android_kernel_google_msm/kernel
Jeff Vander Stoep 6301d0d07c FROMLIST: security,perf: Allow further restriction of perf_event_open
When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN).  This version doesn't include making
the variable read-only.  It also allows enabling further restriction
at run-time regardless of whether the default is changed.

https://lkml.org/lkml/2016/1/11/587

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Bug: 29054680
Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8
2016-06-20 19:00:29 +00:00
..
debug debug: add parameters to prevent entering debug mode on errors 2012-05-18 17:03:10 -07:00
events FROMLIST: security,perf: Allow further restriction of perf_event_open 2016-06-20 19:00:29 +00:00
gcov
irq random: remove rand_initialize_irq() 2013-09-09 17:01:42 -07:00
power Power: Changes the permission to read only for sysfs file 2014-08-05 19:00:47 +00:00
sched flo: Put device-specific code behind #ifndef CONFIG_UML. 2015-05-20 15:22:06 +09:00
time timekeeping: fix 32-bit overflow in get_monotonic_boottime 2013-04-18 16:08:05 -07:00
trace msm: null pointer dereferencing 2016-01-21 15:15:08 -08:00
.gitignore
acct.c Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-01-08 12:19:57 -08:00
async.c kernel/async: remove redundant declaration. 2012-01-13 09:32:18 +10:30
audit.c constify path argument of audit_log_d_path() 2012-03-20 21:29:40 -04:00
audit.h audit: remove AUDIT_SETUP_CONTEXT as it isn't used 2012-01-17 16:16:57 -05:00
audit_tree.c VFS: Make clone_mnt()/copy_tree()/collect_mounts() return errors 2015-07-13 11:17:46 -07:00
audit_watch.c
auditfilter.c audit: allow interfield comparison in audit rules 2012-01-17 16:17:01 -05:00
auditsc.c seccomp: remove duplicated failure logging 2014-10-31 19:46:13 -07:00
backtracetest.c
bounds.c
capability.c Revert "capabitlies: ns_capable can use the cap helpers rather than lsm call" 2012-01-17 10:19:41 -08:00
cgroup.c cgroup: remove synchronize_rcu() from cgroup_attach_{task|proc}() 2014-12-01 16:09:15 -08:00
cgroup_freezer.c cgroup: remove cgroup_subsys argument from callbacks 2012-02-02 09:20:22 -08:00
compat.c compat: Fix RT signal mask corruption via sigprocmask 2012-05-10 08:58:33 -07:00
configs.c
cpu.c Move x86_64 idle notifiers to generic 2012-04-09 13:57:52 -07:00
cpu_pm.c
cpuset.c Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-04-02 08:53:24 -07:00
crash_dump.c
cred.c cred: copy_process() should clear child->replacement_session_keyring 2012-04-11 08:20:11 -07:00
delayacct.c
dma.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
elfcore.c
exec_domain.c
exit.c flo: Put device-specific code behind #ifndef CONFIG_UML. 2015-05-20 15:22:06 +09:00
extable.c
fork.c introduce for_each_thread() to replace the buggy while_each_thread() 2014-10-31 19:46:30 -07:00
freezer.c freezer: skip waking up tasks with PF_FREEZER_SKIP set 2013-07-12 14:22:56 -07:00
futex.c futex: Make lookup_pi_state more robust 2014-06-11 15:16:22 -07:00
futex_compat.c futex: Mark get_robust_list as deprecated 2012-03-29 11:37:17 +02:00
groups.c
hrtimer.c nanosleep: use freezable blocking call 2013-07-12 14:22:58 -07:00
hung_task.c hung_task: fix the broken rcu_lock_break() logic 2012-03-05 15:49:42 -08:00
irq_work.c irq_work: fix compile failure on tile from missing include 2012-04-13 13:15:16 -04:00
itimer.c itimer: Use printk_once instead of WARN_ONCE 2012-04-10 11:00:30 +02:00
jump_label.c static keys: Inline the static_key_enabled() function 2012-02-28 20:01:08 +01:00
kallsyms.c vsprintf: Fix %ps on non symbols when using kallsyms 2013-02-08 15:14:22 -08:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage 2012-03-23 13:18:57 +01:00
Kconfig.preempt locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage 2012-03-23 13:18:57 +01:00
kexec.c Merge branch 'akpm' (Andrew's patch-bomb) 2012-03-28 17:19:28 -07:00
kfifo.c
kmod.c PM / Sleep: Mitigate race between the freezer and request_firmware() 2012-03-28 23:30:28 +02:00
kprobes.c kprobes: return proper error code from register_kprobe() 2012-03-05 15:49:42 -08:00
ksysfs.c
kthread.c
latencytop.c
lglock.c brlocks/lglocks: turn into functions 2015-07-13 11:17:40 -07:00
lockdep.c lockdep: remove task argument from debug_check_no_locks_held 2013-07-12 14:22:56 -07:00
