Allow insmod-sh to install kernel modules from system_dlkm

reference: https://source.android.com/docs/core/architecture/partitions/gki-partitions#selinux Bug: 267429528 Change-Id: I7a675c0f089452379d5675a353fbfd866cfd3edc Signed-off-by: Robin Peng <robinpeng@google.com>
2023-03-15 09:52:49 +00:00 · 2023-03-15 09:52:49 +00:00 · f938468e2e
commit f938468e2e
parent 690480a880
1 changed files with 3 additions and 0 deletions
--- a/insmod/sepolicy/insmod-sh.te
+++ b/insmod/sepolicy/insmod-sh.te
@ -3,6 +3,9 @@ type insmod-sh_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(insmod-sh)

 allow insmod-sh self:capability sys_module;
+allow insmod-sh system_dlkm_file:dir r_dir_perms;
+allow insmod-sh system_dlkm_file:file r_file_perms;
+allow insmod-sh system_dlkm_file:system module_load;
 allow insmod-sh vendor_kernel_modules:system module_load;
 allow insmod-sh vendor_toolbox_exec:file execute_no_trans;