From 23d5d05515b4b22ad4adb51fdd229ef6a708d05b Mon Sep 17 00:00:00 2001
From: Josue Rivera <prbassplayer@gmail.com>
Date: Fri, 23 Aug 2013 02:06:17 +0200
Subject: [PATCH 1/4] More options for SELinux on captivate

Change-Id: I0abfc59b1e0bb109301f45f6682b2f406b200468
Signed-off-by: Josue Rivera <prbassplayer@gmail.com>
---
 arch/arm/configs/semaphore_captivate_defconfig | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/arm/configs/semaphore_captivate_defconfig b/arch/arm/configs/semaphore_captivate_defconfig
index 8fa0b35c8768..7488ff6ac3e2 100644
--- a/arch/arm/configs/semaphore_captivate_defconfig
+++ b/arch/arm/configs/semaphore_captivate_defconfig
@@ -3,6 +3,7 @@ CONFIG_EXPERIMENTAL=y
 # CONFIG_SWAP is not set
 CONFIG_SYSVIPC=y
 CONFIG_AUDIT=y
+CONFIG_AUDIT_GENERIC=y
 CONFIG_TINY_PREEMPT_RCU=y
 CONFIG_IKCONFIG=m
 CONFIG_IKCONFIG_PROC=y
@@ -89,6 +90,7 @@ CONFIG_INET6_IPCOMP=y
 CONFIG_IPV6_MIP6=y
 CONFIG_IPV6_TUNNEL=y
 CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_NETWORK_SECMARK=y
 CONFIG_NETFILTER=y
 CONFIG_NF_CONNTRACK=y
 CONFIG_NF_CONNTRACK_SECMARK=y
@@ -356,7 +358,8 @@ CONFIG_ANDROID_RAM_CONSOLE_ERROR_CORRECTION=y
 CONFIG_ANDROID_TIMED_GPIO=y
 CONFIG_ANDROID_LOW_MEMORY_KILLER=y
 CONFIG_EXT4_FS=y
-# CONFIG_EXT4_FS_XATTR is not set
+CONFIG_EXT4_FS_XATTR=y
+CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_DNOTIFY is not set
 CONFIG_FUSE_FS=m
 CONFIG_MSDOS_FS=y
@@ -364,6 +367,7 @@ CONFIG_VFAT_FS=y
 CONFIG_TMPFS=y
 CONFIG_TMPFS_POSIX_ACL=y
 CONFIG_YAFFS_FS=y
+CONFIG_YAFFS_XATTR=y
 CONFIG_CRAMFS=y
 CONFIG_ROMFS_FS=y
 CONFIG_SYSV_FS=y

From f9b74067f7e5455631e903921b27fff6088b8eeb Mon Sep 17 00:00:00 2001
From: Josue Rivera <prbassplayer@gmail.com>
Date: Fri, 23 Aug 2013 02:06:44 +0200
Subject: [PATCH 2/4] Revert "config: Disable SELinux"

