src/devices/tech/config/kernel.jd - platform/docs/source.android.com - Git at Google

 page.title=Kernel Configuration
 @jd:body

 <!--
     Copyright 2015 The Android Open Source Project

     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
     You may obtain a copy of the License at

         http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     See the License for the specific language governing permissions and
     limitations under the License.
 -->
 <div id="qv-wrapper">
   <div id="qv">
     <h2>In this document</h2>
     <ol id="auto-toc">
     </ol>
   </div>
 </div>

 <p>The kernel configuration settings in this document are meant to be used as a
 base for an Android kernel configuration. All devices should have the options
 in android-base configuration enabled. The options in
 android-recommended configuration enable advanced Android
 features. See <a href="{@docRoot}security/overview/kernel-security.html">System
 and Kernel Security</a> for controls already undertaken to strengthen the
 kernel on your devices. See the <a
 href="{@docRoot}compatibility/cdd.html">Android Compatibility Definition
 Document (CDD)</a> for required settings.</p>

 <p>
 Generating kernel config: Assuming you already have a minimalist defconfig for your device, a possible
 way to enable these options would be:</p>

 <pre>ARCH=<arch> scripts/kconfig/merge_config.sh <path_to>/<device>_defconfig android/configs/android-base.cfg
 android/configs/android-recommended.cfg</pre>
 <p>
 This will generate a .config that can then be used to save a new defconfig or
 compile a new kernel with Android features enabled.
 </p>
 <h2 id="base">Base Configuration</h2>
 <pre>
 CONFIG_EXPERIMENTAL=y
 CONFIG_SYSVIPC=y
 CONFIG_CGROUPS=y
 CONFIG_CGROUP_DEBUG=y
 CONFIG_CGROUP_FREEZER=y
 CONFIG_CGROUP_CPUACCT=y
 CONFIG_RESOURCE_COUNTERS=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_RT_GROUP_SCHED=y
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_EMBEDDED=y
 CONFIG_NO_HZ=y
 CONFIG_HIGH_RES_TIMERS=y
 CONFIG_PREEMPT=y
 CONFIG_PM_AUTOSLEEP=y
 CONFIG_PM_WAKELOCKS=y
 CONFIG_BLK_DEV_DM=y
 CONFIG_DM_CRYPT=y
 CONFIG_NET=y
 CONFIG_PACKET=y
 CONFIG_UNIX=y
 CONFIG_XFRM_USER=y
 CONFIG_NET_KEY=y
 CONFIG_INET=y
 CONFIG_IP_ADVANCED_ROUTER=y
 CONFIG_IP_MULTIPLE_TABLES=y
 CONFIG_INET_ESP=y
 # CONFIG_INET_LRO is not set
 CONFIG_IPV6_PRIVACY=y
 CONFIG_IPV6_ROUTER_PREF=y
 CONFIG_IPV6_OPTIMISTIC_DAD=y
 CONFIG_INET6_AH=y
 CONFIG_INET6_ESP=y
 CONFIG_INET6_IPCOMP=y
 CONFIG_IPV6_MIP6=y
 CONFIG_IPV6_MULTIPLE_TABLES=y
 CONFIG_NETFILTER=y
 CONFIG_NF_CONNTRACK=y
 CONFIG_NF_CONNTRACK_EVENTS=y
 CONFIG_NF_CT_PROTO_DCCP=y
 CONFIG_NF_CT_PROTO_SCTP=y
 CONFIG_NF_CT_PROTO_UDPLITE=y
 CONFIG_NF_CONNTRACK_AMANDA=y
