minimal port of grsecurity's DENYUSB feature

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / kernel / sysctl.c

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 3718b15fd5f7088f8fc2812084a6771e2c080c96..856816349697c184adaaa1764162783778766913 100644 (file)
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -95,6 +95,9 @@
 #if defined(CONFIG_SYSCTL)
 
 /* External variables not in a header file. */
+#ifdef CONFIG_USB
+extern int deny_new_usb;
+#endif
 extern int sysctl_overcommit_memory;
 extern int sysctl_overcommit_ratio;
 extern int max_threads;
@@ -790,6 +793,17 @@ static struct ctl_table kern_table[] = {
                .extra1         = &zero,
                .extra2         = &two,
        },
+#endif
+#ifdef CONFIG_USB
+       {
+               .procname       = "deny_new_usb",
+               .data           = &deny_new_usb,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = proc_dointvec_minmax_sysadmin,
+               .extra1         = &zero,
+               .extra2         = &one,
+       },
 #endif
        {
                .procname       = "ngroups_max",