* [PATCH 1/3] config: android: move device mapper options to recommended
@ 2016-09-08 18:59 Rob Herring
2016-09-08 18:59 ` [PATCH 2/3] config: android: set SELinux as default security mode Rob Herring
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Rob Herring @ 2016-09-08 18:59 UTC (permalink / raw)
To: Andrew Morton
Cc: Amit Pundir, John Stultz, Dmitry Shmidt, linux-kernel, linux-arm-kernel
CONFIG_MD is in recommended, but other dependent options like DM_CRYPT
and DM_VERITY options are in base. The result is the options in base don't
get enabled when applying both base and recommended fragments. Move all
the options to recommended.
Signed-off-by: Rob Herring <robh@kernel.org>
---
kernel/configs/android-base.config | 4 ----
kernel/configs/android-recommended.config | 4 ++++
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 9f748ed..19eb7ac 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -11,7 +11,6 @@ CONFIG_ANDROID_LOW_MEMORY_KILLER=y
CONFIG_ARMV8_DEPRECATED=y
CONFIG_ASHMEM=y
CONFIG_AUDIT=y
-CONFIG_BLK_DEV_DM=y
CONFIG_BLK_DEV_INITRD=y
CONFIG_CGROUPS=y
CONFIG_CGROUP_CPUACCT=y
@@ -19,9 +18,6 @@ CONFIG_CGROUP_DEBUG=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_SCHED=y
CONFIG_CP15_BARRIER_EMULATION=y
-CONFIG_DM_CRYPT=y
-CONFIG_DM_VERITY=y
-CONFIG_DM_VERITY_FEC=y
CONFIG_EMBEDDED=y
CONFIG_FB=y
CONFIG_HIGH_RES_TIMERS=y
diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index e3b953e..297756b 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -6,12 +6,16 @@
# CONFIG_PM_WAKELOCKS_GC is not set
# CONFIG_VT is not set
CONFIG_BACKLIGHT_LCD_SUPPORT=y
+CONFIG_BLK_DEV_DM=y
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=8192
CONFIG_COMPACTION=y
CONFIG_DEBUG_RODATA=y
+CONFIG_DM_CRYPT=y
CONFIG_DM_UEVENT=y
+CONFIG_DM_VERITY=y
+CONFIG_DM_VERITY_FEC=y
CONFIG_DRAGONRISE_FF=y
CONFIG_ENABLE_DEFAULT_TRACERS=y
CONFIG_EXT4_FS=y
--
2.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/3] config: android: set SELinux as default security mode
2016-09-08 18:59 [PATCH 1/3] config: android: move device mapper options to recommended Rob Herring
@ 2016-09-08 18:59 ` Rob Herring
2016-09-08 19:04 ` John Stultz
2016-09-08 18:59 ` [PATCH 3/3] config: android: enable CONFIG_SECCOMP Rob Herring
2016-09-08 19:04 ` [PATCH 1/3] config: android: move device mapper options to recommended John Stultz
2 siblings, 1 reply; 6+ messages in thread
From: Rob Herring @ 2016-09-08 18:59 UTC (permalink / raw)
To: Andrew Morton
Cc: Amit Pundir, John Stultz, Dmitry Shmidt, linux-kernel, linux-arm-kernel
Android won't boot without SELinux enabled, so make it the default.
