SELinux changes for Treble Loadable Kernel Module

This change extends the recovery mode modprobe sepolicy to support loadable kernel module in normal mode by using statement below in init.rc: exec u:r:modprobe:s0 -- /system/bin/modprobe \ -d /vendor/lib/modules mod Bug: b/35653245 Test: sailfish with local built kernel and LKM enabled Change-Id: I827e2ce387c899db3e0e179da92e79c75d61f5ae

SELinux changes for Treble Loadable Kernel Module
b638d949 · Howard Chen · bb0d3c50 · b638d949 · b638d949
Commit b638d949 authored 7 years ago by Howard Chen
--- a/private/init.te
+++ b/private/init.te
@@ -14,6 +14,7 @@ domain_trans(init, shell_exec, shell)
 domain_trans(init, init_exec, ueventd)
 domain_trans(init, init_exec, watchdogd)
 domain_trans(init, rootfs, modprobe)
+domain_trans(init, toolbox_exec, modprobe)
 # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
 userdebug_or_eng(`
  domain_auto_trans(init, logcat_exec, logpersist)

--- a/public/modprobe.te
+++ b/public/modprobe.te
@@ -6,3 +6,4 @@ recovery_only(`
  allow modprobe rootfs:system module_load;
  allow modprobe rootfs:file r_file_perms;
 ')
+allow modprobe system_file:system module_load;