 CONFIG_NF_CONNTRACK_FTP=y
 CONFIG_NF_CONNTRACK_H323=y
 CONFIG_NF_CONNTRACK_IRC=y
 CONFIG_NF_CONNTRACK_NETBIOS_NS=y
 CONFIG_NF_CONNTRACK_PPTP=y
 CONFIG_NF_CONNTRACK_SANE=y
 CONFIG_NF_CONNTRACK_TFTP=y
 CONFIG_NF_CT_NETLINK=y
 CONFIG_NETFILTER_TPROXY=y
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
 CONFIG_NETFILTER_XT_TARGET_MARK=y
 CONFIG_NETFILTER_XT_TARGET_NFLOG=y
 CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
 CONFIG_NETFILTER_XT_TARGET_TPROXY=y
 CONFIG_NETFILTER_XT_TARGET_TRACE=y
 CONFIG_NETFILTER_XT_MATCH_COMMENT=y
 CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
 CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
 CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
 CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
 CONFIG_NETFILTER_XT_MATCH_HELPER=y
 CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
 CONFIG_NETFILTER_XT_MATCH_LENGTH=y
 CONFIG_NETFILTER_XT_MATCH_LIMIT=y
 CONFIG_NETFILTER_XT_MATCH_MAC=y
 CONFIG_NETFILTER_XT_MATCH_MARK=y
 CONFIG_NETFILTER_XT_MATCH_POLICY=y
 CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
 CONFIG_NETFILTER_XT_MATCH_QTAGUID=y
 CONFIG_NETFILTER_XT_MATCH_QUOTA=y
 CONFIG_NETFILTER_XT_MATCH_QUOTA2=y
 CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG=y
 CONFIG_NETFILTER_XT_MATCH_SOCKET=y
 CONFIG_NETFILTER_XT_MATCH_STATE=y
 CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
 CONFIG_NETFILTER_XT_MATCH_STRING=y
 CONFIG_NETFILTER_XT_MATCH_TIME=y
 CONFIG_NETFILTER_XT_MATCH_U32=y
 CONFIG_NF_CONNTRACK_IPV4=y
 CONFIG_IP_NF_IPTABLES=y
 CONFIG_IP_NF_MATCH_AH=y
 CONFIG_IP_NF_MATCH_ECN=y
 CONFIG_IP_NF_MATCH_TTL=y
 CONFIG_IP_NF_FILTER=y
 CONFIG_IP_NF_TARGET_REJECT=y
 CONFIG_IP_NF_TARGET_REJECT_SKERR=y
 CONFIG_NF_NAT=y
 CONFIG_IP_NF_TARGET_MASQUERADE=y
 CONFIG_IP_NF_TARGET_NETMAP=y
 CONFIG_IP_NF_TARGET_REDIRECT=y
 CONFIG_IP_NF_MANGLE=y
 CONFIG_IP_NF_RAW=y
 CONFIG_IP_NF_ARPTABLES=y
 CONFIG_IP_NF_ARPFILTER=y
 CONFIG_IP_NF_ARP_MANGLE=y
 CONFIG_NF_CONNTRACK_IPV6=y
 CONFIG_IP6_NF_IPTABLES=y
 CONFIG_IP6_NF_FILTER=y
 CONFIG_IP6_NF_TARGET_REJECT=y
 CONFIG_IP6_NF_TARGET_REJECT_SKERR=y
 CONFIG_IP6_NF_MANGLE=y
 CONFIG_IP6_NF_RAW=y
 CONFIG_NET_SCHED=y
 CONFIG_NET_SCH_HTB=y
 CONFIG_NET_CLS_U32=y
 CONFIG_NET_EMATCH=y
 CONFIG_NET_EMATCH_U32=y
 CONFIG_NET_CLS_ACT=y
 CONFIG_NETDEVICES=y
 CONFIG_TUN=y
 CONFIG_PPP=y
 CONFIG_PPP_BSDCOMP=y
 CONFIG_PPP_DEFLATE=y
 CONFIG_PPP_MPPE=y
 CONFIG_PPPOLAC=y
 CONFIG_PPPOPNS=y
 CONFIG_FB=y
 CONFIG_SYNC=y
 CONFIG_USB_GADGET=y
 CONFIG_USB_G_ANDROID=y
 CONFIG_USB_OTG_WAKELOCK=y
 CONFIG_SWITCH=y
 CONFIG_RTC_CLASS=y
 CONFIG_STAGING=y
 CONFIG_ANDROID=y
 CONFIG_ANDROID_BINDER_IPC=y
 CONFIG_ASHMEM=y
 CONFIG_ANDROID_LOGGER=y
 CONFIG_ANDROID_LOW_MEMORY_KILLER=y
 CONFIG_ANDROID_INTF_ALARM_DEV=y
 </pre>

