From 0a19efb2cea9200f6507dc8377afd4ddeeed7234 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 1 Jun 2016 13:44:47 -0700
Subject: [PATCH] ANDROID: restrict access to perf events

Add:
CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y

to android-base.cfg

The kernel.perf_event_paranoid sysctl is set to 3 by default.
No unprivileged use of the perf_event_open syscall will be
permitted unless it is changed.

Bug: 29054680
Change-Id: Ie7512259150e146d8e382dc64d40e8faaa438917
---
 android/configs/android-base.cfg | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/android/configs/android-base.cfg b/android/configs/android-base.cfg
index 6d5e2f4b2abc..f20b6a9aa90d 100644
--- a/android/configs/android-base.cfg
+++ b/android/configs/android-base.cfg
@@ -123,6 +123,12 @@ CONFIG_PREEMPT=y
 CONFIG_RESOURCE_COUNTERS=y
 CONFIG_RTC_CLASS=y
 CONFIG_RT_GROUP_SCHED=y
+CONFIG_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SND=y
+CONFIG_SOUND=y
 CONFIG_STAGING=y
 CONFIG_SWITCH=y
 CONFIG_SYNC=y
-- 
GitLab