move insert module script sepolicy to gs-common
Bug: 243763292 Test: boot to home with no relevant SELinux error Change-Id: I6646fa4433fc1ccb94ac05f9cc8d7076a6a2d8cf
This commit is contained in:
Adam Shih
parent
f15086f3d9
commit
8e524374dd
@ -1,3 +1,4 @@
|
||||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/insmod/sepolicy
|
||||
PRODUCT_PACKAGES += \
|
||||
insmod.sh \
|
||||
init.common.cfg
|
||||
|
||||
5
insmod/sepolicy/file_contexts
Normal file
5
insmod/sepolicy/file_contexts
Normal file
@ -0,0 +1,5 @@
|
||||
# Vendor_kernel_modules
|
||||
/vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0
|
||||
|
||||
/vendor/bin/insmod\.sh u:object_r:insmod-sh_exec:s0
|
||||
|
||||
11
insmod/sepolicy/insmod-sh.te
Normal file
11
insmod/sepolicy/insmod-sh.te
Normal file
@ -0,0 +1,11 @@
|
||||
type insmod-sh, domain;
|
||||
type insmod-sh_exec, vendor_file_type, exec_type, file_type;
|
||||
init_daemon_domain(insmod-sh)
|
||||
|
||||
allow insmod-sh self:capability sys_module;
|
||||
allow insmod-sh vendor_kernel_modules:system module_load;
|
||||
allow insmod-sh vendor_toolbox_exec:file execute_no_trans;
|
||||
|
||||
set_prop(insmod-sh, vendor_device_prop)
|
||||
|
||||
dontaudit insmod-sh proc_cmdline:file r_file_perms;
|
||||
1
insmod/sepolicy/property.te
Normal file
1
insmod/sepolicy/property.te
Normal file
@ -0,0 +1 @@
|
||||
vendor_internal_prop(vendor_device_prop)
|
||||
5
insmod/sepolicy/property_contexts
Normal file
5
insmod/sepolicy/property_contexts
Normal file
@ -0,0 +1,5 @@
|
||||
# Kernel modules related
|
||||
vendor.common.modules.ready u:object_r:vendor_device_prop:s0
|
||||
vendor.device.modules.ready u:object_r:vendor_device_prop:s0
|
||||
vendor.all.modules.ready u:object_r:vendor_device_prop:s0
|
||||
vendor.all.devices.ready u:object_r:vendor_device_prop:s0
|
||||
Loading…
x
Reference in New Issue
Block a user