 <h2 id="recommended">Recommended Configuration</h2>

 <pre>
 CONFIG_PANIC_TIMEOUT=5
 CONFIG_KALLSYMS_ALL=y
 CONFIG_PERF_EVENTS=y
 CONFIG_COMPACTION=y
 # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
 CONFIG_PM_WAKELOCKS_LIMIT=0
 # CONFIG_PM_WAKELOCKS_GC is not set
 CONFIG_PM_RUNTIME=y
 CONFIG_PM_DEBUG=y
 CONFIG_SUSPEND_TIME=y
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_DEV_RAM=y
 CONFIG_BLK_DEV_RAM_SIZE=8192
 CONFIG_UID_STAT=y
 CONFIG_MD=y
 CONFIG_DM_UEVENT=y
 CONFIG_INPUT_EVDEV=y
 CONFIG_INPUT_KEYRESET=y
 # CONFIG_INPUT_MOUSE is not set
 CONFIG_INPUT_JOYSTICK=y
 CONFIG_JOYSTICK_XPAD=y
 CONFIG_JOYSTICK_XPAD_FF=y
 CONFIG_JOYSTICK_XPAD_LEDS=y
 CONFIG_INPUT_TABLET=y
 CONFIG_TABLET_USB_ACECAD=y
 CONFIG_TABLET_USB_AIPTEK=y
 CONFIG_TABLET_USB_GTCO=y
 CONFIG_TABLET_USB_HANWANG=y
 CONFIG_TABLET_USB_KBTAB=y
 CONFIG_TABLET_USB_WACOM=y
 CONFIG_INPUT_MISC=y
 CONFIG_INPUT_KEYCHORD=y
 CONFIG_INPUT_UINPUT=y
 CONFIG_INPUT_GPIO=y
 # CONFIG_VT is not set
 # CONFIG_LEGACY_PTYS is not set
 CONFIG_POWER_SUPPLY=y
 CONFIG_BATTERY_ANDROID=y
 CONFIG_MEDIA_SUPPORT=y
 CONFIG_BACKLIGHT_LCD_SUPPORT=y
 CONFIG_SOUND=y
 CONFIG_SND=y
 CONFIG_UHID=y
 CONFIG_USB_HIDDEV=y
 CONFIG_HID_A4TECH=y
 CONFIG_HID_ACRUX=y
 CONFIG_HID_ACRUX_FF=y
 CONFIG_HID_APPLE=y
 CONFIG_HID_BELKIN=y
 CONFIG_HID_CHERRY=y
 CONFIG_HID_CHICONY=y
 CONFIG_HID_PRODIKEYS=y
 CONFIG_HID_CYPRESS=y
 CONFIG_HID_DRAGONRISE=y
 CONFIG_DRAGONRISE_FF=y
 CONFIG_HID_EMS_FF=y
 CONFIG_HID_ELECOM=y
 CONFIG_HID_EZKEY=y
 CONFIG_HID_HOLTEK=y
 CONFIG_HID_KEYTOUCH=y
 CONFIG_HID_KYE=y
 CONFIG_HID_UCLOGIC=y
 CONFIG_HID_WALTOP=y
 CONFIG_HID_GYRATION=y
 CONFIG_HID_TWINHAN=y
 CONFIG_HID_KENSINGTON=y
 CONFIG_HID_LCPOWER=y
 CONFIG_HID_LOGITECH=y
 CONFIG_LOGITECH_FF=y
 CONFIG_LOGIRUMBLEPAD2_FF=y
 CONFIG_LOGIG940_FF=y
 CONFIG_HID_MAGICMOUSE=y
 CONFIG_HID_MICROSOFT=y
 CONFIG_HID_MONTEREY=y
 CONFIG_HID_MULTITOUCH=y
 CONFIG_HID_NTRIG=y
 CONFIG_HID_ORTEK=y
 CONFIG_HID_PANTHERLORD=y
 CONFIG_PANTHERLORD_FF=y
 CONFIG_HID_PETALYNX=y
 CONFIG_HID_PICOLCD=y
 CONFIG_HID_PRIMAX=y
 CONFIG_HID_ROCCAT=y
 CONFIG_HID_SAITEK=y
 CONFIG_HID_SAMSUNG=y
 CONFIG_HID_SONY=y
 CONFIG_HID_SPEEDLINK=y
 CONFIG_HID_SUNPLUS=y
 CONFIG_HID_GREENASIA=y
 CONFIG_GREENASIA_FF=y
 CONFIG_HID_SMARTJOYPLUS=y
 CONFIG_SMARTJOYPLUS_FF=y
 CONFIG_HID_TIVO=y
 CONFIG_HID_TOPSEED=y
 CONFIG_HID_THRUSTMASTER=y
 CONFIG_HID_WACOM=y
 CONFIG_HID_WIIMOTE=y
 CONFIG_HID_ZEROPLUS=y
 CONFIG_HID_ZYDACRON=y
 CONFIG_USB_USBNET=y
 CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
 CONFIG_USB_EHCI_HCD=y
 CONFIG_ION=y
 CONFIG_ANDROID_RAM_CONSOLE=y
 CONFIG_ANDROID_TIMED_GPIO=y
 CONFIG_EXT4_FS=y
 CONFIG_EXT4_FS_SECURITY=y
 CONFIG_FUSE_FS=y
 CONFIG_MSDOS_FS=y
 CONFIG_VFAT_FS=y
 CONFIG_TMPFS=y
 CONFIG_TMPFS_POSIX_ACL=y
 CONFIG_SCHEDSTATS=y
 CONFIG_TIMER_STATS=y
 CONFIG_SCHED_TRACER=y
 CONFIG_CPUSETS=y
 CONFIG_PROC_PID_CPUSET=y
 </pre>

 <h2 id="audio">For USB host mode audio</h2>

 <pre>
 CONFIG_SND_USB=y
 CONFIG_SND_USB_AUDIO=y
 # CONFIG_USB_AUDIO is for a peripheral mode (gadget) driver
 </pre>

