Disable module autoloading We don't need it, and it tends to cause spurious SELinux denials, e.g. when setting up encrypted storage. Bug: 297019386 Test: Run VM with encrypted storage, no denials Change-Id: I2732a2e829208168eb110fbe1e9236c7baf82c6d

commit: cfe87cd6b0aaf0936e83ca8d5dba6348f5c780ac [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Wed Aug 23 16:28:10 2023 +0100
committer: Alan Stokes <alanstokes@google.com> Wed Aug 23 16:28:10 2023 +0100
tree: 6acec1b230a0c2dff9a067a620b727f8e7fa5d29
parent: a0d553b55a3cf222d76eb6d4991274c9e1eea3fa [diff]
diff --git a/microdroid/init.rc b/microdroid/init.rc
index 42033d6..0af48a6 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc

@@ -12,6 +12,11 @@
 
 # Cgroups are mounted right before early-init using list from /etc/cgroups.json
 on early-init
+    # Android doesn't need kernel module autoloading, and it causes SELinux
+    # denials.  So disable it by setting modprobe to the empty string.  Note: to
+    # explicitly set a sysctl to an empty string, a trailing newline is needed.
+    write /proc/sys/kernel/modprobe \n
+
     # set RLIMIT_NICE to allow priorities from 19 to -20
     setrlimit nice 40 40
commit	cfe87cd6b0aaf0936e83ca8d5dba6348f5c780ac	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Wed Aug 23 16:28:10 2023 +0100
committer	Alan Stokes <alanstokes@google.com>	Wed Aug 23 16:28:10 2023 +0100
tree	6acec1b230a0c2dff9a067a620b727f8e7fa5d29
parent	a0d553b55a3cf222d76eb6d4991274c9e1eea3fa [diff]