Allow init to run vendor toybox for modprobe vendor implementations need to be able to run modprobe as part of init.rc scripts. They cannot do so because of the strict neverallow currently in place that disallows all coredomains (including init) to execute vendor toybox. Fix this by adding init to the exception list for the neverallow so vendors can then run modprobe from .rc scripts and also add the rule to allow init to transition to modprobe domain using vendor_toolbox. Bug: b/38212864 Test: Boot sailfish Change-Id: Ib839246954e9002859f3ba986094f206bfead137 Signed-off-by: Sandeep Patil <sspatil@google.com>

commit: d46b5d3519fcea3c61266bb44371c495a9aaefa8 [log] [tgz]
author: Sandeep Patil <sspatil@google.com> Mon May 22 12:09:14 2017 -0700
committer: Sandeep Patil <sspatil@google.com> Wed May 24 15:01:20 2017 -0700
tree: 13fdcdaa4fe664a731686e6d816311d8a692e335
parent: 9c87eb452bf224de43f089cccd6ad59cf85eb759 [diff] [blame]
diff --git a/private/init.te b/private/init.te
index f84d87e..b6c49b9 100644
--- a/private/init.te
+++ b/private/init.te

@@ -13,8 +13,7 @@
 domain_trans(init, shell_exec, shell)
 domain_trans(init, init_exec, ueventd)
 domain_trans(init, init_exec, watchdogd)
-domain_trans(init, rootfs, modprobe)
-domain_trans(init, toolbox_exec, modprobe)
+domain_trans(init, { rootfs toolbox_exec vendor_toolbox_exec }, modprobe)
 # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
 userdebug_or_eng(`
   domain_auto_trans(init, logcat_exec, logpersist)
commit	d46b5d3519fcea3c61266bb44371c495a9aaefa8	[log] [tgz]
author	Sandeep Patil <sspatil@google.com>	Mon May 22 12:09:14 2017 -0700
committer	Sandeep Patil <sspatil@google.com>	Wed May 24 15:01:20 2017 -0700
tree	13fdcdaa4fe664a731686e6d816311d8a692e335
parent	9c87eb452bf224de43f089cccd6ad59cf85eb759 [diff] [blame]