1type insmod-sh, domain;
2type insmod-sh_exec, vendor_file_type, exec_type, file_type;
3init_daemon_domain(insmod-sh)
4
5allow insmod-sh self:capability sys_module;
6allow insmod-sh system_dlkm_file:dir r_dir_perms;
7allow insmod-sh system_dlkm_file:file r_file_perms;
8allow insmod-sh system_dlkm_file:system module_load;
9allow insmod-sh vendor_kernel_modules:system module_load;
10allow insmod-sh vendor_toolbox_exec:file execute_no_trans;
11
12set_prop(insmod-sh, vendor_device_prop)
13
14dontaudit insmod-sh proc_cmdline:file r_file_perms;
15