66382db8a2fdf5ed7a685085a6d7d67cf12)
Bug: 29054680
Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
(cherry picked from commit d4421f1962f127f98576944a27820b3a87efa69d)
-rw-r--r-- | rootdir/init.rc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index 317207c70..900e356b4 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -544,6 +544,11 @@ on property:sys.sysctl.extra_free_kbytes=* on property:sys.sysctl.tcp_def_init_rwnd=* write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} +on property:security.perf_harden=0 + write /proc/sys/kernel/perf_event_paranoid 1 + +on property:security.perf_harden=1 + write /proc/sys/kernel/perf_event_paranoid 3 ## Daemon processes to be run by init. ## |