android_kernel_samsung_a7y1.../arch/arm64/Kconfig.debug

menu "Kernel hacking"

source "lib/Kconfig.debug"

config ARM64_PTDUMP
	bool "Export kernel pagetable layout to userspace via debugfs"
	depends on DEBUG_KERNEL
	select DEBUG_FS
        help
	  Say Y here if you want to show the kernel pagetable layout in a
	  debugfs file. This information is only useful for kernel developers
	  who are working in architecture specific areas of the kernel.
	  It is probably not a good idea to enable this feature in a production
	  kernel.
	  If in doubt, say "N"

config STRICT_DEVMEM
	bool "Filter access to /dev/mem"
	depends on MMU
	help
	  If this option is disabled, you allow userspace (root) access to all
	  of memory, including kernel and userspace memory. Accidental
	  access to this is obviously disastrous, but specific access can
	  be used by people debugging the kernel.

	  If this option is switched on, the /dev/mem file only allows
	  userspace access to memory mapped peripherals.

	  If in doubt, say Y.

config PID_IN_CONTEXTIDR
	bool "Write the current PID to the CONTEXTIDR register"
	help
	  Enabling this option causes the kernel to write the current PID to
	  the CONTEXTIDR register, at the expense of some additional
	  instructions during context switch. Say Y here only if you are
	  planning to use hardware trace tools with this kernel.

config ARM64_RANDOMIZE_TEXT_OFFSET
	bool "Randomize TEXT_OFFSET at build time"
	help
	  Say Y here if you want the image load offset (AKA TEXT_OFFSET)
	  of the kernel to be randomized at build-time. When selected,
	  this option will cause TEXT_OFFSET to be randomized upon any
	  build of the kernel, and the offset will be reflected in the
	  text_offset field of the resulting Image. This can be used to
	  fuzz-test bootloaders which respect text_offset.

	  This option is intended for bootloader and/or kernel testing
	  only. Bootloaders must make no assumptions regarding the value
	  of TEXT_OFFSET and platforms must not require a specific
	  value.

config DEBUG_SET_MODULE_RONX
        bool "Set loadable kernel module data as NX and text as RO"
        depends on MODULES
        help
          This option helps catch unintended modifications to loadable
          kernel module's text and read-only data. It also prevents execution
          of module data. Such protection may interfere with run-time code
          patching and dynamic kernel tracing - and they might also protect
          against certain classes of kernel exploits.
          If in doubt, say "N".

config DEBUG_RODATA
	bool "Make kernel text and rodata read-only"
	depends on !UH_RKP
	help
	  If this is set, kernel text and rodata will be made read-only. This
	  is to help catch accidental or malicious attempts to change the
	  kernel's executable code.

	  If in doubt, say Y

config DEBUG_ALIGN_RODATA
	depends on DEBUG_RODATA && ARM64_4K_PAGES
	bool "Align linker sections up to SECTION_SIZE"
	help
	  If this option is enabled, sections that may potentially be marked as
	  read only or non-executable will be aligned up to the section size of
	  the kernel. This prevents sections from being split into pages and
	  avoids a potential TLB penalty. The downside is an increase in
	  alignment and potentially wasted space. Turn on this option if
	  performance is more important than memory pressure.

	  If in doubt, say N
	  
comment "Samsung Rooting Restriction Feature"
config SEC_RESTRICT_ROOTING
	bool "Samsung Rooting Restriction Feature"
	depends on SAMSUNG_PRODUCT_SHIP
	default n
	help
	  Restrict unauthorized executions with root permission.

config SEC_RESTRICT_SETUID
	bool "Restrict changing root privilege except allowed process"
	depends on SEC_RESTRICT_ROOTING
	default y
	help
	  Say Y here if you want to restrict functions related setuid. Only allowed
	  process can chanage ROOT privilege. Saying N will not restrict changing
	  permission.

config SEC_RESTRICT_FORK
	bool "Restrict forking process except allowed process"
	depends on SEC_RESTRICT_ROOTING
	default y
	help
	  Say Y here if you want to restrict function related fork. Process matched
	  special condition will be not forked. Saying N will not restrict forking
	  process.

config SEC_RESTRICT_ROOTING_LOG
	bool "Print restricted result to kernel log"
	depends on SEC_RESTRICT_ROOTING
	default n
	help
	   Say Y here if you want to see result of restricting SETUID or FORK. It will
	   be displayed by kernel error log. Saying N will not be displayed anything.

