| commit | f938468e2ecdcd156687fa79e1f7785925a212e2 | [log] [tgz] |
|---|---|---|
| author | Robin Peng <robinpeng@google.com> | Wed Mar 15 09:52:49 2023 +0000 |
| committer | Robin Peng <robinpeng@google.com> | Thu Mar 16 00:25:07 2023 +0000 |
| tree | 5f4a2473fda3914a00b7a373cbea9d4e1f304715 | |
| parent | 690480a88029a3f92458a63044d9f3295e6c85eb [diff] |
Allow insmod-sh to install kernel modules from system_dlkm reference: https://source.android.com/docs/core/architecture/partitions/gki-partitions#selinux Bug: 267429528 Change-Id: I7a675c0f089452379d5675a353fbfd866cfd3edc Signed-off-by: Robin Peng <robinpeng@google.com>
diff --git a/insmod/sepolicy/insmod-sh.te b/insmod/sepolicy/insmod-sh.te index d7b4f72..ba82b0a 100644 --- a/insmod/sepolicy/insmod-sh.te +++ b/insmod/sepolicy/insmod-sh.te
@@ -3,6 +3,9 @@ init_daemon_domain(insmod-sh) allow insmod-sh self:capability sys_module; +allow insmod-sh system_dlkm_file:dir r_dir_perms; +allow insmod-sh system_dlkm_file:file r_file_perms; +allow insmod-sh system_dlkm_file:system module_load; allow insmod-sh vendor_kernel_modules:system module_load; allow insmod-sh vendor_toolbox_exec:file execute_no_trans;