 <h2 id="midi">For USB host mode MIDI</h2>

 <pre>
 CONFIG_SND_USB_MIDI=y
 </pre>

 <h2 id="Seccomp-BPF-TSYNC">Seccomp-BPF with TSYNC Requirement</h2>
 <p>
 Seccomp-BPF is a kernel security technology that
 enables the creation of sandboxes to restrict the system calls a process is
 allowed to make. The TSYNC feature enables the use of seccomp-bpf from
 multithreaded programs.
 </p>
 <p>
 This requirement is limited to architectures that have seccomp support upstream:
 ARM, ARM64, x86, and x86_64.
 </p>
 <h3 id="backport-ARM-32">Backporting for Kernel 3.10 for ARM-32, X86, X86_64</h3>
 <p>
 First, ensure that <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the
 Kconfig. This is already verified as of the Android 5.0 CTS.
 </p>
 <p>
 Next, cherry-pick the following changes from the AOSP kernel/common:android-3.10
 repository:
 </p>
 <p>
 <a
 href="https://android.googlesource.com/kernel/common/+log/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28">9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28</a>
 </p>
 <ul>
 <li><a
 href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
  ARM: add seccomp syscall</a>
 <li><a
 href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
  seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell
 <li><a
 href="https://android.googlesource.com/kernel/common/+/9ac860041db860a59bfd6ac82b31d6b6f76ebb52">9ac8600
  seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
 Roeck
 <li><a
 href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
  seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
  seccomp: allow mode setting across threads</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
  seccomp: introduce writer locking</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
  seccomp: split filter prep from check and apply</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/9d0ff694bc22fb458acb763811a677696c60725b">9d0ff69
  sched: move no_new_privs into new atomic flags</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4
  seccomp: add "seccomp" syscall</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
  seccomp: split mode setting routines</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9cff
  seccomp: extract check/assign mode helpers</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
  seccomp: create internal mode-setting function</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/987a0f1102321853565c4bfecde6a5a58ac6db11">987a0f1
  introduce for_each_thread() to replace the buggy while_each_thread()</a> by
 Oleg Nesterov
 <li><a
 href="https://android.googlesource.com/kernel/common/+/a03a2426ea9f1d9dada33cf4a824f63e8f916c9d">a03a242
  arch: Introduce smp_load_acquire(), smp_store_release()</a> by Peter Zijlstra
 </ul>
 <p>
 Apply these patches in the inverse order that they are
 listed (<code>a9ba428</code> should be last).
 </p>
 <p>
 <h3 id="backport-ARM-64">Backporting for Kernel 3.10 for ARM-64</h3>
 </p>
 <p>
 First, ensure that<code> CONFIG_SECCOMP_FILTER=y </code>is enabled in the
 Kconfig. This is already verified as of the Android 5.0 CTS.
 </p>
 <p>
 Next, cherry-pick the following changes from the AOSP kernel/common:android-3.10
 repository:
 </p>
 <ul>
 <li><a
 href="https://android.googlesource.com/kernel/common/+/210957c2bb3b4d111963bb296e2c42beb8721929">210957c
  arm64: add seccomp support</a> by AKASHI Takahiro
 <li><a
 href="https://android.googlesource.com/kernel/common/+/77227239d20ac6381fb1aee7b7cc902f0d14cd85">7722723
  arm64: add SIGSYS siginfo for compat task</a> by AKASHI Takahiro
 <li><a
 href="https://android.googlesource.com/kernel/common/+/4f12b53f28a751406a27ef7501a22f9e32a9c30b">4f12b53
  add seccomp syscall for compat task</a> by AKASHI Takahiro
 <li><a
 href="https://android.googlesource.com/kernel/common/+/dab10731da65a0deba46402ca9fadf6974676cc8">dab1073
  asm-generic: add generic seccomp.h for secure computing mode 1</a> by AKASHI
 Takahiro
 <li><a
 href="https://android.googlesource.com/kernel/common/+/feb28436457d33fef9f264635291432df4b74122">feb2843
  arm64: ptrace: allow tracer to skip a system call</a> by AKASHI Takahiro
 <li><a
 href="https://android.googlesource.com/kernel/common/+/abbfed9ed1a78701ef3db74f5287958feb897035">abbfed9
  arm64: ptrace: add PTRACE_SET_SYSCALL</a> by AKASHI Takahiro
 <li><a
 href="https://android.googlesource.com/kernel/common/+/41900903483eb96602dd72e719a798c208118aad">4190090
  ARM: 8087/1: ptrace: reload syscall number after secure_computing() check</a>
 by Will Deacon
 <li><a
 href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
  ARM: add seccomp syscall</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
  seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell
 <li><a
 href="https://android.googlesource.com/kernel/common/+/9ac860041db860a59bfd6ac82b31d6b6f76ebb52">9ac8600
  seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
 Roeck
 <li><a
 href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
  seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
  seccomp: allow mode setting across threads</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
  seccomp: introduce writer locking</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
  seccomp: split filter prep from check and apply</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/9d0ff694bc22fb458acb763811a677696c60725b">9d0ff69
  sched: move no_new_privs into new atomic flags</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4
  seccomp: add "seccomp" syscall</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
  seccomp: split mode setting routines</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9cff
  seccomp: extract check/assign mode helpers</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
  seccomp: create internal mode-setting function</a> by Kees Cook
 <li><a
 href="https://android.googlesource.com/kernel/common/+/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76">9499cd2
  syscall_get_arch: remove useless function arguments</a> by Eric Paris
 <li><a
 href="https://android.googlesource.com/kernel/common/+/3e21c0bb663a23436e0eb3f61860d4fedc233bab">3e21c0b
  arm64: audit: Add audit hook in syscall_trace_enter/exit()</a> by JP Abgrall
 <li><a
 href="https://android.googlesource.com/kernel/common/+/bf11863d45eb3dac0d0cf1f818ded11ade6e28d3">bf11863
  arm64: Add audit support</a> by AKASHI Takahiro
 <li><a
 href="https://android.googlesource.com/kernel/common/+/cfc7e99e9e3900056028a7d90072e9ea0d886f8d">cfc7e99e9
  arm64: Add __NR_* definitions for compat syscalls</a> by JP Abgrall
 </ul>
	page.title=Kernel Configuration
	@jd:body

	<!--
	Copyright 2015 The Android Open Source Project

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<div id="qv-wrapper">
	<div id="qv">
	<h2>In this document</h2>
	<ol id="auto-toc">
	</ol>
	</div>
	</div>

	<p>The kernel configuration settings in this document are meant to be used as a
	base for an Android kernel configuration. All devices should have the options
	in android-base configuration enabled. The options in
	android-recommended configuration enable advanced Android
	features. See <a href="{@docRoot}security/overview/kernel-security.html">System
	and Kernel Security</a> for controls already undertaken to strengthen the
	kernel on your devices. See the <a
	href="{@docRoot}compatibility/cdd.html">Android Compatibility Definition
	Document (CDD)</a> for required settings.</p>

