5a63f7f513
* origin/q: qcacmn: Fix suspicious string concatenation warning in fwlog qcacld-3.0: Fix regulatory domain country names selinux: randomize layout of key structures selinux: remove set but not used variable 'sidtab' selinux: ensure the policy has been loaded before reading the sidtab stats selinux: fix sidtab string cache locking BACKPORT: selinux: cache the SID -> context string translation rcu: Make kfree_rcu() ignore NULL pointers selinux: remove useless assignments selinux: log invalid contexts in AVCs BACKPORT: selinux: convert to kvmalloc mm: Introduce kvcalloc() msm: camera: reqmgr: Stop slot reset on buf done msm: mhi_dev: Fix memory leak msm: camera: csiphy: Update phy settings for atoll msm: camera: core: Change return type msm: camera: reqmgr: Skip apply for initial sync req on slave link msm: camera: reqmgr: increase the rd idx if no lower pd device msm: camera: reqmgr: reset slots after deactivating session jpeg: Add DMA driver implementation ARM: dts: msm: Include qcs610 changes for qcs410 also BACKPORT: loop: Fix wrong masking of status flags BACKPORT: loop: Add LOOP_CONFIGURE ioctl BACKPORT: loop: Clean up LOOP_SET_STATUS lo_flags handling BACKPORT: loop: Rework lo_ioctl() __user argument casting BACKPORT: loop: Move loop_set_status_from_info() and friends up BACKPORT: loop: Factor out configuring loop from status BACKPORT: loop: Remove figure_loop_size() BACKPORT: loop: Refactor loop_set_status() size calculation BACKPORT: loop: Factor out setting loop device size BACKPORT: loop: Remove sector_t truncation checks BACKPORT: loop: Call loop_config_discard() only after new config is applied qcacld-3.0: Flush pmksa cache for SAP when SAP stop Linux 4.14.193 ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() ext4: fix direct I/O read error random32: move the pseudo-random 32-bit definitions to prandom.h random32: remove net_rand_state from the latent entropy gcc plugin random: fix circular include dependency on arm64 after addition of percpu.h ARM: percpu.h: fix build error random32: update the net random state on interrupt and activity Revert "scsi: libsas: direct call probe and destruct" Revert "clk: qcom: rcg2: Don't crash if our parent can't be found; return an error" Reverting crypto patches msm: ipa3: put ecm default as vlan in auto config ARM: dts: sa2150p: delete wlan related nodes for sa2150p target ARM: dts: sa2150p: override certain memory regions for sa2150p-nand serial: msm_geni_serial: Fix DMA RX FSM reset sequence defconfig: Disable the arm cpuidle support for sdm429 defconfig: msm: Add config fragment for DEBUG_FS disablement scripts: Consider env variables while running 'make' Documentation: devicetree: net: Add EMAC configuration options drivers: thermal: call TSENS re-init only when register is ready to update drivers: cpuidle: lpm-levels: check for valid LPM stats msm: camera: cci: Fix incorrect use of cci config ioctl power: smb1390: Fix taper condition for VPH configuration msm: ipa3: Fix to unmap sgt pages with correct size ARM: dts: sa515m: enable ssr and wake up sideband support ARM: dts: sa515m: correct sideband wakeup gpio numbers uapi: sound: add TTP pass through run mode command ARM: dts: msm: enable fuel gauge driver ARM: dts: msm: Enable default thermal zones and cooling devices for sdm429 defconfig: sa2150p: Remove unwanted debug configs ARM: dts: msm: Add correct board name for SDX55 MTP Telematics AU DSDA ARM: dts: msm: Add virtual display connector for sa8155 ARM: dts: msm: Add virtual display connector for sa6155 ARM: dts: msm: Enable slimbus slave for SDMw429 usb: gadget: f_ipc: Wait for req completion only when suspended Revert "ARM: dts: msm: add display related dt nodes on QCS410 device" clk: qcom: npucc: Update NPU Q6 frequency for ATOLL Revert "drm/msm/sde: use atomic counter for pending frame done" Revert "drm/msm/sde: support posted frame trigger for cmd mode" Revert "drm/msm/sde: delay reset frame by a frame for posted trigger" Revert "drm/msm/sde: add connector property for frame trigger mode" ARM: dts: msm: Configure "qcom,sync-dly" to 800us for SDM660 backlight: qcom-wled: Add "qcom,sync-dly" device tree property Revert "drm/msm/sde: avoid