From 55b8dbf42eededd4ebb2ba3e050bce70e2805fda Mon Sep 17 00:00:00 2001 From: Wolfgang Wiedmeyer Date: Thu, 16 Mar 2017 14:53:01 +0100 Subject: config hardening for i9100, i9300, i9305 and n7100 Ensure that heap randomization is enabled all the time. Enable stack-protector mode and seccomp. Signed-off-by: Wolfgang Wiedmeyer --- arch/arm/configs/lineageos_i9100_defconfig | 15 ++++++++++++--- arch/arm/configs/lineageos_i9300_defconfig | 15 ++++++++++++--- arch/arm/configs/lineageos_i9305_defconfig | 15 ++++++++++++--- arch/arm/configs/lineageos_n7100_defconfig | 6 +++--- 4 files changed, 39 insertions(+), 12 deletions(-) diff --git a/arch/arm/configs/lineageos_i9100_defconfig b/arch/arm/configs/lineageos_i9100_defconfig index 9381675508b..754a755d29d 100644 --- a/arch/arm/configs/lineageos_i9100_defconfig +++ b/arch/arm/configs/lineageos_i9100_defconfig @@ -142,7 +142,7 @@ CONFIG_PERF_USE_VMALLOC=y # CONFIG_PERF_COUNTERS is not set CONFIG_VM_EVENT_COUNTERS=y # CONFIG_SLUB_DEBUG is not set -CONFIG_COMPAT_BRK=y +# CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set @@ -685,8 +685,8 @@ CONFIG_CMA_BEST_FIT=y CONFIG_FORCE_MAX_ZONEORDER=12 CONFIG_ALIGNMENT_TRAP=y # CONFIG_UACCESS_WITH_MEMCPY is not set -# CONFIG_SECCOMP is not set -# CONFIG_CC_STACKPROTECTOR is not set +CONFIG_SECCOMP=y +CONFIG_CC_STACKPROTECTOR=y # CONFIG_DEPRECATED_PARAM_STRUCT is not set # CONFIG_ARM_FLUSH_CONSOLE_ON_RESTART is not set @@ -2835,6 +2835,8 @@ CONFIG_SENSORS_K3G=y # CONFIG_SENSORS_YAS532 is not set # CONFIG_SENSORS_YAS_ORI is not set CONFIG_INPUT_YAS_MAGNETOMETER_POSITION=0 +# CONFIG_SENSORS_SSP_ATMEL is not set +# CONFIG_SENSORS_SSP_STM is not set # CONFIG_SENSORS_SYSFS is not set # CONFIG_SENSORS_SSP is not set # CONFIG_SENSORS_SSP_LSM330 is not set @@ -2843,6 +2845,13 @@ CONFIG_INPUT_YAS_MAGNETOMETER_POSITION=0 # CONFIG_SENSORS_SSP_BMP182 is not set # CONFIG_SENSORS_SSP_AT32UC3L0128 is not set # CONFIG_SENSORS_SSP_SENSORHUB is not set +# CONFIG_SENSORS_SSP_MPU6500 is not set +# CONFIG_SENSORS_SSP_YAS532 is not set +# CONFIG_SENSORS_SSP_CM3320 is not set +# CONFIG_SENSORS_SSP_MAX88920 is not set +# CONFIG_SENSORS_SSP_SHTC1 is not set +# CONFIG_SENSORS_SSP_ATUC128L5HAR is not set +# CONFIG_SENSORS_SSP_STM32F401 is not set # CONFIG_PM_DEVFREQ is not set # CONFIG_SAMSUNG_PHONE_SVNET is not set CONFIG_ACCESSORY=y diff --git a/arch/arm/configs/lineageos_i9300_defconfig b/arch/arm/configs/lineageos_i9300_defconfig index 9df5997ee29..17e0033568d 100644 --- a/arch/arm/configs/lineageos_i9300_defconfig +++ b/arch/arm/configs/lineageos_i9300_defconfig @@ -143,7 +143,7 @@ CONFIG_PERF_USE_VMALLOC=y # CONFIG_PERF_COUNTERS is not set CONFIG_VM_EVENT_COUNTERS=y # CONFIG_SLUB_DEBUG is not set -CONFIG_COMPAT_BRK=y +# CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set @@ -701,8 +701,8 @@ CONFIG_CMA_BEST_FIT=y CONFIG_FORCE_MAX_ZONEORDER=12 CONFIG_ALIGNMENT_TRAP=y # CONFIG_UACCESS_WITH_MEMCPY is not set -# CONFIG_SECCOMP is not set -# CONFIG_CC_STACKPROTECTOR is not set +CONFIG_SECCOMP=y +CONFIG_CC_STACKPROTECTOR=y # CONFIG_DEPRECATED_PARAM_STRUCT is not set CONFIG_ARM_FLUSH_CONSOLE_ON_RESTART=y @@ -2988,6 +2988,8 @@ CONFIG_SENSORS_LPS331=y # CONFIG_SENSORS_YAS532 is not set # CONFIG_SENSORS_YAS_ORI is not set CONFIG_INPUT_YAS_MAGNETOMETER_POSITION=0 +# CONFIG_SENSORS_SSP_ATMEL