Merge "allow vendor to minimize area of module_load"

am: 9911bd8929 Change-Id: Id66e9910fd60887b414eed88382bc8f6a966b85a
2019-10-28 18:41:38 -07:00 · 2019-10-28 18:41:38 -07:00 · 64085f6f5c
commit 64085f6f5c
parent c84aeab5ba 9911bd8929
1 changed files with 1 additions and 1 deletions
--- a/public/domain.te
+++ b/public/domain.te
@ -1271,7 +1271,7 @@ neverallow {
 # Enforce restrictions on kernel module origin.
 # Do not allow kernel module loading except from system,
 # vendor, and boot partitions.
-neverallow * ~{ system_file vendor_file rootfs }:system module_load;
+neverallow * ~{ system_file_type vendor_file_type rootfs }:system module_load;

 # Only allow filesystem caps to be set at build time. Runtime changes
 # to filesystem capabilities are not permitted.