HiKey/HiKey960: sepolicy: Add some kernel sepolicy rules to allow firmware loading Previously we were seeing issues w/ firmware loading due to sepolicy blocking the in-kernel loader from accessing /vendor/firmware files This patch adds some sepolicy additions suggested by audit2allow that let it work. Change-Id: If3370c956f60ee2478c85140b5ab5404734608da Signed-off-by: John Stultz <john.stultz@linaro.org>

commit: aa3bf7b2ba0a11f06017cc395d2d552f9af9d9de [log] [tgz]
author: John Stultz <john.stultz@linaro.org> Fri Oct 25 00:05:09 2019 +0000
committer: John Stultz <john.stultz@linaro.org> Fri Oct 25 00:07:02 2019 +0000
tree: d36ba7c6a583c2a0f5b2526adea25358d8dc585e
parent: 1d095265cbba16a083a3cf7ac3ad1756fc6ccfd2 [diff]
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
new file mode 100644
index 0000000..27b8978
--- /dev/null
+++ b/sepolicy/kernel.te

@@ -0,0 +1,5 @@
+#============= kernel ==============
+allow kernel vendor_file:file open;
+allow kernel vendor_file:file read;
+allow kernel self:system module_request;
+allow vendor_init kernel:system module_request;
commit	aa3bf7b2ba0a11f06017cc395d2d552f9af9d9de	[log] [tgz]
author	John Stultz <john.stultz@linaro.org>	Fri Oct 25 00:05:09 2019 +0000
committer	John Stultz <john.stultz@linaro.org>	Fri Oct 25 00:07:02 2019 +0000
tree	d36ba7c6a583c2a0f5b2526adea25358d8dc585e
parent	1d095265cbba16a083a3cf7ac3ad1756fc6ccfd2 [diff]