allow modprobe to load signed kernel modules Modprobe requires this permission or the following denial will prevent loading of signed kernel modules: audit: type=1400 audit(27331649.656:4): avc: denied { search } for pid=448 comm="modprobe" scontext=u:r:modprobe:s0 tcontext=u:r:kernel:s0 tclass=key permissive=0 Bug: 62256697 Test: Verified signed module loading on sailfish. Change-Id: Idde41d1ab58e760398190d6686665a252f1823bb

commit: 53add31a257b9cba3b664f16814f1f2d1e1df46c [log] [tgz]
author: Steve Muckle <smuckle@google.com> Thu Jun 01 10:06:21 2017 -0700
committer: Steve Muckle <smuckle@google.com> Thu Jun 01 10:06:21 2017 -0700
tree: d319119030ae98b33cf26c79c5f4a0dc654a8985
parent: d2b3a4543ae55052afeb133c84c148e1dd184978 [diff]
diff --git a/public/modprobe.te b/public/modprobe.te
index 24a6b3b..a286c17 100644
--- a/public/modprobe.te
+++ b/public/modprobe.te

@@ -2,6 +2,7 @@
 
 allow modprobe proc_modules:file r_file_perms;
 allow modprobe self:capability sys_module;
+allow modprobe kernel:key search;
 recovery_only(`
   allow modprobe rootfs:system module_load;
   allow modprobe rootfs:file r_file_perms;
commit	53add31a257b9cba3b664f16814f1f2d1e1df46c	[log] [tgz]
author	Steve Muckle <smuckle@google.com>	Thu Jun 01 10:06:21 2017 -0700
committer	Steve Muckle <smuckle@google.com>	Thu Jun 01 10:06:21 2017 -0700
tree	d319119030ae98b33cf26c79c5f4a0dc654a8985
parent	d2b3a4543ae55052afeb133c84c148e1dd184978 [diff]