| # Allow insmod |
| type init-insmod-sh, domain; |
| type init-insmod-sh_exec, exec_type, vendor_file_type, file_type; |
| |
| init_daemon_domain(init-insmod-sh) |
| |
| allow init-insmod-sh self:capability sys_module; |
| allow init-insmod-sh vendor_kernel_modules:system module_load; |
| allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans; |
| allow init-insmod-sh sysfs_msm_boot:file w_file_perms; |
| |
| userdebug_or_eng(` |
| allow init-insmod-sh debugfs_ipc:dir search; |
| allow init-insmod-sh debugfs_wlan:dir search; |
| ') |
| |
| set_prop(init-insmod-sh, vendor_device_prop) |
| |
| dontaudit init-insmod-sh debugfs_ipc:dir search; |
| dontaudit init-insmod-sh debugfs_wlan:dir search; |
| dontaudit init-insmod-sh self:capability sys_admin; |
| dontaudit init-insmod-sh proc_cmdline:file r_file_perms; |