-
Jaesoo Lee authored
This change defines new policy for modprobe (/sbin/modprobe) that should be used in both recovery and android mode. Denials: [ 16.986440] c0 437 audit: type=1400 audit(6138546.943:5): avc: denied { read } for pid=437 comm="modprobe" name="modules" dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 [ 16.986521] c0 437 audit: type=1400 audit(6138546.943:6): avc: denied { open } for pid=437 comm="modprobe" path="/proc/modules" dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 [ 16.986544] c0 437 audit: type=1400 audit(6138546.943:7): avc: denied { getattr } for pid=437 comm="modprobe" path="/proc/modules" dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=1 Bug: 35633646 Test: Build and tested it works in sailfish recovery. The modprobe is invoked in init.rc (at the end of 'on init') with following command line exec u:r:modprobe:s0 -- /sbin/modprobe -a nilfs2 ftl Change-Id: Ie70be6f918bea6059f806e2eb38cd48229facafad363b0f9
