diff options
| author | Daniel Micay <danielmicay@gmail.com> | 2016-05-31 16:01:08 -0400 |
|---|---|---|
| committer | The Android Automerger <android-build@google.com> | 2016-06-23 15:05:11 -0700 |
| commit | f2b123a5a31ac9ee7abfe1ebb4fffe1c846120bc (patch) | |
| tree | 2c2fd215e6b0c33d0b5994372cb08eeae468b744 | |
| parent | abf0663ed884af7bc880a05e9529e6671eb58f39 (diff) | |
| download | android_external_sepolicy-f2b123a5a31ac9ee7abfe1ebb4fffe1c846120bc.tar.gz android_external_sepolicy-f2b123a5a31ac9ee7abfe1ebb4fffe1c846120bc.tar.bz2 android_external_sepolicy-f2b123a5a31ac9ee7abfe1ebb4fffe1c846120bc.zip | |
expose control over unpriv perf access to shell
This allows the shell user to control whether unprivileged access to
perf events is allowed.
To enable unprivileged access to perf:
adb shell setprop security.perf_harden 0
To disable it again:
adb shell setprop security.perf_harden 1
This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.
(Cherry picked from commit 38ac77e4c2b3c3212446de2f5ccc42a4311e65fc)
Bug: 29054680
Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
| -rw-r--r-- | property_contexts | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/property_contexts b/property_contexts index 5bdb3c3..a724516 100644 --- a/property_contexts +++ b/property_contexts @@ -30,6 +30,7 @@ bluetooth. u:object_r:bluetooth_prop:s0 debug. u:object_r:debug_prop:s0 debug.db. u:object_r:debuggerd_prop:s0 log. u:object_r:shell_prop:s0 +security.perf_harden u:object_r:shell_prop:s0 service.adb.root u:object_r:shell_prop:s0 service.adb.tcp.port u:object_r:shell_prop:s0 |