	<p>
	Generating kernel config: Assuming you already have a minimalist defconfig for your device, a possible
	way to enable these options would be:</p>

	<pre>ARCH=<arch> scripts/kconfig/merge_config.sh <path_to>/<device>_defconfig android/configs/android-base.cfg
	android/configs/android-recommended.cfg</pre>
	<p>
	This will generate a .config that can then be used to save a new defconfig or
	compile a new kernel with Android features enabled.
	</p>
	<h2 id="base">Base Configuration</h2>
	<pre>
	CONFIG_EXPERIMENTAL=y
	CONFIG_SYSVIPC=y
	CONFIG_CGROUPS=y
	CONFIG_CGROUP_DEBUG=y
	CONFIG_CGROUP_FREEZER=y
	CONFIG_CGROUP_CPUACCT=y
	CONFIG_RESOURCE_COUNTERS=y
	CONFIG_CGROUP_SCHED=y
	CONFIG_RT_GROUP_SCHED=y
	CONFIG_BLK_DEV_INITRD=y
	CONFIG_EMBEDDED=y
	CONFIG_NO_HZ=y
	CONFIG_HIGH_RES_TIMERS=y
	CONFIG_PREEMPT=y
	CONFIG_PM_AUTOSLEEP=y
	CONFIG_PM_WAKELOCKS=y
	CONFIG_BLK_DEV_DM=y
	CONFIG_DM_CRYPT=y
	CONFIG_NET=y
	CONFIG_PACKET=y
	CONFIG_UNIX=y
	CONFIG_XFRM_USER=y
	CONFIG_NET_KEY=y
	CONFIG_INET=y
	CONFIG_IP_ADVANCED_ROUTER=y
	CONFIG_IP_MULTIPLE_TABLES=y
	CONFIG_INET_ESP=y
	# CONFIG_INET_LRO is not set
	CONFIG_IPV6_PRIVACY=y
	CONFIG_IPV6_ROUTER_PREF=y
	CONFIG_IPV6_OPTIMISTIC_DAD=y
	CONFIG_INET6_AH=y
	CONFIG_INET6_ESP=y
	CONFIG_INET6_IPCOMP=y
	CONFIG_IPV6_MIP6=y
	CONFIG_IPV6_MULTIPLE_TABLES=y
	CONFIG_NETFILTER=y
	CONFIG_NF_CONNTRACK=y
	CONFIG_NF_CONNTRACK_EVENTS=y
	CONFIG_NF_CT_PROTO_DCCP=y
	CONFIG_NF_CT_PROTO_SCTP=y
	CONFIG_NF_CT_PROTO_UDPLITE=y
	CONFIG_NF_CONNTRACK_AMANDA=y
	CONFIG_NF_CONNTRACK_FTP=y
	CONFIG_NF_CONNTRACK_H323=y
	CONFIG_NF_CONNTRACK_IRC=y
	CONFIG_NF_CONNTRACK_NETBIOS_NS=y
	CONFIG_NF_CONNTRACK_PPTP=y
	CONFIG_NF_CONNTRACK_SANE=y
	CONFIG_NF_CONNTRACK_TFTP=y
	CONFIG_NF_CT_NETLINK=y
	CONFIG_NETFILTER_TPROXY=y
	CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
	CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
	CONFIG_NETFILTER_XT_TARGET_MARK=y
	CONFIG_NETFILTER_XT_TARGET_NFLOG=y
	CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
	CONFIG_NETFILTER_XT_TARGET_TPROXY=y
	CONFIG_NETFILTER_XT_TARGET_TRACE=y
	CONFIG_NETFILTER_XT_MATCH_COMMENT=y
	CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
	CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
	CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
	CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
	CONFIG_NETFILTER_XT_MATCH_HELPER=y
	CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
	CONFIG_NETFILTER_XT_MATCH_LENGTH=y
	CONFIG_NETFILTER_XT_MATCH_LIMIT=y
	CONFIG_NETFILTER_XT_MATCH_MAC=y
	CONFIG_NETFILTER_XT_MATCH_MARK=y
	CONFIG_NETFILTER_XT_MATCH_POLICY=y
	CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
	CONFIG_NETFILTER_XT_MATCH_QTAGUID=y
	CONFIG_NETFILTER_XT_MATCH_QUOTA=y
	CONFIG_NETFILTER_XT_MATCH_QUOTA2=y
	CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG=y
	CONFIG_NETFILTER_XT_MATCH_SOCKET=y
	CONFIG_NETFILTER_XT_MATCH_STATE=y
	CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
	CONFIG_NETFILTER_XT_MATCH_STRING=y
	CONFIG_NETFILTER_XT_MATCH_TIME=y
	CONFIG_NETFILTER_XT_MATCH_U32=y
	CONFIG_NF_CONNTRACK_IPV4=y
	CONFIG_IP_NF_IPTABLES=y
	CONFIG_IP_NF_MATCH_AH=y
	CONFIG_IP_NF_MATCH_ECN=y
	CONFIG_IP_NF_MATCH_TTL=y
	CONFIG_IP_NF_FILTER=y
	CONFIG_IP_NF_TARGET_REJECT=y
	CONFIG_IP_NF_TARGET_REJECT_SKERR=y
	CONFIG_NF_NAT=y
	CONFIG_IP_NF_TARGET_MASQUERADE=y
	CONFIG_IP_NF_TARGET_NETMAP=y
	CONFIG_IP_NF_TARGET_REDIRECT=y
	CONFIG_IP_NF_MANGLE=y
	CONFIG_IP_NF_RAW=y
	CONFIG_IP_NF_ARPTABLES=y
	CONFIG_IP_NF_ARPFILTER=y
	CONFIG_IP_NF_ARP_MANGLE=y
	CONFIG_NF_CONNTRACK_IPV6=y
	CONFIG_IP6_NF_IPTABLES=y
	CONFIG_IP6_NF_FILTER=y
	CONFIG_IP6_NF_TARGET_REJECT=y
	CONFIG_IP6_NF_TARGET_REJECT_SKERR=y
	CONFIG_IP6_NF_MANGLE=y
	CONFIG_IP6_NF_RAW=y
	CONFIG_NET_SCHED=y
	CONFIG_NET_SCH_HTB=y
	CONFIG_NET_CLS_U32=y
	CONFIG_NET_EMATCH=y
	CONFIG_NET_EMATCH_U32=y
	CONFIG_NET_CLS_ACT=y
	CONFIG_NETDEVICES=y
	CONFIG_TUN=y
	CONFIG_PPP=y
	CONFIG_PPP_BSDCOMP=y
	CONFIG_PPP_DEFLATE=y
	CONFIG_PPP_MPPE=y
	CONFIG_PPPOLAC=y
	CONFIG_PPPOPNS=y
	CONFIG_FB=y
	CONFIG_SYNC=y
	CONFIG_USB_GADGET=y
	CONFIG_USB_G_ANDROID=y
	CONFIG_USB_OTG_WAKELOCK=y
	CONFIG_SWITCH=y
	CONFIG_RTC_CLASS=y
	CONFIG_STAGING=y
	CONFIG_ANDROID=y
	CONFIG_ANDROID_BINDER_IPC=y
	CONFIG_ASHMEM=y
	CONFIG_ANDROID_LOGGER=y
	CONFIG_ANDROID_LOW_MEMORY_KILLER=y
	CONFIG_ANDROID_INTF_ALARM_DEV=y
	</pre>

