From 52a80ac1f1ec011654f03a208d283fb5326b39ec Mon Sep 17 00:00:00 2001 From: Tom Cherry Date: Tue, 31 Jul 2018 15:00:20 -0700 Subject: [PATCH] Allow ueventd to insert modules avc: denied { sys_module } for comm="ueventd" capability=16 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability avc: denied { module_load } for pid=581 comm="ueventd" path="/vendor/lib/modules/module.ko" dev="dm-2" ino=1381 scontext=u:r:ueventd:s0 tcontext=u:object_r:vendor_file:s0 tclass=system avc: denied { search } for pid=556 comm="ueventd" scontext=u:r:ueventd:s0 tcontext=u:r:kernel:s0 tclass=key Bug: 111916071 Test: ueventd can insert modules Change-Id: I2906495796c3655b5add19af8cf64458f753b891 --- public/ueventd.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/public/ueventd.te b/public/ueventd.te index ea7316659..4f68318fb 100644 --- a/public/ueventd.te +++ b/public/ueventd.te @@ -49,6 +49,11 @@ recovery_only(` # linker tries to resolve paths in ld.config.txt. dontaudit ueventd postinstall_mnt_dir:dir getattr; +# ueventd loads modules in response to modalias events. +allow ueventd self:global_capability_class_set sys_module; +allow ueventd vendor_file:system module_load; +allow ueventd kernel:key search; + ##### ##### neverallow rules #####