expose control over unpriv perf access to shellandroid-6.0.1_r68 android-6.0.1_r67 android-6.0.1_r62 marshmallow-dr1.6-release

This allows the shell user to control whether unprivileged access to perf events is allowed. To enable unprivileged access to perf: adb shell setprop security.perf_harden 0 To disable it again: adb shell setprop security.perf_harden 1 This allows Android to disable this kernel attack surface by default, while still allowing profiling tools to work automatically. It can also be manually toggled, but most developers won't ever need to do that if tools end up incorporating this. (Cherry picked from commit 38ac77e4c2b3c3212446de2f5ccc42a4311e65fc) Bug: 29054680 Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
author: Daniel Micay <danielmicay@gmail.com> 2016-05-31 16:01:08 -0400
committer: The Android Automerger <android-build@google.com> 2016-06-23 15:48:03 -0700
commit: 5fff25ecbec4b0b721bc474ab2c2c2f1dbabff36 (patch)
tree: 4341fd9f104cf078ee8a0698ae14c8dc48b1ec0e
parent: c2d061235cdd4818f57eb7acba4724496810222f (diff)
download: sepolicy-marshmallow-dr1.6-release.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/property_contexts b/property_contexts
index 5bdb3c3..a724516 100644
--- a/property_contexts
+++ b/property_contexts
@@ -30,6 +30,7 @@ bluetooth.              u:object_r:bluetooth_prop:s0
 debug.                  u:object_r:debug_prop:s0
 debug.db.               u:object_r:debuggerd_prop:s0
 log.                    u:object_r:shell_prop:s0
+security.perf_harden    u:object_r:shell_prop:s0
 service.adb.root        u:object_r:shell_prop:s0
 service.adb.tcp.port    u:object_r:shell_prop:s0
author	Daniel Micay <danielmicay@gmail.com>	2016-05-31 16:01:08 -0400
committer	The Android Automerger <android-build@google.com>	2016-06-23 15:48:03 -0700
commit	5fff25ecbec4b0b721bc474ab2c2c2f1dbabff36 (patch)
tree	4341fd9f104cf078ee8a0698ae14c8dc48b1ec0e
parent	c2d061235cdd4818f57eb7acba4724496810222f (diff)
download	sepolicy-marshmallow-dr1.6-release.tar.gz