[PATCH 1/3] config: android: move device mapper options to recommended

[PATCH 1/3] config: android: move device mapper options to recommended

[Rob Herring]

CONFIG_MD is in recommended, but other dependent options like DM_CRYPT
and DM_VERITY options are in base. The result is the options in base don't
get enabled when applying both base and recommended fragments. Move all
the options to recommended.

Signed-off-by: Rob Herring <robh@kernel.org>
---
 kernel/configs/android-base.config        | 4 ----
 kernel/configs/android-recommended.config | 4 ++++
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 9f748ed..19eb7ac 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -11,7 +11,6 @@ CONFIG_ANDROID_LOW_MEMORY_KILLER=y
 CONFIG_ARMV8_DEPRECATED=y
 CONFIG_ASHMEM=y
 CONFIG_AUDIT=y
-CONFIG_BLK_DEV_DM=y
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_CGROUPS=y
 CONFIG_CGROUP_CPUACCT=y
@@ -19,9 +18,6 @@ CONFIG_CGROUP_DEBUG=y
 CONFIG_CGROUP_FREEZER=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CP15_BARRIER_EMULATION=y
-CONFIG_DM_CRYPT=y
-CONFIG_DM_VERITY=y
-CONFIG_DM_VERITY_FEC=y
 CONFIG_EMBEDDED=y
 CONFIG_FB=y
 CONFIG_HIGH_RES_TIMERS=y
diff --git a/kernel/configs/android-recommended.config b/kernel/configs/android-recommended.config
index e3b953e..297756b 100644
--- a/kernel/configs/android-recommended.config
+++ b/kernel/configs/android-recommended.config
@@ -6,12 +6,16 @@
 # CONFIG_PM_WAKELOCKS_GC is not set
 # CONFIG_VT is not set
 CONFIG_BACKLIGHT_LCD_SUPPORT=y
+CONFIG_BLK_DEV_DM=y
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_DEV_RAM=y
 CONFIG_BLK_DEV_RAM_SIZE=8192
 CONFIG_COMPACTION=y
 CONFIG_DEBUG_RODATA=y
+CONFIG_DM_CRYPT=y
 CONFIG_DM_UEVENT=y
+CONFIG_DM_VERITY=y
+CONFIG_DM_VERITY_FEC=y
 CONFIG_DRAGONRISE_FF=y
 CONFIG_ENABLE_DEFAULT_TRACERS=y
 CONFIG_EXT4_FS=y
-- 
2.9.3

[PATCH 2/3] config: android: set SELinux as default security mode

[Rob Herring]

Android won't boot without SELinux enabled, so make it the default.

Signed-off-by: Rob Herring <robh@kernel.org>
---
 kernel/configs/android-base.config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 19eb7ac..859fa27 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -18,6 +18,7 @@ CONFIG_CGROUP_DEBUG=y
 CONFIG_CGROUP_FREEZER=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_CP15_BARRIER_EMULATION=y
+CONFIG_DEFAULT_SECURITY_SELINUX=y
 CONFIG_EMBEDDED=y
 CONFIG_FB=y
 CONFIG_HIGH_RES_TIMERS=y
-- 
2.9.3

[PATCH 3/3] config: android: enable CONFIG_SECCOMP

[Rob Herring]

As of Android N, SECCOMP is required. Without it, we will get
mediaextractor error:

E /system/bin/mediaextractor: libminijail: prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER): Invalid argument

Signed-off-by: Rob Herring <robh@kernel.org>
---
 kernel/configs/android-base.config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/configs/android-base.config b/kernel/configs/android-base.config
index 859fa27..980e72d 100644
--- a/kernel/configs/android-base.config
+++ b/kernel/configs/android-base.config
@@ -132,6 +132,7 @@ CONFIG_PREEMPT=y
 CONFIG_QUOTA=y
 CONFIG_RTC_CLASS=y
 CONFIG_RT_GROUP_SCHED=y
+CONFIG_SECCOMP=y
 CONFIG_SECURITY=y
 CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_SELINUX=y
-- 
2.9.3

Re: [PATCH 1/3] config: android: move device mapper options to recommended

[John Stultz]

On Thu, Sep 8, 2016 at 11:59 AM, Rob Herring <robh@kernel.org> wrote:
> CONFIG_MD is in recommended, but other dependent options like DM_CRYPT
> and DM_VERITY options are in base. The result is the options in base don't
> get enabled when applying both base and recommended fragments. Move all
> the options to recommended.
>
> Signed-off-by: Rob Herring <robh@kernel.org>

Acked-by: John Stultz <john.stultz@linaro.org>

thanks
-john

Re: [PATCH 2/3] config: android: set SELinux as default security mode

[John Stultz]

On Thu, Sep 8, 2016 at 11:59 AM, Rob Herring <robh@kernel.org> wrote:
> Android won't boot without SELinux enabled, so make it the default.
>
> Signed-off-by: Rob Herring <robh@kernel.org>

Acked-by: John Stultz <john.stultz@linaro.org>

thanks
-john

Re: [PATCH 3/3] config: android: enable CONFIG_SECCOMP

[John Stultz]

On Thu, Sep 8, 2016 at 11:59 AM, Rob Herring <robh@kernel.org> wrote:
> As of Android N, SECCOMP is required. Without it, we will get
> mediaextractor error:
>
> E /system/bin/mediaextractor: libminijail: prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER): Invalid argument
>
> Signed-off-by: Rob Herring <robh@kernel.org>

Acked-by: John Stultz <john.stultz@linaro.org>

thanks
-john