frame done event during autorefresh" Revert "drm/msm/sde: trigger frame done if ctl is idle" Revert "disp: msm: sde: use wr_ptr interrupt instead of ctl_start" Revert "disp: msm: sde: reset ctl during wr_ptr_irq timeout" Revert "disp: msm: sde: fix release fence signaling in error cases" Revert "disp: msm: sde: wait for specific pp_done instead of zero" Revert "disp: msm: sde: fix handling the missing pp-done interrupt cases" Revert "disp: msm: sde: avoid encoder power-collapse with pending frames" Revert "disp: msm: sde: handle another case for lost pp-done interrupt" Revert "disp: msm: sde: signal retire fence in wr_ptr timeout" Revert "disp: msm: sde: avoid multiple frame-done encoder events" Revert "drm/msm/dsi-staging: update dsi clock calculations" Revert "drm/msm/dsi-staging: update frame transfer time calculations" Revert "disp: msm: dsi: update dsi pclk in panel mode settings" Revert "dt-bindings: Add frame threshold property for dsi controller" Revert "ARM: dts: msm: update frame threshold time for atoll" Revert "drm/msm/sde: initialize sde_encoder_wait_info before usage" Revert "drm/msm/sde: avoid frame_done event trigger for idle scenario" Revert "drm/msm/sde: trigger single frame_done evt for vid encoder" coresight: cti: Add sys interface to show max trigger number ARM: dts: msm: Add memshare for sdm429 rpmsg: qcom_glink_bgcom: Clean up the channels after SSR defconfig: Enable FS related configs defconfig: Disable CRYPTO_MD4 config defconfig: For support api_30 kernel changes ARM: dts: qcom: add video device tree entry for sdm429w msm: mhi_dev: allocate high priority Workqueue for mhi_sm_wq drivers: soc: rename block device nodes clk: qcom: mdss: Add check to read the gdsc status drm/msm/sde: trigger single frame_done evt for vid encoder drm/msm/sde: avoid frame_done event trigger for idle scenario drm/msm/sde: initialize sde_encoder_wait_info before usage Reverting incremental fs changes ARM: dts: qcom: Add system secure ion heap for Quin GVM drm/msm/dsi-staging: fix t_clk_pre in high dsi clock use case dt-bindings: add clock_pre extend enable panel property fw-api: CL 11046353 - update fw common interface files Release 5.2.03.29I fw-api: CL 11039524 - update fw common interface files fw-api: CL 11034593 - update fw common interface files fw-api: CL 11025894 - update fw common interface files fw-api: CL 11024688 - update fw common interface files fw-api: CL 11019489 - update fw common interface files fw-api: CL 11006718 - update fw common interface files fw-api: CL 10992505 - update fw common interface files fw-api: CL 10972934 - update fw common interface files fw-api: CL 10966184 - update fw common interface files qcacmn: Send vdev param NAN_CONFIG_FEATURES after creating vdev qcacld-3.0: Send vdev param NAN_CONFIG_FEATURES after creating vdev Release 5.2.03.29H qcacld-3.0: Limit the number of times get_tx_power can come Release 5.2.03.29G qcacld-3.0: Fix Mlme info updating in connected BSS in scan Release 5.2.03.29F qcacld-3.0: Fix pm_qos update logic qcacld-3.0: CPU mask not set for affine cores on init Release 5.2.03.29E qcacld-3.0: Update pm_qos request only if vote or tx or rx level changes qcacmn: Define QDF API for cpumask abstraction qcacmn: Add QDF API to set thread cpu mask qcacmn: Add vdev param to configure NAN feature bitmap to firmware Release 5.2.03.29D qcacld-3.0: Ini bitmap to enable/disable a particular NAN feature Release 5.2.03.29C qcacmn: Invoke correct api to convert channel to frequency qcacmn: Make freq to chan and vice versa conversion more generic qcacld-3.0: Allocate required memory for skb and radiotap qcacmn: Fix OOB issue in wlan_parse_rsn_ie Release 5.2.03.29B qcacld-3.0: Change the RX thread policy for qcs40x soc ANDROID: cuttlefish_defconfig: Drop built-in cmdline Release 5.2.03.29A qcacld-3.0: Change the policy & priority of RX thread Release 5.2.03.29 ARM: dts: msm: Disable GPU mempools for QCS610 IoT qcacld-3.0: Add handler for WMI_VDEV_BCN_LATENCY_EVENTID Release 5.2.03.28Z qcacld-3.0: Remove unnecessary clone of skb fw-api: CL 10917877 - update fw common interface files fw-api: CL 10899787 - update fw common interface files fw-api: CL 10894153 - update fw common