type insmod-sh, domain;
type insmod-sh_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(insmod-sh)

allow insmod-sh self:capability sys_module;
allow insmod-sh vendor_kernel_modules:system module_load;
allow insmod-sh vendor_toolbox_exec:file execute_no_trans;

set_prop(insmod-sh, vendor_device_prop)

dontaudit insmod-sh proc_cmdline:file r_file_perms;