From 28a075dcd53b67e19de16389e9f453eaa6ffa06b Mon Sep 17 00:00:00 2001
From: Menghui_Wu <menghui_wu@asus.com>
Date: Wed, 11 May 2016 12:42:50 +0800
Subject: [PATCH] defconfig: msm: Disable CONFIG_SYSVIPC

As per latest upstream status, android SELinux policies
block SysV IPC and new kernels should not be built with
it. Disable SYSVIPC for all msm defconfigs.

CVE: CVE-2015-6646
Bug: 22300191

Change-Id: I9ba52d56bc8206d055f8107eda2efdf9f8552396
Reviewed-on: http://mcrd1-22-pc.corpnet.asus/code-review/master/229953
Reviewed-by: Jupiter Chen <jupiter_chen@asus.com>
Reviewed-by: Wu, Meng-Hui <menghui_wu@asus.com>
Tested-by: Wu, Meng-Hui <menghui_wu@asus.com>
---
 android/configs/android-base.cfg                     | 2 +-
 arch/arm/configs/sparrow_user_msm8226-perf_defconfig | 2 +-
 arch/arm/configs/sparrow_userdebug_msm8226_defconfig | 2 +-
 arch/arm/configs/wren_user_msm8226-perf_defconfig    | 2 +-
 arch/arm/configs/wren_userdebug_msm8226_defconfig    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/android/configs/android-base.cfg b/android/configs/android-base.cfg
index 5b888487ede1..fa4f626b0066 100644
--- a/android/configs/android-base.cfg
+++ b/android/configs/android-base.cfg
@@ -2,6 +2,7 @@
 # CONFIG_INET_LRO is not set
 # CONFIG_MODULES is not set
 # CONFIG_OABI_COMPAT is not set
+# CONFIG_SYSVIPC is not set
 CONFIG_ANDROID=y
 CONFIG_ANDROID_BINDER_IPC=y
 CONFIG_ANDROID_INTF_ALARM_DEV=y
@@ -130,7 +131,6 @@ CONFIG_RT_GROUP_SCHED=y
 CONFIG_STAGING=y
 CONFIG_SWITCH=y
 CONFIG_SYNC=y
-CONFIG_SYSVIPC=y
 CONFIG_TUN=y
 CONFIG_UNIX=y
 CONFIG_USB_GADGET=y
diff --git a/arch/arm/configs/sparrow_user_msm8226-perf_defconfig b/arch/arm/configs/sparrow_user_msm8226-perf_defconfig
index 2aeb1787920d..684f3965bf48 100644
--- a/arch/arm/configs/sparrow_user_msm8226-perf_defconfig
+++ b/arch/arm/configs/sparrow_user_msm8226-perf_defconfig
@@ -1,5 +1,5 @@
 # CONFIG_ARM_PATCH_PHYS_VIRT is not set
-CONFIG_SYSVIPC=y
+# CONFIG_SYSVIPC is not set
 CONFIG_AUDIT=y
 CONFIG_NO_HZ=y
 CONFIG_HIGH_RES_TIMERS=y
diff --git a/arch/arm/configs/sparrow_userdebug_msm8226_defconfig b/arch/arm/configs/sparrow_userdebug_msm8226_defconfig
index e9bc021c86e6..8999bb6028c6 100644
--- a/arch/arm/configs/sparrow_userdebug_msm8226_defconfig
+++ b/arch/arm/configs/sparrow_userdebug_msm8226_defconfig
@@ -1,5 +1,5 @@
 # CONFIG_ARM_PATCH_PHYS_VIRT is not set
-CONFIG_SYSVIPC=y
+# CONFIG_SYSVIPC is not set
 CONFIG_AUDIT=y
 CONFIG_NO_HZ=y
 CONFIG_HIGH_RES_TIMERS=y
diff --git a/arch/arm/configs/wren_user_msm8226-perf_defconfig b/arch/arm/configs/wren_user_msm8226-perf_defconfig
index cd9d406e7479..2f1f5bb67952 100644
--- a/arch/arm/configs/wren_user_msm8226-perf_defconfig
+++ b/arch/arm/configs/wren_user_msm8226-perf_defconfig
@@ -1,5 +1,5 @@
 # CONFIG_ARM_PATCH_PHYS_VIRT is not set
-CONFIG_SYSVIPC=y
+# CONFIG_SYSVIPC is not set
 CONFIG_AUDIT=y
 CONFIG_NO_HZ=y
 CONFIG_HIGH_RES_TIMERS=y
diff --git a/arch/arm/configs/wren_userdebug_msm8226_defconfig b/arch/arm/configs/wren_userdebug_msm8226_defconfig
index e3a9ee491a31..05ebc4b68829 100644
--- a/arch/arm/configs/wren_userdebug_msm8226_defconfig
+++ b/arch/arm/configs/wren_userdebug_msm8226_defconfig
@@ -1,5 +1,5 @@
 # CONFIG_ARM_PATCH_PHYS_VIRT is not set
-CONFIG_SYSVIPC=y
+# CONFIG_SYSVIPC is not set
 CONFIG_AUDIT=y
 CONFIG_NO_HZ=y
 CONFIG_HIGH_RES_TIMERS=y
-- 
GitLab