| config SECURITY_CHROMIUMOS |
| bool "Chromium OS Security Module" |
| depends on SECURITY |
| help |
| The purpose of the Chromium OS security module is to reduce attacking |
| surface by preventing access to general purpose access modes not |
| required by Chromium OS. Currently: the mount operation is |
| restricted by requiring a mount point path without symbolic links, |
| and loading modules is limited to only the root filesystem. This |
| LSM is stacked ahead of any primary "full" LSM. |
| |
| config SECURITY_CHROMIUMOS_NO_SYMLINK_MOUNT |
| bool "Chromium OS Security: prohibit mount to symlinked target" |
| depends on SECURITY_CHROMIUMOS |
| default y |
| help |
| When enabled mount() syscall will return ELOOP whenever target path |
| contains any symlinks. |
| |
| config SECURITY_CHROMIUMOS_DEVICE_JAIL |
| bool "Chromium OS Security: device jail sandbox" |
| depends on USB |
| default y |
| help |
| When enabled, the kernel device_jail interface will be enabled, |
| allowing further sandboxing of USB devices. |
| |
| config ALT_SYSCALL_CHROMIUMOS |
| tristate "Chromium OS Alt-Syscall Tables" |
| depends on ALT_SYSCALL |
| help |
| Register restricted, alternate syscall tables used by Chromium OS |
| using the alt-syscall infrastructure. Alternate syscall tables |
| can be selected with prctl(PR_ALT_SYSCALL). |
| |
| config SECURITY_CHROMIUMOS_READONLY_PROC_SELF_MEM |
| bool "Force /proc/<pid>/mem paths to be read-only" |
| default y |
| help |
| When enabled, attempts to open /proc/self/mem for write access |
| will always fail. Write access to this file allows bypassing |
| of memory map permissions (such as modifying read-only code). |