Allow microdroid's init to load vendor modules
Test: boot microdroid with customized rc script
Change-Id: Ic00a18f409d97f5c21912e3cf5dbb9110adc2269
diff --git a/microdroid/system/private/init.te b/microdroid/system/private/init.te
index 896590d..c83bcdb 100644
--- a/microdroid/system/private/init.te
+++ b/microdroid/system/private/init.te
@@ -435,3 +435,8 @@
# PRNG seeder daemon socket is created and listened on by init before forking.
allow init prng_seeder:unix_stream_socket { create bind listen };
+
+# Allow init to load vendor modules
+r_dir_file(init, vendor_kernel_modules)
+allow init self:capability sys_module;
+allow init vendor_kernel_modules:system module_load;
diff --git a/microdroid/system/public/file.te b/microdroid/system/public/file.te
index d53de79..57852c2 100644
--- a/microdroid/system/public/file.te
+++ b/microdroid/system/public/file.te
@@ -37,6 +37,7 @@
type vendor_configs_file, file_type, vendor_file_type;
type vendor_data_file, file_type, data_file_type;
type vendor_file, file_type, vendor_file_type;
+type vendor_kernel_modules, vendor_file_type, file_type;
type vendor_service_contexts_file, vendor_file_type, file_type;
type vm_payload_service_socket, file_type, coredomain_socket;
type traced_consumer_socket, file_type, coredomain_socket;