arm64: configs: Disable CONFIG_SECURITY_SMACK and CONFIG_MODULE_FORCE_UNLOAD 1. unset CONFIG_SECURITY_SMACK which implicitly enable CONFIG_NETLABEL 2. unset CONFIG_MODULE_FORCE_UNLOAD to prevent UAF 3. set CONFIG_SECURITY_NETWORK which CONFIG_SECURITY_SELINUX depends on Bug: 198690429 Signed-off-by: Roger Liao <rogerliao@google.com> Change-Id: I733907d085971eac457e48eb18933bd55777d535

commit: 2c860b5fc8e8e46752f291825997b1228a380734 [log] [tgz]
author: Roger Liao <rogerliao@google.com> Wed Sep 22 11:14:02 2021 +0800
committer: Roger Liao <rogerliao@google.com> Mon Nov 01 08:08:30 2021 +0000
tree: c3a97d2d28e161faeb42517c31aa333d63f58c27
parent: 7f13b6cc685e859739d2a20603cc8280aa27f84a [diff]
diff --git a/arch/arm64/configs/bonito_defconfig b/arch/arm64/configs/bonito_defconfig
index ee04efd3..8411afb 100644
--- a/arch/arm64/configs/bonito_defconfig
+++ b/arch/arm64/configs/bonito_defconfig

@@ -51,7 +51,6 @@
 CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16
 CONFIG_MODULES=y
 CONFIG_MODULE_UNLOAD=y
-CONFIG_MODULE_FORCE_UNLOAD=y
 CONFIG_MODVERSIONS=y
 # CONFIG_BLK_DEV_BSG is not set
 CONFIG_PARTITION_ADVANCED=y
@@ -645,10 +644,10 @@
 CONFIG_PFK=y
 CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
 CONFIG_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
 CONFIG_HARDENED_USERCOPY=y
 CONFIG_FORTIFY_SOURCE=y
 CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SMACK=y
 CONFIG_CRYPTO_NIAP_FPT_TST_EXT_11=y
 CONFIG_CRYPTO_GCM=y
 CONFIG_CRYPTO_CHACHA20POLY1305=y
commit	2c860b5fc8e8e46752f291825997b1228a380734	[log] [tgz]
author	Roger Liao <rogerliao@google.com>	Wed Sep 22 11:14:02 2021 +0800
committer	Roger Liao <rogerliao@google.com>	Mon Nov 01 08:08:30 2021 +0000
tree	c3a97d2d28e161faeb42517c31aa333d63f58c27
parent	7f13b6cc685e859739d2a20603cc8280aa27f84a [diff]