PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59da5e821f
android_system_sepolicy/public/modprobe.te
Tri Vo 6ef9f5232e modprobe: shouldn't load kernel modules from /system 
Kernel modules are not permitted to be on /system partition.
That was one of Treble requirements in O:
https://source.android.com/devices/architecture/kernel/modular-kernels#file-locations

Bug: 74069409
Test: pixel/nexus devices don't have LKMs in /system, so this change
shoudl be harmless.
Test: walleye boots without issues from modprobe.
Change-Id: I8b3aeb55aacb3c99e0486224161d09a64bb52cd1
2018-03-20 14:17:28 -07:00

10 lines
271 B
Plaintext
Raw Blame History

type modprobe, domain;
allow modprobe proc_modules:file r_file_perms;
allow modprobe self:global_capability_class_set sys_module;
allow modprobe kernel:key search;
recovery_only(`
allow modprobe rootfs:system module_load;
allow modprobe rootfs:file r_file_perms;
')
Reference in New Issue View Git Blame Copy Permalink