From 8dbbbc601441620196d632cf117e5bbf80dd076f Mon Sep 17 00:00:00 2001
From: Channagoud Kadabi <ckadabi@codeaurora.org>
Date: Mon, 13 Mar 2017 11:42:49 -0700
Subject: [PATCH] FROMGIT: audit: Add option to enable/disable syscall audit

Enable syscall audit has performance impact on Android, add option to
enable/disable the syscall audits.

Change-Id: I654e553daca388c03774886bf13410e2fdec0b02
Signed-off-by: Channagoud Kadabi <ckadabi@codeaurora.org>
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
(cherry picked from https://android.googlesource.com/kernel/msm
 commit 338bc8bf0733fd4a75935f5685be9aa8e489571f)
---
 init/Kconfig | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/init/Kconfig b/init/Kconfig
index 14953ef820eb..4ac41d0c654c 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -335,15 +335,20 @@ config AUDIT
 	help
 	  Enable auditing infrastructure that can be used with another
 	  kernel subsystem, such as SELinux (which requires this for
-	  logging of avc messages output).  System call auditing is included
-	  on architectures which support it.
+	  logging of avc messages output). Does not do system-call
+	  auditing without CONFIG_AUDITSYSCALL.
 
 config HAVE_ARCH_AUDITSYSCALL
 	bool
 
 config AUDITSYSCALL
-	def_bool y
+	bool "Enable system-call auditing support"
 	depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
+	default y if SECURITY_SELINUX
+	help
+	  Enable low-overhead system-call auditing infrastructure that
+	  can be used independently or with another kernel subsystem,
+	  such as SELinux.
 
 config AUDIT_WATCH
 	def_bool y