diff options
| author | Daniel Micay <danielmicay@gmail.com> | 2016-05-31 16:01:08 -0400 |
|---|---|---|
| committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-08-01 16:56:17 -0700 |
| commit | 9bc9c5aa961679cd8110b17556fe925876e83bcb (patch) | |
| tree | 606f123cba8d6bd4982ddedd17a4a1c69765b0cb | |
| parent | 972f86ffcb929592f28947ea207bb70d0f390b37 (diff) | |
| download | android_external_sepolicy-9bc9c5aa961679cd8110b17556fe925876e83bcb.tar.gz android_external_sepolicy-9bc9c5aa961679cd8110b17556fe925876e83bcb.tar.bz2 android_external_sepolicy-9bc9c5aa961679cd8110b17556fe925876e83bcb.zip | |
expose control over unpriv perf access to shell
This allows the shell user to control whether unprivileged access to
perf events is allowed.
To enable unprivileged access to perf:
adb shell setprop security.perf_harden 0
To disable it again:
adb shell setprop security.perf_harden 1
This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.
(Cherry picked from commit 38ac77e4c2b3c3212446de2f5ccc42a4311e65fc)
Ticket: CYNGNOS-3177
Bug: 29054680
Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
(cherry picked from commit 0b7b9c258d9d85c3053b0b64e59775d952b99202)
| -rw-r--r-- | property_contexts | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/property_contexts b/property_contexts index 5bdb3c3..a724516 100644 --- a/property_contexts +++ b/property_contexts @@ -30,6 +30,7 @@ bluetooth. u:object_r:bluetooth_prop:s0 debug. u:object_r:debug_prop:s0 debug.db. u:object_r:debuggerd_prop:s0 log. u:object_r:shell_prop:s0 +security.perf_harden u:object_r:shell_prop:s0 service.adb.root u:object_r:shell_prop:s0 service.adb.tcp.port u:object_r:shell_prop:s0 |