Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit e81ede85 authored by Mark Salyzyn's avatar Mark Salyzyn
Browse files

llkd: Skip apexd for process checks 

apexd is a sensitive daemon, and the ability to ptrace this domain is
restricted by SELinux policy.  apexd spawns a binder thread which
makes matching difficult, as we would instead need to use
/system/bin/apexd as the blacklist key.

Change llkd to also check for a match on the basename of the
executable path.  This will solve a gotcha expectation when creating
a blacklist key.

Without this change, llkd continues to generate SELinux denials of

type=1400 audit(0.0:1764): avc: denied { ptrace } for comm="llkd" scontext=u:r:llkd:s0 tcontext=u:r:apexd:s0 tclass=process permissive=0

Commit 5390b9ad was originally intended
to fix these denials, but it seems to have had no effect and the denials
are still being generated.  This change will fix it.

Test: none
Change-Id: I00aa10dfff30c65a120ad30582b820e2d4b1bb38
parent 190fd109
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment