Merge changes from topic 'modprobe_fix' into oc-dev

* changes:
  allow to load kernel modules from vendor partition
  SELinux changes for Treble Loadable Kernel Module

private/init.te

@@ -14,6 +14,7 @@ domain_trans(init, shell_exec, shell)
 domain_trans(init, init_exec, ueventd)
 domain_trans(init, init_exec, watchdogd)
 domain_trans(init, rootfs, modprobe)
+domain_trans(init, toolbox_exec, modprobe)
 # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
 userdebug_or_eng(`
   domain_auto_trans(init, logcat_exec, logpersist)

public/domain.te

@@ -998,7 +998,7 @@ neverallow {
 # Enforce restrictions on kernel module origin.
 # Do not allow kernel module loading except from system,
 # vendor, and boot partitions.
-neverallow * ~{ system_file vendor_file_type rootfs }:system module_load;
+neverallow * ~{ system_file vendor_file rootfs }:system module_load;
 
 # Only allow filesystem caps to be set at build time or
 # during upgrade by recovery.

public/modprobe.te

@@ -6,3 +6,5 @@ recovery_only(`
   allow modprobe rootfs:system module_load;
   allow modprobe rootfs:file r_file_perms;
 ')
+allow modprobe { system_file vendor_file }:system module_load;
+r_dir_file(modprobe, { system_file vendor_file })