public · d363b0f9eb2b9ff1b8e4da3781adea39e40ed718 · CodeLinaro / public-release-test / platform / system / sepolicy

enabled /sbin/modprobe for recovery mode

Jaesoo Lee authored 8 years ago

This change defines new policy for modprobe (/sbin/modprobe) that should
be used in both recovery and android mode.

Denials:
[   16.986440] c0    437 audit: type=1400 audit(6138546.943:5): avc:
denied  { read } for  pid=437 comm="modprobe" name="modules" dev="proc"
ino=4026532405 scontext=u:object_r:modprobe:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=1
[   16.986521] c0    437 audit: type=1400 audit(6138546.943:6): avc:
denied  { open } for  pid=437 comm="modprobe" path="/proc/modules"
dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=1
[   16.986544] c0    437 audit: type=1400 audit(6138546.943:7): avc:
denied  { getattr } for  pid=437 comm="modprobe" path="/proc/modules"
dev="proc" ino=4026532405 scontext=u:object_r:modprobe:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=1

Bug: 35633646
Test: Build and tested it works in sailfish recovery. The modprobe is
invoked in init.rc (at the end of 'on init') with following command line

    exec u:r:modprobe:s0 -- /sbin/modprobe -a nilfs2 ftl

Change-Id: Ie70be6f918bea6059f806e2eb38cd48229facafa

d363b0f9

History

d363b0f9 8 years ago

History

Name	Last commit	Last update
..
adbd.te
attributes
audioserver.te
blkid.te
blkid_untrusted.te
bluetooth.te
boot_control_hal.te
bootanim.te
bootstat.te
bufferhubd.te
cameraserver.te
charger.te
clatd.te
cppreopts.te
crash_dump.te
device.te
dex2oat.te
dhcp.te
dnsmasq.te
domain.te
domain_deprecated.te
drmserver.te
dumpstate.te
ephemeral_app.te
file.te
fingerprintd.te
fsck.te
fsck_untrusted.te
gatekeeperd.te
global_macros
hal_allocator.te
hal_audio.te
hal_bluetooth.te
hal_boot.te
hal_camera.te
hal_contexthub.te
hal_drm.te
hal_dumpstate.te
hal_fingerprint.te
hal_gatekeeper.te
hal_gnss.te
hal_graphics_allocator.te
hal_graphics_composer.te
hal_health.te
hal_ir.te
hal_keymaster.te
hal_light.te
hal_neverallows.te
hal_nfc.te
hal_sensors.te
hal_telephony.te
hal_thermal.te
hal_usb.te
hal_vibrator.te
hal_vr.te
hal_wifi.te
hal_wifi_supplicant.te
healthd.te
hostapd.te
hwservicemanager.te
idmap.te
incident.te
incidentd.te
init.te
inputflinger.te
install_recovery.te
installd.te
ioctl_defines
ioctl_macros
isolated_app.te
kernel.te
keystore.te
lmkd.te
logd.te
logpersist.te
mdnsd.te
mediacodec.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaserver.te
modprobe.te
mtp.te
net.te
netd.te
neverallow_macros
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
performanced.te
perfprofd.te
platform_app.te
postinstall.te
postinstall_dexopt.te
ppp.te
preopt2cachename.te
priv_app.te
profman.te
property.te
racoon.te