diff mbox

[2/2] config: android-base: enable hardened usercopy and kernel ASLR

Message ID 1481113148-29204-2-git-send-email-amit.pundir@linaro.org
State New
Headers show

Commit Message

Amit Pundir Dec. 7, 2016, 12:19 p.m. UTC 
Enable CONFIG_HARDENED_USERCOPY and CONFIG_RANDOMIZE_BASE in Android
base config fragment.

Reviewed-at: https://android-review.googlesource.com/#/c/283659/
Reviewed-at: https://android-review.googlesource.com/#/c/278133/

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

---
 kernel/configs/android-base.config | 2 ++
 1 file changed, 2 insertions(+)

-- 
2.7.4

Comments

Rob Herring Dec. 8, 2016, 3:38 p.m. UTC | #1 
On Wed, Dec 7, 2016 at 6:19 AM, Amit Pundir <amit.pundir@linaro.org> wrote:
> Enable CONFIG_HARDENED_USERCOPY and CONFIG_RANDOMIZE_BASE in Android

> base config fragment.


It would be good to note here if options are things Android wants
(i.e. will work without) or requires to function. These seem pretty
obvious to be the former.

Acked-by: Rob Herring <robh@kernel.org>


Rob
diff mbox

Patch

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 1a8f34f..26a06e0 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -21,6 +21,7 @@  CONFIG_CP15_BARRIER_EMULATION=y
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 CONFIG_EMBEDDED=y
 CONFIG_FB=y
+CONFIG_HARDENED_USERCOPY=y
 CONFIG_HIGH_RES_TIMERS=y
 CONFIG_INET6_AH=y
 CONFIG_INET6_ESP=y
@@ -129,6 +130,7 @@  CONFIG_PPP_DEFLATE=y
 CONFIG_PPP_MPPE=y
 CONFIG_PREEMPT=y
 CONFIG_QUOTA=y
+CONFIG_RANDOMIZE_BASE=y
 CONFIG_RTC_CLASS=y
 CONFIG_RT_GROUP_SCHED=y
 CONFIG_SECCOMP=y