Commits
Jeff Vander Stoep committed 5dbd8df7b35
ANDROID: security,perf: Allow further restriction of perf_event_open When kernel.perf_event_open is set to 3 (or greater), disallow all access to performance events by users without CAP_SYS_ADMIN. Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that makes this value the default. This is based on a similar feature in grsecurity (CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making the variable read-only. It also allows enabling further restriction at run-time regardless of whether the default is changed. https://lkml.org/lkml/2016/1/11/587 Bug: 29054680 Bug: 120445712 Change-Id: Iff5bff4fc1042e85866df9faa01bce8d04335ab8 [jeffv: Upstream doesn't want it https://lkml.org/lkml/2016/6/17/101] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>