Merge "Add missing sepolicies for the Weaver HAL." into oc-dev

commit: cd267450988b50c5c5d2befb643d435b027b6c15 [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Thu Jun 01 22:05:14 2017 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Thu Jun 01 22:05:15 2017 +0000
tree: 5ad3c14bb656399ed6dc050c532baf6512d8927c
parent: fc1d8d991e1874442a75252e725533a1c75a3067 [diff]
parent: a939c4324cbe408d99eee61ecd375c3dc599f177 [diff]
diff --git a/public/domain.te b/public/domain.te
index 8f63624..34cbadc 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -489,6 +489,7 @@
 neverallow {
   domain
   userdebug_or_eng(`-domain') # exclude debuggable builds
+  -hal_bootctl
   -init
   -uncrypt
   -update_engine

diff --git a/public/modprobe.te b/public/modprobe.te
index 24a6b3b..a286c17 100644
--- a/public/modprobe.te
+++ b/public/modprobe.te

@@ -2,6 +2,7 @@
 
 allow modprobe proc_modules:file r_file_perms;
 allow modprobe self:capability sys_module;
+allow modprobe kernel:key search;
 recovery_only(`
   allow modprobe rootfs:system module_load;
   allow modprobe rootfs:file r_file_perms;
commit	cd267450988b50c5c5d2befb643d435b027b6c15	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Thu Jun 01 22:05:14 2017 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Thu Jun 01 22:05:15 2017 +0000
tree	5ad3c14bb656399ed6dc050c532baf6512d8927c
parent	fc1d8d991e1874442a75252e725533a1c75a3067 [diff]
parent	a939c4324cbe408d99eee61ecd375c3dc599f177 [diff]