The aio interface adds substantial attack surface for a feature that's
not being exposed by Android at all. It's unlikely that anyone is using
the kernel feature directly either. This feature is rarely used even on
servers. The glibc POSIX aio calls really use thread pools. The lack of
widespread usage also means this is relatively poorly audited/tested.
The kernel's aio rarely provides performance benefits over using a
thread pool and is quite incomplete in terms of system call coverage
along with having edge cases where blocking can occur. Part of the
performance issue is the fact that it only supports direct io, not
buffered io. The existing API is considered fundamentally flawed
and it's unlikely it will be expanded, but rather replaced:
https://marc.info/?l=linux-aio&m=145255815216051&w=2
Since ext4 encryption means no direct io support, kernel aio isn't even
going to work properly on Android devices using file-based encryption.
Change-Id: Iccc7cab4437791240817e6275a23e1d3f4a47f2d
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
Don't need to set SECCOMP_FILTER explicitly since CONFIG_SECCOMP=y will
select that config anyway.
Fixes: a49dcf2e74 ("ANDROID: base-cfg: enable SECCOMP config")
Change-Id: Iff18ed4d2db5a55b9f9480d5ecbeef7b818b3837
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Enable following seccomp configs
CONFIG_SECCOMP=y
CONFIG_SECCOMP_FILTER=y
Otherwise we will get mediacode error like this on Android N:
E /system/bin/mediaextractor: libminijail: prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER): Invalid argument
Change-Id: I2477b6a2cfdded5c0ebf6ffbb6150b0e5fe2ba12
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
New driver memory_state_time tracks time spent in different DDR
frequency and bandwidth states.
Memory drivers such as qcom,cpubw can post updated state to the driver
after registering a callback. Processed by a workqueue
Bandwidth buckets are read in from device tree in the relevant qualcomm
section, can be defined in any quantity and spacing.
The data is exposed at /sys/kernel/memory_state_time, able to be read by
the Android framework.
Functionality is behind a config option CONFIG_MEMORY_STATE_TIME
Change-Id: I4fee165571cb975fb9eacbc9aada5e6d7dd748f0
Signed-off-by: James Carr <carrja@google.com>
If compiler has stack protector support, set
CONFIG_CC_STACKPROTECTOR_STRONG.
Bug: 28967314
Change-Id: I588c2d544250e9e4b5082b43c237b8f85b7313ca
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Enabled UID_CPUTIME and dependent PROFILING config option.
UID_CPUTIME (/proc/uid_cputime) interfaces provide amount of time a
UID's processes spent executing in user-space and kernel-space. It is
used by batterystats service.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Remove following configs which no longer exist:
CONFIG_IP6_NF_TARGET_REJECT_SKERR
CONFIG_IP_NF_TARGET_REJECT_SKERR
CONFIG_RESOURCE_COUNTERS
CONFIG_TABLET_USB_WACOM
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Add:
CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
to android-base.cfg
The kernel.perf_event_paranoid sysctl is set to 3 by default.
No unprivileged use of the perf_event_open syscall will be
permitted unless it is changed.
Bug: 29054680
Change-Id: Ie7512259150e146d8e382dc64d40e8faaa438917
IP_NF_TARGET_{MASQUERADE,NETMAP,REDIRECT} configs,
already enabled in android-base.cfg for tethering,
are of no use if CONFIG_IP_NF_NAT is not enabled.
Don't rely on platform config for that and enable
CONFIG_IP_NF_NAT in android-base.cfg as well.
Change-Id: Ic72bcebbd925b142b09539466bf963188c83108a
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Android SELinux policies block SysV IPC. New kernels should not be
built with it.
Bug: 22300191
Change-Id: Ia4bcb179ff71825cab19eed603d4064a8d061a93
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Now that Android is moving towards ConfigFS based USB gadgets,
lets enable USB_CONFIGFS and relevant Android gadget functions
instead of obsolete USB_G_ANDROID composite driver which doesn't
exist now.
Enabled following ConfigFS gadget functions:
F_FS for ADB
F_MTP/PTP for MTP/PTP
F_ACC for Android USB Accessory
F_AUDIO_SRC for USB Audio Source
F_MIDI for MIDI, and
CONFIGFS_UEVENT for communicating USB state change notifications to userspace.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
android-base.cfg already enables several IPV6 sub-options, but not the
main IPV6 option. Without this, build errors such has this:
net/netfilter/xt_qtaguid.c:1591: undefined reference to `xt_socket_get6_sk'
occur if the starting defconfig hasn't already enabled IVP6,
Change-Id: I265089a2eec1ef8938e0a6fb95e1aacd16d99281
Cc: John Stultz <john.stultz@linaro.org>
Signed-off-by: Kevin Hilman <khilman@linaro.org>
ARMV8_DEPRECATED replaces the now-reverted ARMV7_COMPAT in the upstream
kernel
Change-Id: I5d5cee4e11c01d717692198fa070826930847703
Signed-off-by: Greg Hackmann <ghackmann@google.com>
The Logitech unifying driver depends on hidraw being available.
Recommending one without the other will cause the Logitech driver to
silently fail when connecting Logitech devices.
Change-Id: I92ed2b6803537d9da6eed7fcada8f329cb4469a2
Signed-off-by: Michael Wright <michaelwr@google.com>
TCPMSS is required for the Android Vpn service to correctly
handle the MTU on tun/ppp devices. Bug: 11579326
We don't really need SCHED_TRACER and the TIMER_STATS.
Change-Id: I10c5767a6324a496713752d4fe9eff361dc8e06a
(cherry picked from commit 23f01e8e81f3c53985958fa291b39c84293ad047)
We don't like CONFIG_MODULES anymore.
Connection tracker handling of large SIP fails.
Change-Id: Ie3c65aefcc6181752d6656c97e63035e5b5653ff
Signed-off-by: JP Abgrall <jpa@google.com>
Because there is not tool to consistently generate these config
fragments, lets keep the alphabetical instead of random.
Change-Id: I0f098f6be6bdd272544295a3d5a48d04411e4514
Signed-off-by: JP Abgrall <jpa@google.com>
This will be a noop unless the KSM thread is enabled by userspace
Change-Id: Ia5fde14504cc0da50522e2f875d8d021f9e054ba
Signed-off-by: Rom Lemarchand <romlem@google.com>
- Add 2 files that contain the minimal and recommended kernel config
options respectively.
- Add a README to explain their purpose and how to use them to
generate a device config compatible with Android.
Change-Id: I3a4883f3b04d2820e90ceb3c4d02390d6458d6ce
Signed-off-by: Rom Lemarchand <romlem@google.com>
