Fix coredomain violation for modprobe modprobe domain was allowed to launch vendor toolbox even if its a coredomain. That violates the treble separation. Fix that by creating a separate 'vendor_modprobe' domain that init is allowed to transition to through vendor_toolbox. Bug: 37008075 Test: Build and boot sailfish Change-Id: Ic3331797691bb5d1fdc05a674aa4aa313e1f86b2 Signed-off-by: Sandeep Patil <sspatil@google.com> (cherry picked from commit 9e366a0e4959682713037f24af708cf22b9b53c7)

commit: e41af2039792d3c9312b484eab307fa054ad2daa [log] [tgz]
author: Sandeep Patil <sspatil@google.com> Fri Jun 02 16:09:26 2017 -0700
committer: Sandeep Patil <sspatil@google.com> Mon Jun 05 08:09:18 2017 -0700
tree: 0dbfd62587a79964822f647e4e8bbdd67cbe1097
parent: bdfc0301a1a5b6c6060fca429521816ac9c86928 [diff]
diff --git a/private/init.te b/private/init.te
index b6c49b9..568e0d3 100644
--- a/private/init.te
+++ b/private/init.te

@@ -13,7 +13,7 @@
 domain_trans(init, shell_exec, shell)
 domain_trans(init, init_exec, ueventd)
 domain_trans(init, init_exec, watchdogd)
-domain_trans(init, { rootfs toolbox_exec vendor_toolbox_exec }, modprobe)
+domain_trans(init, { rootfs toolbox_exec }, modprobe)
 # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
 userdebug_or_eng(`
   domain_auto_trans(init, logcat_exec, logpersist)
commit	e41af2039792d3c9312b484eab307fa054ad2daa	[log] [tgz]
author	Sandeep Patil <sspatil@google.com>	Fri Jun 02 16:09:26 2017 -0700
committer	Sandeep Patil <sspatil@google.com>	Mon Jun 05 08:09:18 2017 -0700
tree	0dbfd62587a79964822f647e4e8bbdd67cbe1097
parent	bdfc0301a1a5b6c6060fca429521816ac9c86928 [diff]