From e3c22a1c6000bf3a83f66ae0a4d0fb9bf3c3722d Mon Sep 17 00:00:00 2001
From: Gaosheng Cui <cuigaosheng1@huawei.com>
Date: Tue, 9 Aug 2022 21:26:31 +0800
Subject: [PATCH] arm64: enable kernel security enhancement feature ohos
 inclusion category: feature issue: #I5LINO CVE: NA

----------------------------------------------

arm64 support kaslr, vendor hooks and hardened usercopy.

Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
---
 .../arch/arm64/configs/rk3568_standard_defconfig       | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/linux-5.10/arch/arm64/configs/rk3568_standard_defconfig b/linux-5.10/arch/arm64/configs/rk3568_standard_defconfig
index ad6bce9..846d2c1 100644
--- a/linux-5.10/arch/arm64/configs/rk3568_standard_defconfig
+++ b/linux-5.10/arch/arm64/configs/rk3568_standard_defconfig
@@ -453,7 +453,7 @@ CONFIG_ARM64_SVE=y
 CONFIG_ARM64_MODULE_PLTS=y
 # CONFIG_ARM64_PSEUDO_NMI is not set
 CONFIG_RELOCATABLE=y
-# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_RANDOMIZE_BASE=y
 # end of Kernel Features
 
 #
@@ -5889,6 +5889,12 @@ CONFIG_DRIVERS_HDF_VIBRATOR_LINEAR=y
 # CONFIG_RK_FLASH is not set
 # CONFIG_RK_NAND is not set
 CONFIG_ACCESS_TOKENID=y
+
+#
+# Vendor Hooks
+#
+CONFIG_VENDOR_HOOKS=y
+# end of Vendor Hooks
 # end of Device Drivers
 
 #
@@ -6176,7 +6182,7 @@ CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_PATH=y
 CONFIG_LSM_MMAP_MIN_ADDR=32768
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
 # CONFIG_FORTIFY_SOURCE is not set
 # CONFIG_STATIC_USERMODEHELPER is not set
 CONFIG_SECURITY_SELINUX=y
-- 
Gitee