1type dlkm_loader, domain; 2type dlkm_loader_exec, exec_type, vendor_file_type, file_type; 3 4init_daemon_domain(dlkm_loader) 5 6# Allow insmod on vendor, system and system_dlkm partitions 7allow dlkm_loader self:capability sys_module; 8allow dlkm_loader system_file:system module_load; 9allow dlkm_loader system_dlkm_file:system module_load; 10allow dlkm_loader vendor_file:system module_load; 11 12# needed for libmodprobe to read kernel commandline 13allow dlkm_loader proc_cmdline:file r_file_perms; 14 15# dlkm_loader searches tracefs while looking for modules 16dontaudit dlkm_loader debugfs_bootreceiver_tracing:dir search; 17dontaudit dlkm_loader debugfs_mm_events_tracing:dir search; 18