From aa3bf7b2ba0a11f06017cc395d2d552f9af9d9de Mon Sep 17 00:00:00 2001
From: John Stultz <john.stultz@linaro.org>
Date: Fri, 25 Oct 2019 00:05:09 +0000
Subject: HiKey/HiKey960: sepolicy: Add some kernel sepolicy rules to allow
 firmware loading

Previously we were seeing issues w/ firmware loading due to sepolicy
blocking the in-kernel loader from accessing /vendor/firmware files

This patch adds some sepolicy additions suggested by audit2allow
that let it work.

Change-Id: If3370c956f60ee2478c85140b5ab5404734608da
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
 sepolicy/kernel.te | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 sepolicy/kernel.te

diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
new file mode 100644
index 00000000..27b8978b
--- /dev/null
+++ b/sepolicy/kernel.te
@@ -0,0 +1,5 @@
+#============= kernel ==============
+allow kernel vendor_file:file open;
+allow kernel vendor_file:file read;
+allow kernel self:system module_request;
+allow vendor_init kernel:system module_request;
-- 
cgit v1.2.3