db845c: sepolicy: Add some kernel sepolicy rules to allow firmware loading Previously we were seeing issues w/ firmware loading due to sepolicy blocking the in-kernel loader from accessing /vendor/firmware files This patch adds some sepolicy additions suggested by audit2allow that let it work. Change-Id: Ie7238a2ae30d1377dcd73a6c194f0017989006bf Signed-off-by: John Stultz <john.stultz@linaro.org>

commit: c23e5e62a47a3509df191ae42a2d3547a02927b9 [log] [tgz]
author: John Stultz <john.stultz@linaro.org> Fri Oct 25 04:40:29 2019 +0000
committer: John Stultz <john.stultz@linaro.org> Fri Oct 25 04:40:29 2019 +0000
tree: 8080c28a06af52bf28799c3f80aa1bcfd3dba0c7
parent: 092e043238e38b95af737eadb3bbb4a10427a1c0 [diff] [blame]
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
index 46bfee5..3fad122 100644
--- a/sepolicy/kernel.te
+++ b/sepolicy/kernel.te

@@ -3,3 +3,5 @@
 allow kernel device:dir { add_name create write };
 allow kernel self:capability mknod;
 allow kernel vendor_file:file { open read };
+allow kernel self:system module_request;
+allow vendor_init kernel:system module_request;
commit	c23e5e62a47a3509df191ae42a2d3547a02927b9	[log] [tgz]
author	John Stultz <john.stultz@linaro.org>	Fri Oct 25 04:40:29 2019 +0000
committer	John Stultz <john.stultz@linaro.org>	Fri Oct 25 04:40:29 2019 +0000
tree	8080c28a06af52bf28799c3f80aa1bcfd3dba0c7
parent	092e043238e38b95af737eadb3bbb4a10427a1c0 [diff] [blame]