vendor/google/init-insmod-sh.te - device/google/sunfish-sepolicy - Git at Google

 # Allow insmod
 type init-insmod-sh, domain;
 type init-insmod-sh_exec, exec_type, vendor_file_type, file_type;

 init_daemon_domain(init-insmod-sh)

 allow init-insmod-sh self:capability sys_module;
 allow init-insmod-sh vendor_kernel_modules:system module_load;
 allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans;
 allow init-insmod-sh sysfs_msm_boot:file w_file_perms;

 userdebug_or_eng(`
   allow init-insmod-sh debugfs_ipc:dir search;
   allow init-insmod-sh debugfs_wlan:dir search;
 ')

 set_prop(init-insmod-sh, vendor_device_prop)

 dontaudit init-insmod-sh debugfs_ipc:dir search;
 dontaudit init-insmod-sh debugfs_wlan:dir search;
 dontaudit init-insmod-sh self:capability sys_admin;
 dontaudit init-insmod-sh proc_cmdline:file r_file_perms;
	# Allow insmod
	type init-insmod-sh, domain;
	type init-insmod-sh_exec, exec_type, vendor_file_type, file_type;

	init_daemon_domain(init-insmod-sh)

	allow init-insmod-sh self:capability sys_module;
	allow init-insmod-sh vendor_kernel_modules:system module_load;
	allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans;
	allow init-insmod-sh sysfs_msm_boot:file w_file_perms;

	userdebug_or_eng(`
	allow init-insmod-sh debugfs_ipc:dir search;
	allow init-insmod-sh debugfs_wlan:dir search;
	')

	set_prop(init-insmod-sh, vendor_device_prop)

	dontaudit init-insmod-sh debugfs_ipc:dir search;
	dontaudit init-insmod-sh debugfs_wlan:dir search;
	dontaudit init-insmod-sh self:capability sys_admin;
	dontaudit init-insmod-sh proc_cmdline:file r_file_perms;