source "drivers/hwtracing/coresight/Kconfig"

endmenu
A750FXXU4CTBC 2020-03-27 16:21:54 +00:00			`menu "Kernel hacking"`

			`source "lib/Kconfig.debug"`

			`config ARM64_PTDUMP`
			`bool "Export kernel pagetable layout to userspace via debugfs"`
			`depends on DEBUG_KERNEL`
			`select DEBUG_FS`
			`help`
			`Say Y here if you want to show the kernel pagetable layout in a`
			`debugfs file. This information is only useful for kernel developers`
			`who are working in architecture specific areas of the kernel.`
			`It is probably not a good idea to enable this feature in a production`
			`kernel.`
			`If in doubt, say "N"`

			`config STRICT_DEVMEM`
			`bool "Filter access to /dev/mem"`
			`depends on MMU`
			`help`
			`If this option is disabled, you allow userspace (root) access to all`
			`of memory, including kernel and userspace memory. Accidental`
			`access to this is obviously disastrous, but specific access can`
			`be used by people debugging the kernel.`

			`If this option is switched on, the /dev/mem file only allows`
			`userspace access to memory mapped peripherals.`

			`If in doubt, say Y.`

			`config PID_IN_CONTEXTIDR`
			`bool "Write the current PID to the CONTEXTIDR register"`
			`help`
			`Enabling this option causes the kernel to write the current PID to`
			`the CONTEXTIDR register, at the expense of some additional`
			`instructions during context switch. Say Y here only if you are`
			`planning to use hardware trace tools with this kernel.`

			`config ARM64_RANDOMIZE_TEXT_OFFSET`
			`bool "Randomize TEXT_OFFSET at build time"`
			`help`
			`Say Y here if you want the image load offset (AKA TEXT_OFFSET)`
			`of the kernel to be randomized at build-time. When selected,`
			`this option will cause TEXT_OFFSET to be randomized upon any`
			`build of the kernel, and the offset will be reflected in the`
			`text_offset field of the resulting Image. This can be used to`
			`fuzz-test bootloaders which respect text_offset.`

			`This option is intended for bootloader and/or kernel testing`
			`only. Bootloaders must make no assumptions regarding the value`
			`of TEXT_OFFSET and platforms must not require a specific`
			`value.`

			`config DEBUG_SET_MODULE_RONX`
			`bool "Set loadable kernel module data as NX and text as RO"`
			`depends on MODULES`
			`help`
			`This option helps catch unintended modifications to loadable`
			`kernel module's text and read-only data. It also prevents execution`
			`of module data. Such protection may interfere with run-time code`
			`patching and dynamic kernel tracing - and they might also protect`
			`against certain classes of kernel exploits.`
			`If in doubt, say "N".`

			`config DEBUG_RODATA`
			`bool "Make kernel text and rodata read-only"`
			`depends on !UH_RKP`
			`help`
			`If this is set, kernel text and rodata will be made read-only. This`
			`is to help catch accidental or malicious attempts to change the`
			`kernel's executable code.`

			`If in doubt, say Y`

			`config DEBUG_ALIGN_RODATA`
			`depends on DEBUG_RODATA && ARM64_4K_PAGES`
			`bool "Align linker sections up to SECTION_SIZE"`
			`help`
			`If this option is enabled, sections that may potentially be marked as`
			`read only or non-executable will be aligned up to the section size of`
			`the kernel. This prevents sections from being split into pages and`
			`avoids a potential TLB penalty. The downside is an increase in`
			`alignment and potentially wasted space. Turn on this option if`
			`performance is more important than memory pressure.`

			`If in doubt, say N`

			`comment "Samsung Rooting Restriction Feature"`
			`config SEC_RESTRICT_ROOTING`
			`bool "Samsung Rooting Restriction Feature"`
			`depends on SAMSUNG_PRODUCT_SHIP`
			`default n`
			`help`
			`Restrict unauthorized executions with root permission.`

			`config SEC_RESTRICT_SETUID`
			`bool "Restrict changing root privilege except allowed process"`
			`depends on SEC_RESTRICT_ROOTING`
			`default y`
			`help`
			`Say Y here if you want to restrict functions related setuid. Only allowed`
			`process can chanage ROOT privilege. Saying N will not restrict changing`
			`permission.`

			`config SEC_RESTRICT_FORK`
			`bool "Restrict forking process except allowed process"`
			`depends on SEC_RESTRICT_ROOTING`
			`default y`
			`help`
			`Say Y here if you want to restrict function related fork. Process matched`
			`special condition will be not forked. Saying N will not restrict forking`
			`process.`

			`config SEC_RESTRICT_ROOTING_LOG`
			`bool "Print restricted result to kernel log"`
			`depends on SEC_RESTRICT_ROOTING`
			`default n`
			`help`
			`Say Y here if you want to see result of restricting SETUID or FORK. It will`
			`be displayed by kernel error log. Saying N will not be displayed anything.`

			`source "drivers/hwtracing/coresight/Kconfig"`

			`endmenu`