sepolicy: add key search permission for init
To support insmod in init, key search permission is added so
that module key can be found for signature verification.
Address the following denial:
avc: denied { search } for pid=1 comm="init" scontext=u:r:init:s0
tcontext=u:r:kernel:s0 tclass=key permissive=0
Change-Id: I04d8289290fee923b09dee23dcf1333cc970d5cd
diff --git a/common/init.te b/common/init.te
index 9a54265..6835232 100644
--- a/common/init.te
+++ b/common/init.te
@@ -9,6 +9,9 @@
}:dir mounton;
allow init kmsg_device:chr_file write;
+#For insmod to search module key for signature verification
+allow init kernel:key search;
+
#For sdcard
allow init tmpfs:lnk_file create_file_perms;