is not set +# CONFIG_SENSORS_SSP_STM is not set # CONFIG_SENSORS_SYSFS is not set # CONFIG_SENSORS_SSP is not set # CONFIG_SENSORS_SSP_LSM330 is not set @@ -2996,6 +2998,13 @@ CONFIG_INPUT_YAS_MAGNETOMETER_POSITION=0 # CONFIG_SENSORS_SSP_BMP182 is not set # CONFIG_SENSORS_SSP_AT32UC3L0128 is not set # CONFIG_SENSORS_SSP_SENSORHUB is not set +# CONFIG_SENSORS_SSP_MPU6500 is not set +# CONFIG_SENSORS_SSP_YAS532 is not set +# CONFIG_SENSORS_SSP_CM3320 is not set +# CONFIG_SENSORS_SSP_MAX88920 is not set +# CONFIG_SENSORS_SSP_SHTC1 is not set +# CONFIG_SENSORS_SSP_ATUC128L5HAR is not set +# CONFIG_SENSORS_SSP_STM32F401 is not set # CONFIG_PM_DEVFREQ is not set # CONFIG_SAMSUNG_PHONE_SVNET is not set # CONFIG_ACCESSORY is not set diff --git a/arch/arm/configs/lineageos_i9305_defconfig b/arch/arm/configs/lineageos_i9305_defconfig index 79a99242245..9501d5d9271 100644 --- a/arch/arm/configs/lineageos_i9305_defconfig +++ b/arch/arm/configs/lineageos_i9305_defconfig @@ -143,7 +143,7 @@ CONFIG_PERF_EVENTS=y # CONFIG_DEBUG_PERF_USE_VMALLOC is not set CONFIG_VM_EVENT_COUNTERS=y # CONFIG_SLUB_DEBUG is not set -CONFIG_COMPAT_BRK=y +# CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set @@ -680,8 +680,8 @@ CONFIG_CMA_BEST_FIT=y CONFIG_FORCE_MAX_ZONEORDER=12 CONFIG_ALIGNMENT_TRAP=y # CONFIG_UACCESS_WITH_MEMCPY is not set -# CONFIG_SECCOMP is not set -# CONFIG_CC_STACKPROTECTOR is not set +CONFIG_SECCOMP=y +CONFIG_CC_STACKPROTECTOR=y # CONFIG_DEPRECATED_PARAM_STRUCT is not set CONFIG_ARM_FLUSH_CONSOLE_ON_RESTART=y @@ -2954,6 +2954,8 @@ CONFIG_SENSORS_LPS331=y # CONFIG_SENSORS_YAS532 is not set # CONFIG_SENSORS_YAS_ORI is not set CONFIG_INPUT_YAS_MAGNETOMETER_POSITION=0 +# CONFIG_SENSORS_SSP_ATMEL is not set +# CONFIG_SENSORS_SSP_STM is not set # CONFIG_SENSORS_SYSFS is not set # CONFIG_SENSORS_SSP is not set # CONFIG_SENSORS_SSP_LSM330 is not set @@ -2962,6 +2964,13 @@ CONFIG_INPUT_YAS_MAGNETOMETER_POSITION=0 # CONFIG_SENSORS_SSP_BMP182 is not set # CONFIG_SENSORS_SSP_AT32UC3L0128 is not set # CONFIG_SENSORS_SSP_SENSORHUB is not set +# CONFIG_SENSORS_SSP_MPU6500 is not set +# CONFIG_SENSORS_SSP_YAS532 is not set +# CONFIG_SENSORS_SSP_CM3320 is not set +# CONFIG_SENSORS_SSP_MAX88920 is not set +# CONFIG_SENSORS_SSP_SHTC1 is not set +# CONFIG_SENSORS_SSP_ATUC128L5HAR is not set +# CONFIG_SENSORS_SSP_STM32F401 is not set # CONFIG_PM_DEVFREQ is not set # CONFIG_SAMSUNG_PHONE_SVNET is not set # CONFIG_ACCESSORY is not set diff --git a/arch/arm/configs/lineageos_n7100_defconfig b/arch/arm/configs/lineageos_n7100_defconfig index 0f6b1315765..babb1090e05 100644 --- a/arch/arm/configs/lineageos_n7100_defconfig +++ b/arch/arm/configs/lineageos_n7100_defconfig @@ -140,7 +140,7 @@ CONFIG_PERF_USE_VMALLOC=y # CONFIG_PERF_COUNTERS is not set CONFIG_VM_EVENT_COUNTERS=y # CONFIG_SLUB_DEBUG is not set -CONFIG_COMPAT_BRK=y +# CONFIG_COMPAT_BRK is not set # CONFIG_SLAB is not set CONFIG_SLUB=y # CONFIG_SLOB is not set @@ -717,8 +717,8 @@ CONFIG_CMA_BEST_FIT=y CONFIG_FORCE_MAX_ZONEORDER=12 CONFIG_ALIGNMENT_TRAP=y # CONFIG_UACCESS_WITH_MEMCPY is not set -# CONFIG_SECCOMP is not set -# CONFIG_CC_STACKPROTECTOR is not set +CONFIG_SECCOMP=y +CONFIG_CC_STACKPROTECTOR=y # CONFIG_DEPRECATED_PARAM_STRUCT is not set CONFIG_ARM_FLUSH_CONSOLE_ON_RESTART=y -- cgit v1.2.3