Commit 5390b9ad authored Oct 15, 2018 by Nick Kralevich

llkd: Do not check apexd by default for stack

apexd is now blocked by sepolicy, so skip checking it to
prevent an avc warning.

See system/sepolicy commit ac097ac4c7718f8593f2b6b96a93a776984ec7c4

Addresses the following SELinux denial:

type=1400 audit(0.0:386): avc: denied { ptrace } for comm="llkd" scontext=u:r:llkd:s0 tcontext=u:r:apexd:s0 tclass=process permissive=0

Test: manual
Change-Id: Iad24447c8200e915ac8397a8f84923feebc20613

parent 6853a187

llkd/include/llkd.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -57,7 +57,7 @@ unsigned llkCheckMilliseconds(void);
		#define LLK_BLACKLIST_UID_PROPERTY "ro.llk.blacklist.uid"
		#define LLK_BLACKLIST_UID_DEFAULT ""
		#define LLK_BLACKLIST_STACK_PROPERTY "ro.llk.blacklist.process.stack"
		#define LLK_BLACKLIST_STACK_DEFAULT "init,lmkd.llkd,llkd,keystore,/system/bin/keystore,ueventd"
		#define LLK_BLACKLIST_STACK_DEFAULT "init,lmkd.llkd,llkd,keystore,/system/bin/keystore,ueventd,apexd"
		/* clang-format on */

		__END_DECLS