From 52a80ac1f1ec011654f03a208d283fb5326b39ec Mon Sep 17 00:00:00 2001
From: Tom Cherry <tomcherry@google.com>
Date: Tue, 31 Jul 2018 15:00:20 -0700
Subject: [PATCH] Allow ueventd to insert modules

avc:  denied  { sys_module } for comm="ueventd" capability=16 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability
avc:  denied  { module_load } for  pid=581 comm="ueventd" path="/vendor/lib/modules/module.ko" dev="dm-2" ino=1381 scontext=u:r:ueventd:s0 tcontext=u:object_r:vendor_file:s0 tclass=system
avc:  denied  { search } for  pid=556 comm="ueventd" scontext=u:r:ueventd:s0 tcontext=u:r:kernel:s0 tclass=key

Bug: 111916071
Test: ueventd can insert modules
Change-Id: I2906495796c3655b5add19af8cf64458f753b891
---
 public/ueventd.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/public/ueventd.te b/public/ueventd.te
index ea7316659..4f68318fb 100644
--- a/public/ueventd.te
+++ b/public/ueventd.te
@@ -49,6 +49,11 @@ recovery_only(`
 # linker tries to resolve paths in ld.config.txt.
 dontaudit ueventd postinstall_mnt_dir:dir getattr;
 
+# ueventd loads modules in response to modalias events.
+allow ueventd self:global_capability_class_set sys_module;
+allow ueventd vendor_file:system module_load;
+allow ueventd kernel:key search;
+
 #####
 ##### neverallow rules
 #####
-- 
GitLab