From ab2549b89ab182ddb5fb26911fa726cc84771eb1 Mon Sep 17 00:00:00 2001
From: Woomymy <woomy@woomy.be>
Date: Thu, 15 Feb 2024 12:02:05 +0000
Subject: [PATCH] basic: non_plat: Address init.insmod.sh denials

Change-Id: I2b858d17db6b8edf07f34f12f38342ae519056c8
Signed-off-by: Woomymy <woomy@woomy.be>
---
 basic/non_plat/init_insmod_sh.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/basic/non_plat/init_insmod_sh.te b/basic/non_plat/init_insmod_sh.te
index a9fb4e4..4db24bf 100644
--- a/basic/non_plat/init_insmod_sh.te
+++ b/basic/non_plat/init_insmod_sh.te
@@ -12,6 +12,13 @@ allow init_insmod_sh kernel:key search;
 # Purpose : modprobe need proc_modules
 allow init_insmod_sh proc_modules:file r_file_perms;
 
+# Allow init.insmod.sh to read cmdline
+allow init_insmod_sh proc_cmdline:file r_file_perms;
+
+# Allow required capabilities for modprobe
+allow init_insmod_sh self:capability sys_nice;
+allow init_insmod_sh kernel:process setsched;
+
 # Date : WK20.46
 # Purpose : Set the vendor.all.modules.ready property
 set_prop(init_insmod_sh, vendor_mtk_device_prop)