	<h2 id="recommended">Recommended Configuration</h2>

	<pre>
	CONFIG_PANIC_TIMEOUT=5
	CONFIG_KALLSYMS_ALL=y
	CONFIG_PERF_EVENTS=y
	CONFIG_COMPACTION=y
	# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
	CONFIG_PM_WAKELOCKS_LIMIT=0
	# CONFIG_PM_WAKELOCKS_GC is not set
	CONFIG_PM_RUNTIME=y
	CONFIG_PM_DEBUG=y
	CONFIG_SUSPEND_TIME=y
	CONFIG_BLK_DEV_LOOP=y
	CONFIG_BLK_DEV_RAM=y
	CONFIG_BLK_DEV_RAM_SIZE=8192
	CONFIG_UID_STAT=y
	CONFIG_MD=y
	CONFIG_DM_UEVENT=y
	CONFIG_INPUT_EVDEV=y
	CONFIG_INPUT_KEYRESET=y
	# CONFIG_INPUT_MOUSE is not set
	CONFIG_INPUT_JOYSTICK=y
	CONFIG_JOYSTICK_XPAD=y
	CONFIG_JOYSTICK_XPAD_FF=y
	CONFIG_JOYSTICK_XPAD_LEDS=y
	CONFIG_INPUT_TABLET=y
	CONFIG_TABLET_USB_ACECAD=y
	CONFIG_TABLET_USB_AIPTEK=y
	CONFIG_TABLET_USB_GTCO=y
	CONFIG_TABLET_USB_HANWANG=y
	CONFIG_TABLET_USB_KBTAB=y
	CONFIG_TABLET_USB_WACOM=y
	CONFIG_INPUT_MISC=y
	CONFIG_INPUT_KEYCHORD=y
	CONFIG_INPUT_UINPUT=y
	CONFIG_INPUT_GPIO=y
	# CONFIG_VT is not set
	# CONFIG_LEGACY_PTYS is not set
	CONFIG_POWER_SUPPLY=y
	CONFIG_BATTERY_ANDROID=y
	CONFIG_MEDIA_SUPPORT=y
	CONFIG_BACKLIGHT_LCD_SUPPORT=y
	CONFIG_SOUND=y
	CONFIG_SND=y
	CONFIG_UHID=y
	CONFIG_USB_HIDDEV=y
	CONFIG_HID_A4TECH=y
	CONFIG_HID_ACRUX=y
	CONFIG_HID_ACRUX_FF=y
	CONFIG_HID_APPLE=y
	CONFIG_HID_BELKIN=y
	CONFIG_HID_CHERRY=y
	CONFIG_HID_CHICONY=y
	CONFIG_HID_PRODIKEYS=y
	CONFIG_HID_CYPRESS=y
	CONFIG_HID_DRAGONRISE=y
	CONFIG_DRAGONRISE_FF=y
	CONFIG_HID_EMS_FF=y
	CONFIG_HID_ELECOM=y
	CONFIG_HID_EZKEY=y
	CONFIG_HID_HOLTEK=y
	CONFIG_HID_KEYTOUCH=y
	CONFIG_HID_KYE=y
	CONFIG_HID_UCLOGIC=y
	CONFIG_HID_WALTOP=y
	CONFIG_HID_GYRATION=y
	CONFIG_HID_TWINHAN=y
	CONFIG_HID_KENSINGTON=y
	CONFIG_HID_LCPOWER=y
	CONFIG_HID_LOGITECH=y
	CONFIG_LOGITECH_FF=y
	CONFIG_LOGIRUMBLEPAD2_FF=y
	CONFIG_LOGIG940_FF=y
	CONFIG_HID_MAGICMOUSE=y
	CONFIG_HID_MICROSOFT=y
	CONFIG_HID_MONTEREY=y
	CONFIG_HID_MULTITOUCH=y
	CONFIG_HID_NTRIG=y
	CONFIG_HID_ORTEK=y
	CONFIG_HID_PANTHERLORD=y
	CONFIG_PANTHERLORD_FF=y
	CONFIG_HID_PETALYNX=y
	CONFIG_HID_PICOLCD=y
	CONFIG_HID_PRIMAX=y
	CONFIG_HID_ROCCAT=y
	CONFIG_HID_SAITEK=y
	CONFIG_HID_SAMSUNG=y
	CONFIG_HID_SONY=y
	CONFIG_HID_SPEEDLINK=y
	CONFIG_HID_SUNPLUS=y
	CONFIG_HID_GREENASIA=y
	CONFIG_GREENASIA_FF=y
	CONFIG_HID_SMARTJOYPLUS=y
	CONFIG_SMARTJOYPLUS_FF=y
	CONFIG_HID_TIVO=y
	CONFIG_HID_TOPSEED=y
	CONFIG_HID_THRUSTMASTER=y
	CONFIG_HID_WACOM=y
	CONFIG_HID_WIIMOTE=y
	CONFIG_HID_ZEROPLUS=y
	CONFIG_HID_ZYDACRON=y
	CONFIG_USB_USBNET=y
	CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
	CONFIG_USB_EHCI_HCD=y
	CONFIG_ION=y
	CONFIG_ANDROID_RAM_CONSOLE=y
	CONFIG_ANDROID_TIMED_GPIO=y
	CONFIG_EXT4_FS=y
	CONFIG_EXT4_FS_SECURITY=y
	CONFIG_FUSE_FS=y
	CONFIG_MSDOS_FS=y
	CONFIG_VFAT_FS=y
	CONFIG_TMPFS=y
	CONFIG_TMPFS_POSIX_ACL=y
	CONFIG_SCHEDSTATS=y
	CONFIG_TIMER_STATS=y
	CONFIG_SCHED_TRACER=y
	CONFIG_CPUSETS=y
	CONFIG_PROC_PID_CPUSET=y
	</pre>

