On 01/23/2014 07:06 PM, Dinesh Garg wrote: > Hi, > Does SEAndroid support controlling the access who can load kernel modules?
Direct module loading is controlled by CAP_SYS_MODULE and thus requires allow <domain> self:capability sys_module; in SELinux policy. For triggering automatic loading of a network driver upon attempting to configure the interface, you need CAP_NET_ADMIN and thus allow <domain> self:capability net_admin; in SELinux policy. Triggering automatic module loading by the kernel in general requires no capabilities but requires allow <domain> kernel:system module_request; in SELinux policy. Note that the Nexus devices have non-modular kernels so this is moot for them. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
