From bf85d96523689a9b9e1224011a1f6732f7e29c7e Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Thu, 7 Dec 2023 03:59:52 +0000
Subject: [PATCH] Add insmod-sh policy

Fix: 307468923
Fix: 312372936
Test: make selinux_policy
Change-Id: Icd42c4a74b44b7e593dc7c0598f3d23c3f251a2c
---
 legacy/zuma/vendor/insmod-sh.te | 2 --
 tracking_denials/insmod-sh.te   | 5 -----
 vendor/insmod-sh.te             | 3 +++
 3 files changed, 3 insertions(+), 7 deletions(-)
 delete mode 100644 legacy/zuma/vendor/insmod-sh.te
 delete mode 100644 tracking_denials/insmod-sh.te

diff --git a/legacy/zuma/vendor/insmod-sh.te b/legacy/zuma/vendor/insmod-sh.te
deleted file mode 100644
index e09c248..0000000
--- a/legacy/zuma/vendor/insmod-sh.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow insmod-sh self:capability sys_nice;
-allow insmod-sh kernel:process setsched;
diff --git a/tracking_denials/insmod-sh.te b/tracking_denials/insmod-sh.te
deleted file mode 100644
index 39c4e8d..0000000
--- a/tracking_denials/insmod-sh.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/307468923
-userdebug_or_eng(`
-  permissive insmod-sh;
-')# b/312372936
-dontaudit insmod-sh insmod-sh:key { write };
diff --git a/vendor/insmod-sh.te b/vendor/insmod-sh.te
index ac5adeb..2fec873 100644
--- a/vendor/insmod-sh.te
+++ b/vendor/insmod-sh.te
@@ -1 +1,4 @@
+allow insmod-sh self:capability sys_nice;
+allow insmod-sh kernel:process setsched;
 allow insmod-sh vendor_regmap_debugfs:dir search;
+dontaudit insmod-sh insmod-sh:key write;