db845c: sepolicy: Add some kernel sepolicy rules to allow firmware loading

Previously we were seeing issues w/ firmware loading due to sepolicy blocking the in-kernel loader from accessing /vendor/firmware files This patch adds some sepolicy additions suggested by audit2allow that let it work. Change-Id: Ie7238a2ae30d1377dcd73a6c194f0017989006bf Signed-off-by: John Stultz <john.stultz@linaro.org>
author: John Stultz <john.stultz@linaro.org> 2019-10-25 04:40:29 +0000
committer: John Stultz <john.stultz@linaro.org> 2019-10-25 04:40:29 +0000
commit: c23e5e62a47a3509df191ae42a2d3547a02927b9 (patch)
tree: 8080c28a06af52bf28799c3f80aa1bcfd3dba0c7
parent: 092e043238e38b95af737eadb3bbb4a10427a1c0 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
index 46bfee5..3fad122 100644
--- a/sepolicy/kernel.te
+++ b/sepolicy/kernel.te
@@ -3,3 +3,5 @@ allow kernel device:chr_file { create setattr };
 allow kernel device:dir { add_name create write };
 allow kernel self:capability mknod;
 allow kernel vendor_file:file { open read };
+allow kernel self:system module_request;
+allow vendor_init kernel:system module_request;
author	John Stultz <john.stultz@linaro.org>	2019-10-25 04:40:29 +0000
committer	John Stultz <john.stultz@linaro.org>	2019-10-25 04:40:29 +0000
commit	c23e5e62a47a3509df191ae42a2d3547a02927b9 (patch)
tree	8080c28a06af52bf28799c3f80aa1bcfd3dba0c7
parent	092e043238e38b95af737eadb3bbb4a10427a1c0 (diff)