From 2ccb61aafc858c56ed3f5146d47e832ca94bf52d Mon Sep 17 00:00:00 2001 From: Hoegeun Kwon Date: Fri, 4 Dec 2020 13:30:53 +0900 Subject: [PATCH] arm64: configs: tizen_*: Enable SECURITY_SMACK and disable all other LSM It needs to enable configs related with SMACK for booting tizen platform. Also, other LSMs are not required in Tizen, so disable them. Change-Id: I44680664404bd4e1fda6fc9e7d1b31910de435b1 Signed-off-by: Hoegeun Kwon Signed-off-by: Seung-Woo Kim --- arch/arm64/configs/tizen_kvims_defconfig | 5 +++-- arch/arm64/configs/tizen_odroidg12_defconfig | 11 +++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/arm64/configs/tizen_kvims_defconfig b/arch/arm64/configs/tizen_kvims_defconfig index 327dd5cec596..47d1a657ee04 100644 --- a/arch/arm64/configs/tizen_kvims_defconfig +++ b/arch/arm64/configs/tizen_kvims_defconfig @@ -113,6 +113,7 @@ CONFIG_IPV6_MIP6=y CONFIG_IPV6_VTI=y CONFIG_IPV6_MULTIPLE_TABLES=y # CONFIG_ANDROID_PARANOID_NETWORK is not set +CONFIG_NETWORK_SECMARK=y CONFIG_NETFILTER=y CONFIG_BRIDGE_NETFILTER=y CONFIG_NF_CONNTRACK=y @@ -771,10 +772,10 @@ CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_PATH=y -CONFIG_LSM_MMAP_MIN_ADDR=0 CONFIG_HARDENED_USERCOPY=y -CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SMACK=y +CONFIG_SECURITY_SMACK_NETFILTER=y +CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y CONFIG_CRYPTO_MICHAEL_MIC=y CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_ANUBIS=m diff --git a/arch/arm64/configs/tizen_odroidg12_defconfig b/arch/arm64/configs/tizen_odroidg12_defconfig index 06f821e6040f..6a42d33e3b57 100644 --- a/arch/arm64/configs/tizen_odroidg12_defconfig +++ b/arch/arm64/configs/tizen_odroidg12_defconfig @@ -1,6 +1,7 @@ # CONFIG_LOCALVERSION_AUTO is not set CONFIG_SYSVIPC=y CONFIG_POSIX_MQUEUE=y +CONFIG_AUDIT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y CONFIG_SCHED_WALT=y @@ -154,6 +155,7 @@ CONFIG_IPV6_MROUTE=y CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y CONFIG_IPV6_PIMSM_V2=y # CONFIG_ANDROID_PARANOID_NETWORK is not set +CONFIG_NETWORK_SECMARK=y CONFIG_NETFILTER=y CONFIG_NETFILTER_DEBUG=y CONFIG_NETFILTER_NETLINK_QUEUE=y @@ -1626,16 +1628,17 @@ CONFIG_AMLOGIC_USER_FAULT=y CONFIG_SECURITY_DMESG_RESTRICT=y CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y CONFIG_SECURITY=y -CONFIG_LSM_MMAP_MIN_ADDR=0 +CONFIG_SECURITYFS=y +CONFIG_SECURITY_PATH=y CONFIG_HARDENED_USERCOPY=y -CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SMACK=y -CONFIG_SECURITY_APPARMOR=y -CONFIG_DEFAULT_SECURITY_APPARMOR=y +CONFIG_SECURITY_SMACK_NETFILTER=y +CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y CONFIG_CRYPTO_AUTHENC=y CONFIG_CRYPTO_ECHAINIV=y CONFIG_CRYPTO_CMAC=y CONFIG_CRYPTO_MICHAEL_MIC=y +CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_ANUBIS=m CONFIG_CRYPTO_BLOWFISH=m -- 2.34.1