Commits

Stephen Smalley  committed 8560f90

Do not set CONFIG_LSM_MMAP_MIN_ADDR; use the default.

This is the address limit for checking SELinux mmap_zero permission,
which predated the CAP_SYS_RAWIO check and intentionally uses
a fixed limit rather than /proc/sys/vm/mmap_min_addr to avoid being
mutable by userspace.

When we first enabled this in our kernels, we were conservative
and only set it to 4096. However, since Android sets
/proc/sys/vm/mmap_min_addr to 32768, we should just use the default
value (also 32768 for ARM, 65536 for others) specified by security/Kconfig.
Remove the explicit setting of the value from the defconfig file.

Change-Id: I260f2477225be7d0a406d1ad25a83ebc36fd4996
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

  • Participants
  • Parent commits 2abe498
  • Branches seandroid-tegra3-grouper-3.1-kitkat-mr1

Comments (0)

Files changed (1)

File arch/arm/configs/tegra3_android_defconfig

 CONFIG_TRUSTED_FOUNDATIONS=y
 CONFIG_SECURITY=y
 CONFIG_SECURITY_NETWORK=y
-CONFIG_LSM_MMAP_MIN_ADDR=4096
 CONFIG_SECURITY_SELINUX=y
 CONFIG_CRYPTO_SHA256=y
 CONFIG_CRYPTO_TWOFISH=y