From f938468e2ecdcd156687fa79e1f7785925a212e2 Mon Sep 17 00:00:00 2001
From: Robin Peng <robinpeng@google.com>
Date: Wed, 15 Mar 2023 09:52:49 +0000
Subject: [PATCH] Allow insmod-sh to install kernel modules from system_dlkm

reference:
https://source.android.com/docs/core/architecture/partitions/gki-partitions#selinux

Bug: 267429528
Change-Id: I7a675c0f089452379d5675a353fbfd866cfd3edc
Signed-off-by: Robin Peng <robinpeng@google.com>
---
 insmod/sepolicy/insmod-sh.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/insmod/sepolicy/insmod-sh.te b/insmod/sepolicy/insmod-sh.te
index d7b4f72..ba82b0a 100644
--- a/insmod/sepolicy/insmod-sh.te
+++ b/insmod/sepolicy/insmod-sh.te
@@ -3,6 +3,9 @@ type insmod-sh_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(insmod-sh)
 
 allow insmod-sh self:capability sys_module;
+allow insmod-sh system_dlkm_file:dir r_dir_perms;
+allow insmod-sh system_dlkm_file:file r_file_perms;
+allow insmod-sh system_dlkm_file:system module_load;
 allow insmod-sh vendor_kernel_modules:system module_load;
 allow insmod-sh vendor_toolbox_exec:file execute_no_trans;