53add31a25
Modprobe requires this permission or the following denial will
prevent loading of signed kernel modules:
audit: type=1400 audit(27331649.656:4): avc: denied { search } for
pid=448 comm="modprobe" scontext=u:r:modprobe:s0 tcontext=u:r:kernel:s0
tclass=key permissive=0
Bug: 62256697
Test: Verified signed module loading on sailfish.
Change-Id: Idde41d1ab58e760398190d6686665a252f1823bb
11 lines
367 B
Text
11 lines
367 B
Text
type modprobe, domain;
|
|
|
|
allow modprobe proc_modules:file r_file_perms;
|
|
allow modprobe self:capability sys_module;
|
|
allow modprobe kernel:key search;
|
|
recovery_only(`
|
|
allow modprobe rootfs:system module_load;
|
|
allow modprobe rootfs:file r_file_perms;
|
|
')
|
|
allow modprobe { system_file vendor_file }:system module_load;
|
|
r_dir_file(modprobe, { system_file vendor_file })
|