	<h2 id="audio">For USB host mode audio</h2>

	<pre>
	CONFIG_SND_USB=y
	CONFIG_SND_USB_AUDIO=y
	# CONFIG_USB_AUDIO is for a peripheral mode (gadget) driver
	</pre>

	<h2 id="midi">For USB host mode MIDI</h2>

	<pre>
	CONFIG_SND_USB_MIDI=y
	</pre>

	<h2 id="Seccomp-BPF-TSYNC">Seccomp-BPF with TSYNC Requirement</h2>
	<p>
	Seccomp-BPF is a kernel security technology that
	enables the creation of sandboxes to restrict the system calls a process is
	allowed to make. The TSYNC feature enables the use of seccomp-bpf from
	multithreaded programs.
	</p>
	<p>
	This requirement is limited to architectures that have seccomp support upstream:
	ARM, ARM64, x86, and x86_64.
	</p>
	<h3 id="backport-ARM-32">Backporting for Kernel 3.10 for ARM-32, X86, X86_64</h3>
	<p>
	First, ensure that <code>CONFIG_SECCOMP_FILTER=y</code> is enabled in the
	Kconfig. This is already verified as of the Android 5.0 CTS.
	</p>
	<p>
	Next, cherry-pick the following changes from the AOSP kernel/common:android-3.10
	repository:
	</p>
	<p>
	<a
	href="https://android.googlesource.com/kernel/common/+log/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28">9499cd23f9d05ba159fac6d55dc35a7f49f9ce76..a9ba4285aa5722a3b4d84888e78ba8adc0046b28</a>
	</p>
	<ul>
	<li><a
	href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
	ARM: add seccomp syscall</a>
	<li><a
	href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
	seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell
	<li><a
	href="https://android.googlesource.com/kernel/common/+/9ac860041db860a59bfd6ac82b31d6b6f76ebb52">9ac8600
	seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
	Roeck
	<li><a
	href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
	seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
	seccomp: allow mode setting across threads</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
	seccomp: introduce writer locking</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
	seccomp: split filter prep from check and apply</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/9d0ff694bc22fb458acb763811a677696c60725b">9d0ff69
	sched: move no_new_privs into new atomic flags</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4
	seccomp: add "seccomp" syscall</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
	seccomp: split mode setting routines</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9cff
	seccomp: extract check/assign mode helpers</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
	seccomp: create internal mode-setting function</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/987a0f1102321853565c4bfecde6a5a58ac6db11">987a0f1
	introduce for_each_thread() to replace the buggy while_each_thread()</a> by
	Oleg Nesterov
	<li><a
	href="https://android.googlesource.com/kernel/common/+/a03a2426ea9f1d9dada33cf4a824f63e8f916c9d">a03a242
	arch: Introduce smp_load_acquire(), smp_store_release()</a> by Peter Zijlstra
	</ul>
	<p>
	Apply these patches in the inverse order that they are
	listed (<code>a9ba428</code> should be last).
	</p>
	<p>
	<h3 id="backport-ARM-64">Backporting for Kernel 3.10 for ARM-64</h3>
	</p>
	<p>
	First, ensure that<code> CONFIG_SECCOMP_FILTER=y </code>is enabled in the
	Kconfig. This is already verified as of the Android 5.0 CTS.
	</p>
	<p>
	Next, cherry-pick the following changes from the AOSP kernel/common:android-3.10
	repository:
	</p>
	<ul>
	<li><a
	href="https://android.googlesource.com/kernel/common/+/210957c2bb3b4d111963bb296e2c42beb8721929">210957c
	arm64: add seccomp support</a> by AKASHI Takahiro
	<li><a
	href="https://android.googlesource.com/kernel/common/+/77227239d20ac6381fb1aee7b7cc902f0d14cd85">7722723