Signed-off-by: Rob Herring <robh@kernel.org>
---
kernel/configs/android-base.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 19eb7ac..859fa27 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -18,6 +18,7 @@ CONFIG_CGROUP_DEBUG=y
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_SCHED=y
CONFIG_CP15_BARRIER_EMULATION=y
+CONFIG_DEFAULT_SECURITY_SELINUX=y
CONFIG_EMBEDDED=y
CONFIG_FB=y
CONFIG_HIGH_RES_TIMERS=y
--
2.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/3] config: android: enable CONFIG_SECCOMP
2016-09-08 18:59 [PATCH 1/3] config: android: move device mapper options to recommended Rob Herring
2016-09-08 18:59 ` [PATCH 2/3] config: android: set SELinux as default security mode Rob Herring
@ 2016-09-08 18:59 ` Rob Herring
2016-09-08 19:04 ` John Stultz
2016-09-08 19:04 ` [PATCH 1/3] config: android: move device mapper options to recommended John Stultz
2 siblings, 1 reply; 6+ messages in thread
From: Rob Herring @ 2016-09-08 18:59 UTC (permalink / raw)
To: Andrew Morton
Cc: Amit Pundir, John Stultz, Dmitry Shmidt, linux-kernel, linux-arm-kernel
As of Android N, SECCOMP is required. Without it, we will get
mediaextractor error:
E /system/bin/mediaextractor: libminijail: prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER): Invalid argument
Signed-off-by: Rob Herring <robh@kernel.org>
---
kernel/configs/android-base.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 859fa27..980e72d 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -132,6 +132,7 @@ CONFIG_PREEMPT=y
CONFIG_QUOTA=y
CONFIG_RTC_CLASS=y
CONFIG_RT_GROUP_SCHED=y
+CONFIG_SECCOMP=y
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_SELINUX=y
--
2.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/3] config: android: move device mapper options to recommended
2016-09-08 18:59 [PATCH 1/3] config: android: move device mapper options to recommended Rob Herring
2016-09-08 18:59 ` [PATCH 2/3] config: android: set SELinux as default security mode Rob Herring
2016-09-08 18:59 ` [PATCH 3/3] config: android: enable CONFIG_SECCOMP Rob Herring
@ 2016-09-08 19:04 ` John Stultz
2 siblings, 0 replies; 6+ messages in thread
From: John Stultz @ 2016-09-08 19:04 UTC (permalink / raw)
To: Rob Herring
Cc: Andrew Morton, Amit Pundir, Dmitry Shmidt, lkml, linux-arm-kernel
On Thu, Sep 8, 2016 at 11:59 AM, Rob Herring <robh@kernel.org> wrote:
> CONFIG_MD is in recommended, but other dependent options like DM_CRYPT
> and DM_VERITY options are in base. The result is the options in base don't
> get enabled when applying both base and recommended fragments. Move all
> the options to recommended.
>
> Signed-off-by: Rob Herring <robh@kernel.org>
Acked-by: John Stultz <john.stultz@linaro.org>
thanks
-john
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/3] config: android: set SELinux as default security mode
2016-09-08 18:59 ` [PATCH 2/3] config: android: set SELinux as default security mode Rob Herring
@ 2016-09-08 19:04 ` John Stultz
0 siblings, 0 replies; 6+ messages in thread
From: John Stultz @ 2016-09-08 19:04 UTC (permalink / raw)
To: Rob Herring
Cc: Andrew Morton, Amit Pundir, Dmitry Shmidt, lkml, linux-arm-kernel
On Thu, Sep 8, 2016 at 11:59 AM, Rob Herring <robh@kernel.org> wrote:
> Android won't boot without SELinux enabled, so make it the default.
>
> Signed-off-by: Rob Herring <robh@kernel.org>
Acked-by: John Stultz <john.stultz@linaro.org>
thanks
-john
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 3/3] config: android: enable CONFIG_SECCOMP
2016-09-08 18:59 ` [PATCH 3/3] config: android: enable CONFIG_SECCOMP Rob Herring
@ 2016-09-08 19:04 ` John Stultz
0 siblings, 0 replies; 6+ messages in thread
From: John Stultz @ 2016-09-08 19:04 UTC (permalink / raw)
To: Rob Herring
Cc: Andrew Morton, Amit Pundir, Dmitry Shmidt, lkml, linux-arm-kernel
On Thu, Sep 8, 2016 at 11:59 AM, Rob Herring <robh@kernel.org> wrote:
> As of Android N, SECCOMP is required. Without it, we will get
> mediaextractor error:
>
> E /system/bin/mediaextractor: libminijail: prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER): Invalid argument
>
> Signed-off-by: Rob Herring <robh@kernel.org>
Acked-by: John Stultz <john.stultz@linaro.org>
thanks
-john
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-09-08 19:04 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-08 18:59 [PATCH 1/3] config: android: move device mapper options to recommended Rob Herring
2016-09-08 18:59 ` [PATCH 2/3] config: android: set SELinux as default security mode Rob Herring
2016-09-08 19:04 ` John Stultz
2016-09-08 18:59 ` [PATCH 3/3] config: android: enable CONFIG_SECCOMP Rob Herring
2016-09-08 19:04 ` John Stultz
2016-09-08 19:04 ` [PATCH 1/3] config: android: move device mapper options to recommended John Stultz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).