sepolicy: add key search permission for init To support insmod in init, key search permission is added so that module key can be found for signature verification. Address the following denial: avc: denied { search } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=key permissive=0 Change-Id: I04d8289290fee923b09dee23dcf1333cc970d5cd

commit: 2c0774d5111d7d7480ff098e5ca94b7b8ab2a809 [log] [tgz]
author: William Clark <wclark@codeaurora.org> Fri Sep 25 14:14:52 2015 -0700
committer: William Clark <wclark@codeaurora.org> Fri Sep 25 15:03:08 2015 -0700
tree: d93324162612e82ebcb1ef18780b559a63afb580
parent: 40b31f78d3a8253a821315281dcd670a57a17e6d [diff]
diff --git a/common/init.te b/common/init.te
index 9a54265..6835232 100644
--- a/common/init.te
+++ b/common/init.te

@@ -9,6 +9,9 @@
 }:dir mounton;
 allow init kmsg_device:chr_file write;
 
+#For insmod to search module key for signature verification
+allow init kernel:key search;
+
 #For sdcard
 allow init tmpfs:lnk_file create_file_perms;
commit	2c0774d5111d7d7480ff098e5ca94b7b8ab2a809	[log] [tgz]
author	William Clark <wclark@codeaurora.org>	Fri Sep 25 14:14:52 2015 -0700
committer	William Clark <wclark@codeaurora.org>	Fri Sep 25 15:03:08 2015 -0700
tree	d93324162612e82ebcb1ef18780b559a63afb580
parent	40b31f78d3a8253a821315281dcd670a57a17e6d [diff]