Allow to drop existing fd cache of cgroup path
A process can give up the permission to set cgroup. If we still keep the fd that was cached before losing the permission, when the process sets scheduling group, it will write to the cached fd without checking if is accessible and lead to sepolicy denied. Bug: 123043091 Test: Build and boot. Test: A new process from zygote set cgroup and drop fd cache, and then specializes to app domain. There is no sepolicy denied when the process creates new thread. (android::thread_data_t::trampoline) Change-Id: I285ee91424ea965ea9c670fc0f6662948e3e2ce5
Loading
Please register or sign in to comment