summaryrefslogtreecommitdiff
path: root/base/errors_unix.cpp
diff options
context:
space:
mode:
authorMark Salyzyn <salyzyn@google.com>2018-10-22 15:52:32 -0700
committerMark Salyzyn <salyzyn@google.com>2018-10-22 16:11:02 -0700
commite81ede85c7f8cb98653487cab5844ab6e9fce28c (patch)
treeabc6145808f6b1a5d3866c2ccd092780f0cf1cde /base/errors_unix.cpp
parent190fd10913c8073d7eea5117daaa77e6107bb612 (diff)
llkd: Skip apexd for process checks
apexd is a sensitive daemon, and the ability to ptrace this domain is restricted by SELinux policy. apexd spawns a binder thread which makes matching difficult, as we would instead need to use /system/bin/apexd as the blacklist key. Change llkd to also check for a match on the basename of the executable path. This will solve a gotcha expectation when creating a blacklist key. Without this change, llkd continues to generate SELinux denials of type=1400 audit(0.0:1764): avc: denied { ptrace } for comm="llkd" scontext=u:r:llkd:s0 tcontext=u:r:apexd:s0 tclass=process permissive=0 Commit 5390b9add4e567eeeeeabc3d39d588c21cb5d543 was originally intended to fix these denials, but it seems to have had no effect and the denials are still being generated. This change will fix it. Test: none Change-Id: I00aa10dfff30c65a120ad30582b820e2d4b1bb38
Diffstat (limited to 'base/errors_unix.cpp')
0 files changed, 0 insertions, 0 deletions