Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 2a0d0369 authored by Riddle Hsu's avatar Riddle Hsu Committed by Luca Stefani
Browse files

Allow to drop existing fd cache of cgroup path 

A process can give up the permission to set cgroup. If we still
keep the fd that was cached before losing the permission, when
the process sets scheduling group, it will write to the cached
fd without checking if is accessible and lead to sepolicy denied.

Bug: 123043091
Test: Build and boot.
Test: A new process from zygote set cgroup and drop fd cache, and
      then specializes to app domain. There is no sepolicy denied
      when the process creates new thread.
      (android::thread_data_t::trampoline)

Change-Id: I285ee91424ea965ea9c670fc0f6662948e3e2ce5
parent 084bb1b1
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment