blob: be36f35207aa710966492e7d0343a451e0b6cce7 [file] [log] [blame]
type dlkm_loader, domain;
type dlkm_loader_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(dlkm_loader)
# Allow insmod on vendor, system and system_dlkm partitions
allow dlkm_loader self:capability sys_module;
allow dlkm_loader system_dlkm_file:dir r_dir_perms;
allow dlkm_loader system_dlkm_file:file r_file_perms;
allow dlkm_loader system_dlkm_file:system module_load;
allow dlkm_loader system_file:system module_load;
allow dlkm_loader vendor_file:system module_load;
# needed for libmodprobe to read kernel commandline
allow dlkm_loader proc_cmdline:file r_file_perms;
allow dlkm_loader proc_bootconfig:file r_file_perms;
# Allow writing to kernel log
allow dlkm_loader kmsg_device:chr_file rw_file_perms;