expose control over unpriv perf access to shell

This allows the shell user to control whether unprivileged access to perf events is allowed. To enable unprivileged access to perf: adb shell setprop security.perf_harden 0 To disable it again: adb shell setprop security.perf_harden 1 This allows Android to disable this kernel attack surface by default, while still allowing profiling tools to work automatically. It can also be manually toggled, but most developers won't ever need to do that if tools end up incorporating this. Bug: 29054680 Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f

expose control over unpriv perf access to shell
This allows the shell user to control whether unprivileged access to perf events is allowed. To enable unprivileged access to perf: adb shell setprop security.perf_harden 0 To disable it again: adb shell setprop security.perf_harden 1 This allows Android to disable this kernel attack surface by default, while still allowing profiling tools to work automatically. It can also be manually toggled, but most developers won't ever need to do that if tools end up incorporating this. Bug: 29054680 Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
38ac77e4 · Daniel Micay · e3327427 · 38ac77e4
Commit 38ac77e4 authored 8 years ago by Daniel Micay
--- a/property_contexts
+++ b/property_contexts
@@ -33,6 +33,7 @@ debug.                  u:object_r:debug_prop:s0
 debug.db.               u:object_r:debuggerd_prop:s0
 dumpstate.              u:object_r:dumpstate_prop:s0
 log.                    u:object_r:shell_prop:s0
+security.perf_harden    u:object_r:shell_prop:s0
 service.adb.root        u:object_r:shell_prop:s0
 service.adb.tcp.port    u:object_r:shell_prop:s0