1. seandroid
  2. Untitled project
  3. kernel/goldfish

Commits

Nick Kralevich  committed 87d9666

goldfish: enable SELinux for x86

Change-Id: I644f4fcf892e11c162fcccdbdce3e3043b41f4f2
Signed-off-by: Nick Kralevich <nnk@google.com>

  • Participants
  • Parent commits 0e0d2fb
  • Branches android-goldfish-3.4, seandroid-goldfish-3.4

Comments (0)

Files changed (1)

File arch/x86/configs/goldfish_defconfig

View file
  • Ignore whitespace
 CONFIG_TASK_DELAY_ACCT=y
 CONFIG_TASK_XACCT=y
 CONFIG_TASK_IO_ACCOUNTING=y
-# CONFIG_AUDIT is not set
+CONFIG_AUDIT=y
+CONFIG_AUDITSYSCALL=y
+CONFIG_AUDIT_WATCH=y
+CONFIG_AUDIT_TREE=y
+# CONFIG_AUDIT_LOGINUID_IMMUTABLE is not set
 
 #
 # RCU Subsystem
 CONFIG_SECURITY_FILE_CAPABILITIES=y
 # CONFIG_SECURITY_ROOTPLUG is not set
 # CONFIG_SECURITY_SMACK is not set
+CONFIG_LSM_MMAP_MIN_ADDR=32768
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+# CONFIG_SECURITY_SELINUX_DISABLE is not set
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
+# CONFIG_SECURITY_TOMOYO is not set
+# CONFIG_SECURITY_APPARMOR is not set
+# CONFIG_SECURITY_YAMA is not set
+# CONFIG_IMA is not set
+# CONFIG_DEFAULT_SECURITY_SELINUX is not set
+
 CONFIG_CRYPTO=y
 
 #
 CONFIG_CRC32=y
 # CONFIG_CRC7 is not set
 # CONFIG_LIBCRC32C is not set
+CONFIG_AUDIT_GENERIC=y
 CONFIG_ZLIB_INFLATE=y
 CONFIG_PLIST=y
 CONFIG_HAS_IOMEM=y