seploicy: don't audit module_request

address denials such as: avc: denied { module_request } for pid=1 comm="init" kmod="crypto-cts(cbc(aes-ce))-all" scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0 which caused by b/35930111 Bug: 36056446 Test: no denials Change-Id: I2a1fd14a0225a79526f77228bddd299434f075f3
author: Wei Wang <wvw@google.com> 2017-03-08 13:20:33 -0800
committer: Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> 2018-04-15 01:30:58 +0200
commit: 70b6e4807d77b3dbd9dcb09fb2de1ea0fdde85b5 (patch)
tree: eb7ff2ca277d3bf25ec9ed2337f9d13e3b83adf2
parent: ed2c442b888064d36471fd9e142b87ee56c5d175 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
index 6652378..f176bca 100644
--- a/sepolicy/domain.te
+++ b/sepolicy/domain.te
@@ -1,6 +1,7 @@
 get_prop(domain, camera_prop)
 
 dontaudit domain self:capability sys_module;
+dontaudit domain kernel:system module_request;
 
 # b/29072816
 # Triggered by kernel code which calls request_firmware(), which
author	Wei Wang <wvw@google.com>	2017-03-08 13:20:33 -0800
committer	Cosme Domínguez Díaz <cosme.ddiaz@gmail.com>	2018-04-15 01:30:58 +0200
commit	70b6e4807d77b3dbd9dcb09fb2de1ea0fdde85b5 (patch)
tree	eb7ff2ca277d3bf25ec9ed2337f9d13e3b83adf2
parent	ed2c442b888064d36471fd9e142b87ee56c5d175 (diff)