829c6fb863
modprobe would log errors to /dev/kmsg, need to explicit allow this.
```
avc: denied { write } for comm="modprobe" name="kmsg" dev="tmpfs" ino=5 scontext=u:r:init-display-sh:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
```
Bug: 388717752
Test: DeviceBootTest#SELinuxUncheckedDenialBootTest
Change-Id: I62a43416291d4d79164765004f156f2bdb69b0b5
12 lines
463 B
Text
12 lines
463 B
Text
type init-display-sh, domain;
|
|
type init-display-sh_exec, vendor_file_type, exec_type, file_type;
|
|
init_daemon_domain(init-display-sh)
|
|
|
|
allow init-display-sh self:capability sys_module;
|
|
allow init-display-sh vendor_kernel_modules:system module_load;
|
|
allow init-display-sh vendor_toolbox_exec:file execute_no_trans;
|
|
|
|
dontaudit init-display-sh proc_cmdline:file r_file_perms;
|
|
|
|
# Allow modprobe to log to kmsg.
|
|
allow init-display-sh kmsg_device:chr_file w_file_perms;
|