From eae6bfb8359d62910d0b8f15ad4981e53ebb0b95 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Fri, 10 Mar 2023 15:32:00 +0800
Subject: [PATCH] Allow insmod-sh lockdown in userdebug

Bug: 272166723
Change-Id: I1085decf2a00597992a95996b1a2875be08ba1f1
---
 tracking_denials/bug_map      | 1 -
 tracking_denials/insmod-sh.te | 4 ++++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 694ca9e6..6a1f594c 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -19,7 +19,6 @@ hal_secure_element_uicc hidl_base_hwservice hwservice_manager b/264483151
 hal_thermal_default sysfs file b/272166722
 hal_thermal_default sysfs file b/272166987
 hal_usb_gadget_impl sysfs_batteryinfo dir b/272166827
-insmod-sh insmod-sh lockdown b/272166723
 kernel vendor_fw_file dir b/272166737
 kernel vendor_fw_file dir b/272166787
 mtectrl unlabeled dir b/264483752
diff --git a/tracking_denials/insmod-sh.te b/tracking_denials/insmod-sh.te
index d9e52eff..04c00fe8 100644
--- a/tracking_denials/insmod-sh.te
+++ b/tracking_denials/insmod-sh.te
@@ -4,3 +4,7 @@ dontaudit insmod-sh vendor_regmap_debugfs:dir { search };
 userdebug_or_eng(`
   permissive insmod-sh;
 ')
+# b/272166723
+userdebug_or_eng(`
+  allow insmod-sh self:lockdown integrity;
+')