private · d363b0f9eb2b9ff1b8e4da3781adea39e40ed718 · CodeLinaro / public-release-test / platform / system / sepolicy

enabled /sbin/modprobe for recovery mode

Jaesoo Lee authored 8 years ago

This change defines new policy for modprobe (/sbin/modprobe) that should
be used in both recovery and android mode.

Denials:
[   16.986440] c0    437 audit: type=1400 audit(6138546.943:5): avc:
denied  { read } for  pid=437 comm="modprobe" name="modules" dev="proc"
ino=4026532405 scontext=u:object_r:modprobe:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=1
[   16.986521] c0    437 audit: type=1400 audit(6138546.943:6): avc:
denied  { open } for  pid=437 comm="modprobe" path="/proc/modules"
dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=1
[   16.986544] c0    437 audit: type=1400 audit(6138546.943:7): avc:
denied  { getattr } for  pid=437 comm="modprobe" path="/proc/modules"
dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=1

Bug: 35633646
Test: Build and tested it works in sailfish recovery. The modprobe is
invoked in init.rc (at the end of 'on init') with following command line

    exec u:r:modprobe:s0 -- /sbin/modprobe -a nilfs2 ftl

Change-Id: Ie70be6f918bea6059f806e2eb38cd48229facafa

d363b0f9

History

d363b0f9 8 years ago

History

Name	Last commit	Last update
..
access_vectors
adbd.te
app.te
app_neverallows.te
atrace.te
audioserver.te
binderservicedomain.te
blkid.te
blkid_untrusted.te
bluetooth.te
bluetoothdomain.te
bootanim.te
bootstat.te
bufferhubd.te
cameraserver.te
cppreopts.te
dexoptanalyzer.te
dhcp.te
domain.te
drmserver.te
dumpstate.te
ephemeral_app.te
file.te
file_contexts
file_contexts_asan
fingerprintd.te
fs_use
fsck.te
gatekeeperd.te
genfs_contexts
hal_allocator.te
halclientdomain.te
halserverdomain.te
healthd.te
hostapd.te
hwservicemanager.te
incident.te
incidentd.te
init.te
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
logpersist.te
mac_permissions.xml
mdnsd.te
mediacodec.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaserver.te
mls
mls_decl
mls_macros
mtp.te
net.te
netd.te
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
performanced.te
perfprofd.te
platform_app.te
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
ppp.te
priv_app.te
property_contexts
racoon.te
radio.te
recovery_persist.te
recovery_refresh.te
roles_decl
runas.te
sdcardd.te
seapp_contexts
security_classes
sensord.te
service_contexts
servicemanager.te
shared_relro.te
shell.te
storaged.te
su.te
surfaceflinger.te
system_app.te
system_server.te
tee.te
tombstoned.te
toolbox.te
tzdatacheck.te