| commit | c772c3e77eb5276a509fa8e2b7c58b24fdd6dda5 | [log] [tgz] |
|---|---|---|
| author | Greg Hackmann <ghackmann@google.com> | Thu Mar 29 10:24:57 2018 -0700 |
| committer | Steve Muckle <smuckle@google.com> | Fri Apr 13 11:21:43 2018 -0700 |
| tree | 7d6bf1a205e15d04f329da9dfcba980ad0722742 | |
| parent | 3ade9d41cbd0939b4bf8fb0de00fa4bd840684b2 [diff] |
android-4.14: replace CONFIG_DEBUG_RODATA with CONFIG_STRICT_KERNEL_RWX
This was renamed in 4.10 by 0f5bf6d0afe4 ("arch: Rename
CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX") in order to clarify
the option's importance.
Bug: 76186455
Test: grep -E STRICT_KERNEL_RWX -A 3 \
android-4.14/Documentation/security/self-protection.rst
Change-Id: I6cc3356849c098c5f4c63a6d144440d6fee3c346
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Bug: 77982837
Merged-In: I6cc3356849c098c5f4c63a6d144440d6fee3c346
Signed-off-by: Steve Muckle <smuckle@google.com>
The files in these directories are meant to be used as a base for an Android kernel config. All devices must have the options in android-base.cfg configured as specified. If an android-base-ARCH.cfg file exists for the architecture of your device, the options in that file must be configured as specified also.
While not mandatory, the options in android-recommended.cfg enable advanced Android features.
Assuming you already have a minimalist defconfig for your device, a possible way to enable these options would be to use the merge_config.sh script in the kernel tree. From the root of the kernel tree:
ARCH=<arch> scripts/kconfig/merge_config.sh <...>/<device>_defconfig <...>/android-base.cfg <...>/android-base-<arch>.cfg <...>/android-recommended.cfg
This will generate a .config that can then be used to save a new defconfig or compile a new kernel with Android features enabled.
Because there is no tool to consistently generate these config fragments, lets keep them alphabetically sorted instead of random.