On 06/22/2016 03:02 PM, Jeffrey Vander Stoep wrote: > [email protected] <mailto:[email protected]> to bcc > > Hi Ravi, > > The intent is not to restrict which processes may load modules, but to > place restrictions on the origin of the module itself. Modules, like the > kernel, should live on a verity protected partition. > > If you want system apps to load a kernel module from the system > partition you just need to add an allow rule. e.g. > > # system_app loads /system/lib/module/wlan.ko > allow system_app system_file:system module_load; > > Similar rules may be added for platform_app or system_server.
Actually, that probably won't work for any app domains, as they can't pass the sys_module capability check. So hopefully you only truly need it for system_server. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
