arm64: configs: Disable CONFIG_SECURITY_SMACK and CONFIG_MODULE_FORCE_UNLOAD
1. unset CONFIG_SECURITY_SMACK which implicitly enable CONFIG_NETLABEL
2. unset CONFIG_MODULE_FORCE_UNLOAD to prevent UAF
3. set CONFIG_SECURITY_NETWORK which CONFIG_SECURITY_SELINUX depends on
Bug: 198690429
Signed-off-by: Roger Liao <rogerliao@google.com>
Change-Id: I733907d085971eac457e48eb18933bd55777d535
diff --git a/arch/arm64/configs/bonito_defconfig b/arch/arm64/configs/bonito_defconfig
index ee04efd3..8411afb 100644
--- a/arch/arm64/configs/bonito_defconfig
+++ b/arch/arm64/configs/bonito_defconfig
@@ -51,7 +51,6 @@
CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
-CONFIG_MODULE_FORCE_UNLOAD=y
CONFIG_MODVERSIONS=y
# CONFIG_BLK_DEV_BSG is not set
CONFIG_PARTITION_ADVANCED=y
@@ -645,10 +644,10 @@
CONFIG_PFK=y
CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
CONFIG_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_FORTIFY_SOURCE=y
CONFIG_SECURITY_SELINUX=y
-CONFIG_SECURITY_SMACK=y
CONFIG_CRYPTO_NIAP_FPT_TST_EXT_11=y
CONFIG_CRYPTO_GCM=y
CONFIG_CRYPTO_CHACHA20POLY1305=y