This reverts commit 4bb352651b9e059d4317b1b181432165e0d903b6.
---
 arch/arm/configs/semaphore_galaxys_defconfig | 23 ++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/arch/arm/configs/semaphore_galaxys_defconfig b/arch/arm/configs/semaphore_galaxys_defconfig
index fdec2a6e6ad5..78fbfeb5fa26 100644
--- a/arch/arm/configs/semaphore_galaxys_defconfig
+++ b/arch/arm/configs/semaphore_galaxys_defconfig
@@ -2,6 +2,8 @@ CONFIG_EXPERIMENTAL=y
 # CONFIG_LOCALVERSION_AUTO is not set
 # CONFIG_SWAP is not set
 CONFIG_SYSVIPC=y
+CONFIG_AUDIT=y
+CONFIG_AUDIT_GENERIC=y
 CONFIG_TINY_PREEMPT_RCU=y
 CONFIG_IKCONFIG=m
 CONFIG_IKCONFIG_PROC=y
@@ -14,8 +16,8 @@ CONFIG_CGROUP_SCHED=y
 CONFIG_RT_GROUP_SCHED=y
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_INITRAMFS_SOURCE="../ics-ramdisk/jb_combo/"
-CONFIG_INITRAMFS_ROOT_UID=1000
-CONFIG_INITRAMFS_ROOT_GID=1000
+CONFIG_INITRAMFS_ROOT_UID=500
+CONFIG_INITRAMFS_ROOT_GID=500
 # CONFIG_RD_GZIP is not set
 CONFIG_RD_LZMA=y
 CONFIG_INITRAMFS_COMPRESSION_LZMA=y
@@ -44,6 +46,7 @@ CONFIG_S3C_LOWLEVEL_UART_PORT=2
 CONFIG_S5P_HIGH_RES_TIMERS=y
 # CONFIG_S5PV210_CORESIGHT is not set
 CONFIG_MACH_ARIES=y
+CONFIG_S5P_HUGEMEM=y
 CONFIG_DVFS_LIMIT=y
 CONFIG_CPU_DIDLE=y
 CONFIG_WIFI_CONTROL_FUNC=y
@@ -87,8 +90,10 @@ CONFIG_INET6_IPCOMP=y
 CONFIG_IPV6_MIP6=y
 CONFIG_IPV6_TUNNEL=y
 CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_NETWORK_SECMARK=y
 CONFIG_NETFILTER=y
 CONFIG_NF_CONNTRACK=y
+CONFIG_NF_CONNTRACK_SECMARK=y
 CONFIG_NF_CONNTRACK_EVENTS=y
 CONFIG_NF_CT_PROTO_DCCP=y
 CONFIG_NF_CT_PROTO_SCTP=y
@@ -105,11 +110,13 @@ CONFIG_NF_CT_NETLINK=y
 CONFIG_NETFILTER_TPROXY=y
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
 CONFIG_NETFILTER_XT_TARGET_MARK=y
 CONFIG_NETFILTER_XT_TARGET_NFLOG=y
 CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
 CONFIG_NETFILTER_XT_TARGET_TPROXY=y
 CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_SECMARK=y
 CONFIG_NETFILTER_XT_MATCH_COMMENT=y
 CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
 CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
@@ -149,6 +156,7 @@ CONFIG_IP_NF_TARGET_NETMAP=y
 CONFIG_IP_NF_TARGET_REDIRECT=y
 CONFIG_IP_NF_MANGLE=y
 CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_SECURITY=y
 CONFIG_IP_NF_ARPTABLES=y
 CONFIG_IP_NF_ARPFILTER=y
 CONFIG_IP_NF_ARP_MANGLE=y
@@ -316,8 +324,8 @@ CONFIG_SND=y
 CONFIG_SND_SOC=y
 CONFIG_SND_SOC_SAMSUNG=y
 CONFIG_SND_SOC_SAMSUNG_HERRING_WM8994=y
-CONFIG_UHID=m
 # CONFIG_SND_WM8994_EXTENSIONS_DEVELOPMENT is not set
+CONFIG_UHID=m
 CONFIG_USB_HID=m
 CONFIG_USB_DEBUG=y
 CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
@@ -350,7 +358,8 @@ CONFIG_ANDROID_RAM_CONSOLE_ERROR_CORRECTION=y
 CONFIG_ANDROID_TIMED_GPIO=y
 CONFIG_ANDROID_LOW_MEMORY_KILLER=y
 CONFIG_EXT4_FS=y
-# CONFIG_EXT4_FS_XATTR is not set
+CONFIG_EXT4_FS_XATTR=y
+CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_DNOTIFY is not set
 CONFIG_FUSE_FS=m
 CONFIG_MSDOS_FS=y
@@ -358,6 +367,7 @@ CONFIG_VFAT_FS=y
 CONFIG_TMPFS=y
 CONFIG_TMPFS_POSIX_ACL=y
 CONFIG_YAFFS_FS=y
+CONFIG_YAFFS_XATTR=y
 CONFIG_CRAMFS=y
 CONFIG_ROMFS_FS=y
 CONFIG_SYSV_FS=y
@@ -379,6 +389,11 @@ CONFIG_SCHED_TRACER=y
 CONFIG_DYNAMIC_DEBUG=y
 # CONFIG_ARM_UNWIND is not set
 CONFIG_DEBUG_S3C_UART=2
+CONFIG_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_LSM_MMAP_MIN_ADDR=4096
+CONFIG_SECURITY_SELINUX=y
+CONFIG_CRYPTO_MD4=y
 CONFIG_CRYPTO_SHA256=y
 CONFIG_CRYPTO_TWOFISH=y
 CONFIG_CRC_CCITT=y

From caf14048022148e27d41e0841b1ba63d4f464e43 Mon Sep 17 00:00:00 2001
From: Josue Rivera <prbassplayer@gmail.com>
Date: Fri, 27 Sep 2013 06:54:31 +0200
Subject: [PATCH 3/4] More SELinux options on vibrant