interface files fw-api: CL 10878097 - update fw common interface files fw-api: CL 10874626 - update fw common interface files fw-api: CL 10864082 - update fw common interface files fw-api: CL 10859209 - update fw common interface files qcacmn: Add support for WMI_VDEV_BCN_LATENCY event qcacmn: fix format specifier in qdf_dpt_dump_stats_debugfs Release 5.2.03.28Y qcacld-3.0: initialize peer hang_data in recovery_notifier_cb Release 5.2.03.28X qcacld-3.0: Add reference when access vdev Release 5.2.03.28W qcacld-3.0: Fix assert in sme_store_nss_chains_cfg ARM: dts: msm: update frame threshold time for atoll dt-bindings: Add frame threshold property for dsi controller disp: msm: dsi: update dsi pclk in panel mode settings drm/msm/dsi-staging: update frame transfer time calculations drm/msm/dsi-staging: update dsi clock calculations disp: msm: sde: avoid multiple frame-done encoder events disp: msm: sde: signal retire fence in wr_ptr timeout disp: msm: sde: handle another case for lost pp-done interrupt disp: msm: sde: avoid encoder power-collapse with pending frames disp: msm: sde: fix handling the missing pp-done interrupt cases disp: msm: sde: wait for specific pp_done instead of zero disp: msm: sde: fix release fence signaling in error cases disp: msm: sde: reset ctl during wr_ptr_irq timeout disp: msm: sde: use wr_ptr interrupt instead of ctl_start drm/msm/sde: trigger frame done if ctl is idle drm/msm/sde: avoid frame done event during autorefresh drm/msm/sde: add connector property for frame trigger mode drm/msm/sde: delay reset frame by a frame for posted trigger drm/msm/sde: support posted frame trigger for cmd mode drm/msm/sde: use atomic counter for pending frame done ANDROID: arm64: vdso: wrap -n in ld-option BACKPORT: arm64: vdso: Explicitly add build-id option BACKPORT: arm64: vdso: use $(LD) instead of $(CC) to link VDSO ANDROID: cuttlefish defconfig - enable mount/net/uts namespaces. ANDROID: net: bpf: permit redirect from ingress L3 to egress L2 devices at near max mtu UPSTREAM: mm/page_io.c: annotate refault stalls from swap_readpage ANDROID: cuttlefish_defconfig: Fix dm-verity related options BACKPORT: loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl BACKPORT: loop: change queue block size to match when using DIO ANDROID: cuttlefish_defconfig: Minimally enable EFI UPSTREAM: loop: Only freeze block queue when needed. UPSTREAM: loop: Only change blocksize when needed. UPSTREAM: ipv6: ndisc: add support for 'PREF64' dns64 prefix identifier ANDROID: dm-bow: Fix free_show value is incorrect UPSTREAM: bpf: Explicitly memset some bpf info structures declared on the stack UPSTREAM: bpf: Explicitly memset the bpf_attr structure UPSTREAM: binder: fix incorrect calculation for num_valid UPSTREAM: sched/psi: Fix OOB write when writing 0 bytes to PSI files UPSTREAM: psi: Fix a division error in psi poll() UPSTREAM: sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime UPSTREAM: sched/psi: Correct overly pessimistic size calculation ANDROID: net: bpf: Allow TC programs to call BPF_FUNC_skb_change_head Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Conflicts: arch/arm64/kernel/traps.c drivers/base/arch_topology.c drivers/base/power/wakeup.c drivers/irqchip/irq-gic-v3.c drivers/scsi/sd.c drivers/soc/qcom/Makefile drivers/tty/serial/msm_geni_serial.c
125 lines
4.8 KiB
Plaintext
125 lines
4.8 KiB
Plaintext
config SECURITY_SELINUX
|
|
bool "NSA SELinux Support"
|
|
depends on SECURITY_NETWORK && NET && INET
|
|
select NETWORK_SECMARK
|
|
default n
|
|
help
|
|
This selects NSA Security-Enhanced Linux (SELinux).
|
|
You will also need a policy configuration and a labeled filesystem.
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config SECURITY_SELINUX_BOOTPARAM
|
|
bool "NSA SELinux boot parameter"
|
|
depends on SECURITY_SELINUX
|
|
default n
|
|
help
|
|
This option adds a kernel parameter 'selinux', which allows SELinux
|
|
to be disabled at boot. If this option is selected, SELinux
|
|
functionality can be disabled with selinux=0 on the kernel
|
|
command line. The purpose of this option is to allow a single
|
|
kernel image to be distributed with SELinux built in, but not
|
|
necessarily enabled.
