Thanks Stephen and Jeffrey that really helped. Regards, Ravi
On Thu, Jun 23, 2016 at 10:59 PM, Jeffrey Vander Stoep <[email protected]> wrote: > Here's an example migrating code from init_module to finit_module: > https://android-review.googlesource.com/#/c/210691/ > > On Thu, Jun 23, 2016 at 10:22 AM Stephen Smalley <[email protected]> > wrote: > >> On 06/22/2016 03:02 PM, Jeffrey Vander Stoep wrote: >> > [email protected] <mailto:[email protected]> to bcc >> > >> > Hi Ravi, >> > >> > The intent is not to restrict which processes may load modules, but to >> > place restrictions on the origin of the module itself. Modules, like the >> > kernel, should live on a verity protected partition. >> > >> > If you want system apps to load a kernel module from the system >> > partition you just need to add an allow rule. e.g. >> > >> > # system_app loads /system/lib/module/wlan.ko >> > allow system_app system_file:system module_load; >> > >> > Similar rules may be added for platform_app or system_server. >> >> Actually, that probably won't work for any app domains, as they can't >> pass the sys_module capability check. So hopefully you only truly need >> it for system_server. >> >> >> >>
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
