Allow microdroid's init to load vendor modules

Test: boot microdroid with customized rc script Change-Id: Ic00a18f409d97f5c21912e3cf5dbb9110adc2269
2024-01-03 09:33:37 +09:00 · 2024-01-03 09:33:37 +09:00 · 7bb2d4aa8b
commit 7bb2d4aa8b
parent fb0ed7fcc4
2 changed files with 6 additions and 0 deletions
--- a/microdroid/system/private/init.te
+++ b/microdroid/system/private/init.te
@ -435,3 +435,8 @@ allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay

 # PRNG seeder daemon socket is created and listened on by init before forking.
 allow init prng_seeder:unix_stream_socket { create bind listen };
+
+# Allow init to load vendor modules
+r_dir_file(init, vendor_kernel_modules)
+allow init self:capability sys_module;
+allow init vendor_kernel_modules:system module_load;
--- a/microdroid/system/public/file.te
+++ b/microdroid/system/public/file.te
@ -37,6 +37,7 @@ type unlabeled, file_type;
 type vendor_configs_file, file_type, vendor_file_type;
 type vendor_data_file, file_type, data_file_type;
 type vendor_file, file_type, vendor_file_type;
+type vendor_kernel_modules, vendor_file_type, file_type;
 type vendor_service_contexts_file, vendor_file_type, file_type;
 type vm_payload_service_socket, file_type, coredomain_socket;
 type traced_consumer_socket, file_type, coredomain_socket;