	arm64: add SIGSYS siginfo for compat task</a> by AKASHI Takahiro
	<li><a
	href="https://android.googlesource.com/kernel/common/+/4f12b53f28a751406a27ef7501a22f9e32a9c30b">4f12b53
	add seccomp syscall for compat task</a> by AKASHI Takahiro
	<li><a
	href="https://android.googlesource.com/kernel/common/+/dab10731da65a0deba46402ca9fadf6974676cc8">dab1073
	asm-generic: add generic seccomp.h for secure computing mode 1</a> by AKASHI
	Takahiro
	<li><a
	href="https://android.googlesource.com/kernel/common/+/feb28436457d33fef9f264635291432df4b74122">feb2843
	arm64: ptrace: allow tracer to skip a system call</a> by AKASHI Takahiro
	<li><a
	href="https://android.googlesource.com/kernel/common/+/abbfed9ed1a78701ef3db74f5287958feb897035">abbfed9
	arm64: ptrace: add PTRACE_SET_SYSCALL</a> by AKASHI Takahiro
	<li><a
	href="https://android.googlesource.com/kernel/common/+/41900903483eb96602dd72e719a798c208118aad">4190090
	ARM: 8087/1: ptrace: reload syscall number after secure_computing() check</a>
	by Will Deacon
	<li><a
	href="https://android.googlesource.com/kernel/common/+/a9ba4285aa5722a3b4d84888e78ba8adc0046b28">a9ba428
	ARM: add seccomp syscall</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/900e9fd0d5d15c596cacfb89ce007c933cea6e1c">900e9fd
	seccomp: fix syscall numbers for x86 and x86_64</a> by Lee Campbell
	<li><a
	href="https://android.googlesource.com/kernel/common/+/9ac860041db860a59bfd6ac82b31d6b6f76ebb52">9ac8600
	seccomp: Replace BUG(!spin_is_locked()) with assert_spin_lock</a> by Guenter
	Roeck
	<li><a
	href="https://android.googlesource.com/kernel/common/+/f14a5db2398afed8f416d244e6da6b23940997c6">f14a5db
	seccomp: implement SECCOMP_FILTER_FLAG_TSYNC</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/c852ef778224ecf5fe995d74ad96087038778bca">c852ef7
	seccomp: allow mode setting across threads</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/61b6b882a0abfeb627d25a069cfa1d232b84c8eb">61b6b88
	seccomp: introduce writer locking</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/b6a12bf4dd762236c7f637b19cfe10a268304b9b">b6a12bf
	seccomp: split filter prep from check and apply</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/9d0ff694bc22fb458acb763811a677696c60725b">9d0ff69
	sched: move no_new_privs into new atomic flags</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/e985fd474debedb269fba27006eda50d0b6f07ef">e985fd4
	seccomp: add "seccomp" syscall</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/8908dde5a7fdca974374b0dbe6dfb10f69df7216">8908dde
	seccomp: split mode setting routines</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/b8a9cff6dbe9cfddbb4d17e2dea496e523544687">b8a9cff
	seccomp: extract check/assign mode helpers</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/2a30a4386e4a7e1283157c4cf4cfcc0306b22ac8">2a30a43
	seccomp: create internal mode-setting function</a> by Kees Cook
	<li><a
	href="https://android.googlesource.com/kernel/common/+/9499cd23f9d05ba159fac6d55dc35a7f49f9ce76">9499cd2
	syscall_get_arch: remove useless function arguments</a> by Eric Paris
	<li><a
	href="https://android.googlesource.com/kernel/common/+/3e21c0bb663a23436e0eb3f61860d4fedc233bab">3e21c0b
	arm64: audit: Add audit hook in syscall_trace_enter/exit()</a> by JP Abgrall
	<li><a
	href="https://android.googlesource.com/kernel/common/+/bf11863d45eb3dac0d0cf1f818ded11ade6e28d3">bf11863
	arm64: Add audit support</a> by AKASHI Takahiro
	<li><a
	href="https://android.googlesource.com/kernel/common/+/cfc7e99e9e3900056028a7d90072e9ea0d886f8d">cfc7e99e9
	arm64: Add __NR_* definitions for compat syscalls</a> by JP Abgrall
	</ul>