FROMLIST: security,perf: Allow further restriction of perf_event_open (88ec9674) · Commits · Android-smartphones / bq / namek / android_kernel_bq_namek

Commit 88ec9674 authored May 29, 2016 by Jeff Vander Stoep Committed by Gerrit - the friendly Code Review server Aug 22, 2016

Browse files

FROMLIST: security,perf: Allow further restriction of perf_event_open

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN).  This version doesn't include making
the variable read-only.  It also allows enabling further restriction
at run-time regardless of whether the default is changed.

https://lkml.org/lkml/2016/1/11/587



Conflicts:
	kernel/events/core.c

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
Bug: 29054680
Bug: 29119870
Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8
(cherry picked from commit f16929ac8586f37949c638c738a6f0de969ed1ea)

parent a38c99dd

Hide whitespace changes

Inline Side-by-side

Please register or to comment