Most Android kernels are built with CONFIG_MODULES=n these days. Is yours built with it enabled? If so, then yes, you need to define a domain transition from kernel to a new domain on modprobe execution.
On Mon, Jul 20, 2015 at 6:43 PM, Roberts, William C <[email protected]> wrote: > I am getting this message and having a fun time tracking it down. My best > guess is that a user mode helper is executing this. > > > > <38>[ 29.983923] type=1400 audit(946684830.959:3): avc: denied { > sys_module } for pid=236 comm="modprobe" capability=16 > scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=capability permissive=1 > > > > # cat /proc/sys/kernel/modprobe > > /sbin/modprobe > > > > # ls -laZ /proc//sys/kernel/modprobe > > -rw-r--r-- root root u:object_r:usermodehelper:s0 modprobe > > > > Should I just label this and set up a domain transition? Our kernel does > contain the rootfs patch https://android-review.googlesource.com/#/c/58360/. > > > > Is this barking down the right path, or should I just give kernel domain > this capability? > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