|
|
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config SECURITY_SELINUX_BOOTPARAM_VALUE
|
|
int "NSA SELinux boot parameter default value"
|
|
depends on SECURITY_SELINUX_BOOTPARAM
|
|
range 0 1
|
|
default 1
|
|
help
|
|
This option sets the default value for the kernel parameter
|
|
'selinux', which allows SELinux to be disabled at boot. If this
|
|
option is set to 0 (zero), the SELinux kernel parameter will
|
|
default to 0, disabling SELinux at bootup. If this option is
|
|
set to 1 (one), the SELinux kernel parameter will default to 1,
|
|
enabling SELinux at bootup.
|
|
|
|
If you are unsure how to answer this question, answer 1.
|
|
|
|
config SECURITY_SELINUX_DISABLE
|
|
bool "NSA SELinux runtime disable"
|
|
depends on SECURITY_SELINUX
|
|
select SECURITY_WRITABLE_HOOKS
|
|
default n
|
|
help
|
|
This option enables writing to a selinuxfs node 'disable', which
|
|
allows SELinux to be disabled at runtime prior to the policy load.
|
|
SELinux will then remain disabled until the next boot.
|
|
This option is similar to the selinux=0 boot parameter, but is to
|
|
support runtime disabling of SELinux, e.g. from /sbin/init, for
|
|
portability across platforms where boot parameters are difficult
|
|
to employ.
|
|
|
|
NOTE: selecting this option will disable the '__ro_after_init'
|
|
kernel hardening feature for security hooks. Please consider
|
|
using the selinux=0 boot parameter instead of enabling this
|
|
option.
|
|
|
|
If you are unsure how to answer this question, answer N.
|
|
|
|
config SECURITY_SELINUX_DEVELOP
|
|
bool "NSA SELinux Development Support"
|
|
depends on SECURITY_SELINUX
|
|
default y
|
|
help
|
|
This enables the development support option of NSA SELinux,
|
|
which is useful for experimenting with SELinux and developing
|
|
policies. If unsure, say Y. With this option enabled, the
|
|
kernel will start in permissive mode (log everything, deny nothing)
|
|
unless you specify enforcing=1 on the kernel command line. You
|
|
can interactively toggle the kernel between enforcing mode and
|
|
permissive mode (if permitted by the policy) via /selinux/enforce.
|
|
|
|
config SECURITY_SELINUX_AVC_STATS
|
|
bool "NSA SELinux AVC Statistics"
|
|
depends on SECURITY_SELINUX
|
|
default y
|
|
help
|
|
This option collects access vector cache statistics to
|
|
/selinux/avc/cache_stats, which may be monitored via
|
|
tools such as avcstat.
|
|
|
|
config SECURITY_SELINUX_CHECKREQPROT_VALUE
|
|
int "NSA SELinux checkreqprot default value"
|
|
depends on SECURITY_SELINUX
|
|
range 0 1
|
|
default 0
|
|
help
|
|
This option sets the default value for the 'checkreqprot' flag
|
|
that determines whether SELinux checks the protection requested
|
|
by the application or the protection that will be applied by the
|
|
kernel (including any implied execute for read-implies-exec) for
|
|
mmap and mprotect calls. If this option is set to 0 (zero),
|
|
SELinux will default to checking the protection that will be applied
|
|
by the kernel. If this option is set to 1 (one), SELinux will
|
|
default to checking the protection requested by the application.
|
|
The checkreqprot flag may be changed from the default via the
|
|
'checkreqprot=' boot parameter. It may also be changed at runtime
|
|
via /selinux/checkreqprot if authorized by policy.
|
|
|
|
If you are unsure how to answer this question, answer 0.
|
|
|
|
config SECURITY_SELINUX_SIDTAB_HASH_BITS
|
|
int "NSA SELinux sidtab hashtable size"
|
|
depends on SECURITY_SELINUX
|
|
range 8 13
|
|
default 9
|
|
help
|
|
This option sets the number of buckets used in the sidtab hashtable
|
|
to 2^SECURITY_SELINUX_SIDTAB_HASH_BITS buckets. The number of hash
|
|
collisions may be viewed at /sys/fs/selinux/ss/sidtab_hash_stats. If
|
|
chain lengths are high (e.g. > 20) then selecting a higher value here
|
|
will ensure that lookups times are short and stable.
|
|
|
|
config SECURITY_SELINUX_SID2STR_CACHE_SIZE
|
|
int "NSA SELinux SID to context string translation cache size"
|
|
depends on SECURITY_SELINUX
|
|
default 256
|
|
help
|
|
This option defines the size of the internal SID -> context string
|
|
cache, which improves the performance of context to string
|
|
conversion. Setting this option to 0 disables the cache completely.
|
|
|
|
If unsure, keep the default value.
|