Change-Id: Iade8aa0d3977c53618838690ad1fba14ada62fa7
Signed-off-by: Josue Rivera <prbassplayer@gmail.com>
---
 arch/arm/configs/semaphore_vibrant_defconfig | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/arm/configs/semaphore_vibrant_defconfig b/arch/arm/configs/semaphore_vibrant_defconfig
index 0eb1219f0ce0..8c1a7b015d42 100644
--- a/arch/arm/configs/semaphore_vibrant_defconfig
+++ b/arch/arm/configs/semaphore_vibrant_defconfig
@@ -3,6 +3,7 @@ CONFIG_EXPERIMENTAL=y
 # CONFIG_SWAP is not set
 CONFIG_SYSVIPC=y
 CONFIG_AUDIT=y
+CONFIG_AUDIT_GENERIC=y
 CONFIG_TINY_PREEMPT_RCU=y
 CONFIG_IKCONFIG=m
 CONFIG_IKCONFIG_PROC=y
@@ -89,6 +90,7 @@ CONFIG_INET6_IPCOMP=y
 CONFIG_IPV6_MIP6=y
 CONFIG_IPV6_TUNNEL=y
 CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_NETWORK_SECMARK=y
 CONFIG_NETFILTER=y
 CONFIG_NF_CONNTRACK=y
 CONFIG_NF_CONNTRACK_SECMARK=y
@@ -356,7 +358,8 @@ CONFIG_ANDROID_RAM_CONSOLE_ERROR_CORRECTION=y
 CONFIG_ANDROID_TIMED_GPIO=y
 CONFIG_ANDROID_LOW_MEMORY_KILLER=y
 CONFIG_EXT4_FS=y
-# CONFIG_EXT4_FS_XATTR is not set
+CONFIG_EXT4_FS_XATTR=y
+CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_DNOTIFY is not set
 CONFIG_FUSE_FS=m
 CONFIG_MSDOS_FS=y
@@ -364,6 +367,7 @@ CONFIG_VFAT_FS=y
 CONFIG_TMPFS=y
 CONFIG_TMPFS_POSIX_ACL=y
 CONFIG_YAFFS_FS=y
+CONFIG_YAFFS_XATTR=y
 CONFIG_CRAMFS=y
 CONFIG_ROMFS_FS=y
 CONFIG_SYSV_FS=y

From 23bc10975eef1cd8f04d6fef433e09cba9817333 Mon Sep 17 00:00:00 2001
From: Josue Rivera <prbassplayer@gmail.com>
Date: Fri, 27 Sep 2013 23:45:08 +0200
Subject: [PATCH 4/4] Updated defconfigs

Change-Id: I33071c454a1f5a5a1216038c1aa8635323f76ba7
Signed-off-by: Josue Rivera <prbassplayer@gmail.com>
---
 arch/arm/configs/semaphore_captivate_defconfig | 3 ++-
 arch/arm/configs/semaphore_vibrant_defconfig   | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/arm/configs/semaphore_captivate_defconfig b/arch/arm/configs/semaphore_captivate_defconfig
index 7488ff6ac3e2..a568d99228a6 100644
--- a/arch/arm/configs/semaphore_captivate_defconfig
+++ b/arch/arm/configs/semaphore_captivate_defconfig
@@ -15,7 +15,7 @@ CONFIG_RESOURCE_COUNTERS=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_RT_GROUP_SCHED=y
 CONFIG_BLK_DEV_INITRD=y
-CONFIG_INITRAMFS_SOURCE="../ics-ramdisk/jb_combo_c/"
+CONFIG_INITRAMFS_SOURCE="source/../ics-ramdisk/jb_combo_c/"
 CONFIG_INITRAMFS_ROOT_UID=500
 CONFIG_INITRAMFS_ROOT_GID=500
 # CONFIG_RD_GZIP is not set
@@ -397,3 +397,4 @@ CONFIG_CRYPTO_MD4=y
 CONFIG_CRYPTO_SHA256=y
 CONFIG_CRYPTO_TWOFISH=y
 CONFIG_CRC_CCITT=y
+CONFIG_S5P_HUGEMEM=y
diff --git a/arch/arm/configs/semaphore_vibrant_defconfig b/arch/arm/configs/semaphore_vibrant_defconfig
index 8c1a7b015d42..6b231b4afd80 100644
--- a/arch/arm/configs/semaphore_vibrant_defconfig
+++ b/arch/arm/configs/semaphore_vibrant_defconfig
@@ -15,7 +15,7 @@ CONFIG_RESOURCE_COUNTERS=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_RT_GROUP_SCHED=y
 CONFIG_BLK_DEV_INITRD=y
-CONFIG_INITRAMFS_SOURCE="../ics-ramdisk/jb_combo_v/"
+CONFIG_INITRAMFS_SOURCE="source/../ics-ramdisk/jb_combo_v/"
 CONFIG_INITRAMFS_ROOT_UID=500
 CONFIG_INITRAMFS_ROOT_GID=500
 # CONFIG_RD_GZIP is not set
@@ -397,3 +397,4 @@ CONFIG_CRYPTO_MD4=y
 CONFIG_CRYPTO_SHA256=y
 CONFIG_CRYPTO_TWOFISH=y
 CONFIG_CRC_CCITT=y
+CONFIG_S5P_HUGEMEM=y