lockdep_internals.h
lockdep_proc.c
lockdep_states.h
Makefile brlocks/lglocks: turn into functions 2015-07-13 11:17:40 -07:00
module.c module: Remove module size limit 2012-03-26 12:50:53 +10:30
mutex-debug.c
mutex-debug.h
mutex.c sched/rt: Use schedule_preempt_disabled() 2012-03-01 10:28:03 +01:00
mutex.h
notifier.c
nsproxy.c vfs: Add a user namespace reference from struct mnt_namespace 2015-07-13 11:17:54 -07:00
padata.c padata: Fix cpu hotplug 2012-03-29 19:52:46 +08:00
panic.c panic: resume console if panic after console suspend. 2013-09-09 17:16:14 -07:00
params.c params: <level>_initcall-like kernel parameters 2012-03-26 12:50:51 +10:30
pid.c proc: Usable inode numbers for the namespace file descriptors. 2015-07-13 11:18:01 -07:00
pid_namespace.c proc: Usable inode numbers for the namespace file descriptors. 2015-07-13 11:18:01 -07:00
posix-cpu-timers.c
posix-timers.c
printk.c flo: Put device-specific code behind #ifndef CONFIG_UML. 2015-05-20 15:22:06 +09:00
profile.c
ptrace.c ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL 2013-04-18 16:08:07 -07:00
range.c
rcu.h rcu: Allow nesting of rcu_idle_enter() and rcu_idle_exit() 2012-02-21 09:06:12 -08:00
rcupdate.c rcu: Check for illegal use of RCU from offlined CPUs 2012-02-21 09:06:03 -08:00
rcutiny.c rcu: Add RCU_NONIDLE() for idle-loop RCU read-side critical sections 2012-02-21 09:06:13 -08:00
rcutiny_plugin.h rcu: Simplify unboosting checks 2012-02-21 09:03:43 -08:00
rcutorture.c PTR_ERR should be called before its argument is cleared. 2012-02-21 09:06:10 -08:00
rcutree.c rcu: Fix day-one dyntick-idle stall-warning bug 2013-02-08 15:14:25 -08:00
rcutree.h rcu: Rework detection of use of RCU by offline CPUs 2012-02-21 09:06:07 -08:00
rcutree_plugin.h rcu: Hold off RCU_FAST_NO_HZ after timer posted 2012-02-21 09:42:30 -08:00
rcutree_trace.c rcu: Rework detection of use of RCU by offline CPUs 2012-02-21 09:06:07 -08:00
relay.c relay: prevent integer overflow in relay_open() 2012-02-10 09:04:49 +01:00
res_counter.c net: introduce res_counter_charge_nofail() for socket allocations 2012-01-22 15:08:46 -05:00
resource.c kernel: Restrict permissions of /proc/iomem. 2016-06-03 11:56:04 -07:00
rtmutex-debug.c
rtmutex-debug.h
rtmutex-tester.c
rtmutex.c
rtmutex.h
rtmutex_common.h
rwsem.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
seccomp.c seccomp: Use atomic operations that are present in kernel 3.4. 2014-10-31 19:46:31 -07:00
semaphore.c
signal.c signal, x86: add SIGSYS info and make it synchronous. 2014-10-31 19:46:15 -07:00
smp.c smp: add func to IPI cpus based on parameter func 2012-03-28 17:14:35 -07:00
softirq.c Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-20 10:32:09 -07:00
spinlock.c locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage 2012-03-23 13:18:57 +01:00
srcu.c rcu: Call out dangers of expedited RCU primitives 2012-02-21 09:06:08 -08:00
stacktrace.c
stop_machine.c
sys.c mm: fix prctl_set_vma_anon_name 2015-10-22 18:15:15 -07:00
sys_ni.c seccomp: add "seccomp" syscall 2014-10-31 19:46:27 -07:00
sysctl.c Revert "sched: add sysctl for controlling task migrations on wake" 2013-03-15 17:13:14 -07:00
sysctl_binary.c msm: 8x55: put reason for boot in procfs from SMEM 2013-02-08 15:14:28 -08:00
taskstats.c
test_kprobes.c
time.c time: Remove bogus comments 2012-03-15 18:17:55 -07:00
timeconst.pl
timer.c timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE 2013-06-24 18:55:42 +00:00
tracepoint.c static keys: Introduce 'struct static_key', static_key_true()/false() and static_key_slow_[inc|dec]() 2012-02-24 10:05:59 +01:00
tsacct.c
uid16.c
up.c
user-return-notifier.c
user.c proc: Usable inode numbers for the namespace file descriptors. 2015-07-13 11:18:01 -07:00
user_namespace.c proc: Usable inode numbers for the namespace file descriptors. 2015-07-13 11:18:01 -07:00
utsname.c proc: Usable inode numbers for the namespace file descriptors. 2015-07-13 11:18:01 -07:00
utsname_sysctl.c
wait.c
watchdog.c kernel/watchdog.c: add comment to watchdog() exit path 2012-03-23 16:58:32 -07:00
workqueue.c workqueue: skip nr_running sanity check in worker_enter_idle() if trustee is active 2013-03-04 12:48:24 -08:00
workqueue_sched.h