From 70b6e4807d77b3dbd9dcb09fb2de1ea0fdde85b5 Mon Sep 17 00:00:00 2001
From: Wei Wang <wvw@google.com>
Date: Wed, 8 Mar 2017 13:20:33 -0800
Subject: seploicy: don't audit module_request

address denials such as:
avc: denied { module_request } for pid=1 comm="init" kmod="crypto-cts(cbc(aes-ce))-all" scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0
which caused by b/35930111

Bug: 36056446
Test: no denials
Change-Id: I2a1fd14a0225a79526f77228bddd299434f075f3
---
 sepolicy/domain.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/domain.te b/sepolicy/domain.te
index 6652378..f176bca 100644
--- a/sepolicy/domain.te
+++ b/sepolicy/domain.te
@@ -1,6 +1,7 @@
 get_prop(domain, camera_prop)
 
 dontaudit domain self:capability sys_module;
+dontaudit domain kernel:system module_request;
 
 # b/29072816
 # Triggered by kernel code which calls request_firmware(), which
-- 
cgit v1.2.3