From 7005e25e2cacdb8492ecfe29c681bb8129f96cca Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Tue, 31 May 2016 16:01:08 -0400
Subject: [PATCH] expose control over unpriv perf access to shell

(Cherry picked from commit 38ac77e4c2b3c3212446de2f5ccc42a4311e65fc)

This allows the shell user to control whether unprivileged access to
perf events is allowed.

To enable unprivileged access to perf:

    adb shell setprop security.perf_harden 0

To disable it again:

    adb shell setprop security.perf_harden 1

This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.

Bug: 29054680

Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
---
 property_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/property_contexts b/property_contexts
index 70a80803b..94d08f19e 100644
--- a/property_contexts
+++ b/property_contexts
@@ -34,6 +34,7 @@ debug.db.               u:object_r:debuggerd_prop:s0
 dumpstate.              u:object_r:dumpstate_prop:s0
 log.                    u:object_r:log_prop:s0
 log.tag.WifiHAL         u:object_r:wifi_log_prop:s0
+security.perf_harden    u:object_r:shell_prop:s0
 service.adb.root        u:object_r:shell_prop:s0
 service.adb.tcp.port    u:object_r:shell_prop:s0
 
-- 
GitLab