- Apr 11, 2017
-
-
Jaesoo Lee authoredThe kernel modules under /vendor partition has been relabeled to vendor_file. This CL allows for the modprobe to load modules labeled vendor_file. Kernel modules are loaded in init.rc with following commands: exec u:r:modprobe:s0 -- /system/bin/modprobe -d /vendor/lib/modules MODULE Bug: 35653245 Test: tested on sailfish Change-Id: I2132ca4de01c5c60476dad8496e98266de5a1bb7
-
- Apr 10, 2017
-
-
Howard Chen authored
This change extends the recovery mode modprobe sepolicy to support loadable kernel module in normal mode by using statement below in init.rc: exec u:r:modprobe:s0 -- /system/bin/modprobe \ -d /vendor/lib/modules mod Bug: b/35653245 Test: sailfish with local built kernel and LKM enabled Change-Id: I827e2ce387c899db3e0e179da92e79c75d61f5ae (cherry picked from commit b638d949)
-
- Mar 16, 2017
-
-
Jaesoo Lee authored
This change defines new policy for modprobe (/sbin/modprobe) that should be used in both recovery and android mode. Denials: [ 16.986440] c0 437 audit: type=1400 audit(6138546.943:5): avc: denied { read } for pid=437 comm="modprobe" name="modules" dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 [ 16.986521] c0 437 audit: type=1400 audit(6138546.943:6): avc: denied { open } for pid=437 comm="modprobe" path="/proc/modules" dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 [ 16.986544] c0 437 audit: type=1400 audit(6138546.943:7): avc: denied { getattr } for pid=437 comm="modprobe" path="/proc/modules" dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 Bug: 35633646 Test: Build and tested it works in sailfish recovery. The modprobe is invoked in init.rc (at the end of 'on init') with following command line exec u:r:modprobe:s0 -- /sbin/modprobe -a nilfs2 ftl Change-Id: Ie70be6f918bea6059f806e2eb38cd48229facafa
-