Merge changes from topic 'modprobe_fix' into oc-dev
* changes: allow to load kernel modules from vendor partition SELinux changes for Treble Loadable Kernel Module
This commit is contained in:
commit
8b87947e24
@ -14,6 +14,7 @@ domain_trans(init, shell_exec, shell)
|
||||
domain_trans(init, init_exec, ueventd)
|
||||
domain_trans(init, init_exec, watchdogd)
|
||||
domain_trans(init, rootfs, modprobe)
|
||||
domain_trans(init, toolbox_exec, modprobe)
|
||||
# case where logpersistd is actually logcat -f in logd context (nee: logcatd)
|
||||
userdebug_or_eng(`
|
||||
domain_auto_trans(init, logcat_exec, logpersist)
|
||||
|
@ -998,7 +998,7 @@ neverallow {
|
||||
# Enforce restrictions on kernel module origin.
|
||||
# Do not allow kernel module loading except from system,
|
||||
# vendor, and boot partitions.
|
||||
neverallow * ~{ system_file vendor_file_type rootfs }:system module_load;
|
||||
neverallow * ~{ system_file vendor_file rootfs }:system module_load;
|
||||
|
||||
# Only allow filesystem caps to be set at build time or
|
||||
# during upgrade by recovery.
|
||||
|
@ -6,3 +6,5 @@ recovery_only(`
|
||||
allow modprobe rootfs:system module_load;
|
||||
allow modprobe rootfs:file r_file_perms;
|
||||
')
|
||||
allow modprobe { system_file vendor_file }:system module_load;
|
||||
r_dir_file(modprobe, { system_file vendor_file })
|
||||
|
Loading…
Reference in New Issue
Block a user