Merge "Introduce security.lower_kptr_restrict property" am: 24a21867e7 am: 8ff9efc482

Original change: https://android-review.googlesource.com/c/platform/system/core/+/1455185 Change-Id: Ia034b5092ef8c6c3c80e7d217872e6665cb5d2ca
2020-10-23 19:24:11 +00:00 · 2020-10-23 19:24:11 +00:00 · 47319cec95
commit 47319cec95
parent 7a956ed1df 8ff9efc482
1 changed files with 8 additions and 0 deletions
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -1041,6 +1041,14 @@ on property:security.perf_harden=1
    write /proc/sys/kernel/perf_cpu_time_max_percent 25
    write /proc/sys/kernel/perf_event_mlock_kb 516

+# This property can be set only on userdebug/eng. See neverallow rule in
+# /system/sepolicy/private/property.te .
+on property:security.lower_kptr_restrict=1
+    write /proc/sys/kernel/kptr_restrict 0
+
+on property:security.lower_kptr_restrict=0
+    write /proc/sys/kernel/kptr_restrict 2
+

 # on shutdown
 # In device's init.rc, this trigger can be used to do device-specific actions