am65xevm: sepolicy: Allow ueventd to insert modules

Allow ueventd daemon to load modules in response to modalias events. This patch makes dynamic kernel module loading work in 'enforcing' mode. Signed-off-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org> Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
author: Ruslan Trofymenko 2019-05-08 23:53:48 -0500
committer: Praneeth Bajjuri 2019-05-09 16:13:58 -0500
commit: ac27aa318dc61463cf5d87d3bf208ce242f7c41d (patch)
tree: 6c68500a816db142d7823a86d10d9c96bb8a4fef
parent: 2a2a8709eb7c2ca7ec48cdefb45318d667c592fa (diff)
download: device-ti-am65xevm-ac27aa318dc61463cf5d87d3bf208ce242f7c41d.tar.gz
device-ti-am65xevm-ac27aa318dc61463cf5d87d3bf208ce242f7c41d.tar.xz
device-ti-am65xevm-ac27aa318dc61463cf5d87d3bf208ce242f7c41d.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
new file mode 100644
index 0000000..966db38
--- /dev/null
+++ b/sepolicy/ueventd.te
@@ -0,0 +1,4 @@
+allow ueventd self:capability {sys_module sys_nice};
+allow ueventd vendor_file:system module_load;
+allow ueventd kernel:key search;
+allow ueventd kernel:process setsched;
author	Ruslan Trofymenko	2019-05-08 23:53:48 -0500
committer	Praneeth Bajjuri	2019-05-09 16:13:58 -0500
commit	ac27aa318dc61463cf5d87d3bf208ce242f7c41d (patch)
tree	6c68500a816db142d7823a86d10d9c96bb8a4fef
parent	2a2a8709eb7c2ca7ec48cdefb45318d667c592fa (diff)
download	device-ti-am65xevm-ac27aa318dc61463cf5d87d3bf208ce242f7c41d.tar.gz device-ti-am65xevm-ac27aa318dc61463cf5d87d3bf208ce242f7c41d.tar.xz device-ti-am65xevm-ac27aa318dc61463cf5d87d3bf208ce242f7c41d.zip

diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te new file mode 100644 index 0000000..966db38 --- /dev/null +++ b/sepolicy/ueventd.te
@@ -0,0 +1,4 @@
	1	allow ueventd self:capability {sys_module sys_nice};
	2	allow ueventd vendor_file:system module_load;
	3	allow ueventd kernel:key search;
	4	allow ueventd kernel:process setsched;