Skip to content
Snippets Groups Projects
Commit a6ac1147 authored by Jaesoo Lee's avatar Jaesoo Lee
Browse files

allow to load kernel modules from vendor partition 

The kernel  modules under /vendor partition has been relabeled to vendor_file.
This CL allows for the modprobe to load modules labeled vendor_file.

Kernel modules are loaded in init.rc with following commands:
    exec u:r:modprobe:s0 -- /system/bin/modprobe -d /vendor/lib/modules MODULE

Bug: 35653245
Test: tested on sailfish
Change-Id: I2132ca4de01c5c60476dad8496e98266de5a1bb7
parent f6931130
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
public/domain.te
+ 1
1
View file @ a6ac1147
...@@ -994,7 +994,7 @@ neverallow { ...@@ -994,7 +994,7 @@ neverallow {
# Enforce restrictions on kernel module origin. # Enforce restrictions on kernel module origin.
# Do not allow kernel module loading except from system, # Do not allow kernel module loading except from system,
# vendor, and boot partitions. # vendor, and boot partitions.
neverallow * ~{ system_file vendor_file_type rootfs }:system module_load; neverallow * ~{ system_file vendor_file rootfs }:system module_load;
# Only allow filesystem caps to be set at build time or # Only allow filesystem caps to be set at build time or
# during upgrade by recovery. # during upgrade by recovery.
......
public/modprobe.te
+ 2
1
View file @ a6ac1147
...@@ -6,4 +6,5 @@ recovery_only(` ...@@ -6,4 +6,5 @@ recovery_only(`
allow modprobe rootfs:system module_load; allow modprobe rootfs:system module_load;
allow modprobe rootfs:file r_file_perms; allow modprobe rootfs:file r_file_perms;
') ')
allow modprobe system_file:system module_load; allow modprobe { system_file vendor_file }:system module_load;
r_dir_file(modprobe, { system_file vendor_file })
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment