Allow ueventd to insert modules

avc: denied { sys_module } for comm="ueventd" capability=16 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability avc: denied { module_load } for pid=581 comm="ueventd" path="/vendor/lib/modules/module.ko" dev="dm-2" ino=1381 scontext=u:r:ueventd:s0 tcontext=u:object_r:vendor_file:s0 tclass=system avc: denied { search } for pid=556 comm="ueventd" scontext=u:r:ueventd:s0 tcontext=u:r:kernel:s0 tclass=key Bug: 111916071 Test: ueventd can insert modules Change-Id: I2906495796c3655b5add19af8cf64458f753b891

Allow ueventd to insert modules
avc: denied { sys_module } for comm="ueventd" capability=16 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability avc: denied { module_load } for pid=581 comm="ueventd" path="/vendor/lib/modules/module.ko" dev="dm-2" ino=1381 scontext=u:r:ueventd:s0 tcontext=u:object_r:vendor_file:s0 tclass=system avc: denied { search } for pid=556 comm="ueventd" scontext=u:r:ueventd:s0 tcontext=u:r:kernel:s0 tclass=key Bug: 111916071 Test: ueventd can insert modules Change-Id: I2906495796c3655b5add19af8cf64458f753b891
52a80ac1 · Tom Cherry · 209c9066 · 52a80ac1
Commit 52a80ac1 authored 6 years ago by Tom Cherry
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -49,6 +49,11 @@ recovery_only(`
 # linker tries to resolve paths in ld.config.txt.
 dontaudit ueventd postinstall_mnt_dir:dir getattr;
+# ueventd loads modules in response to modalias events.
+allow ueventd self:global_capability_class_set sys_module;
+allow ueventd vendor_file:system module_load;
+allow ueventd kernel:key search;
 #####
 ##### neverallow rules
 #####