From 5390b9add4e567eeeeeabc3d39d588c21cb5d543 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 15 Oct 2018 09:17:40 -0700
Subject: [PATCH] llkd: Do not check apexd by default for stack

apexd is now blocked by sepolicy, so skip checking it to
prevent an avc warning.

See system/sepolicy commit ac097ac4c7718f8593f2b6b96a93a776984ec7c4

Addresses the following SELinux denial:

type=1400 audit(0.0:386): avc: denied { ptrace } for comm="llkd" scontext=u:r:llkd:s0 tcontext=u:r:apexd:s0 tclass=process permissive=0

Test: manual
Change-Id: Iad24447c8200e915ac8397a8f84923feebc20613
---
 llkd/include/llkd.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/llkd/include/llkd.h b/llkd/include/llkd.h
index 1e2df2f2b..4d39dd917 100644
--- a/llkd/include/llkd.h
+++ b/llkd/include/llkd.h
@@ -57,7 +57,7 @@ unsigned llkCheckMilliseconds(void);
 #define LLK_BLACKLIST_UID_PROPERTY     "ro.llk.blacklist.uid"
 #define LLK_BLACKLIST_UID_DEFAULT      ""
 #define LLK_BLACKLIST_STACK_PROPERTY   "ro.llk.blacklist.process.stack"
-#define LLK_BLACKLIST_STACK_DEFAULT    "init,lmkd.llkd,llkd,keystore,/system/bin/keystore,ueventd"
+#define LLK_BLACKLIST_STACK_DEFAULT    "init,lmkd.llkd,llkd,keystore,/system/bin/keystore,ueventd,apexd"
 /* clang-format on */
 
 __END_DECLS