From 2e4ac459fa4f181b62a6e7fe13720ffa1fa91e43 Mon Sep 17 00:00:00 2001
From: bauen1 <j2468h@gmail.com>
Date: Wed, 12 Feb 2020 17:28:43 +0100
Subject: [PATCH] modutils: allow init to execute kmod with nnp

Signed-off-by: bauen1 <j2468h@gmail.com>
---
 policy/modules/system/init.te     | 5 -----
 policy/modules/system/modutils.te | 3 +--
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 651663367..48792c85c 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -478,10 +478,6 @@ ifdef(`init_systemd',`
 		dbus_connect_system_bus(init_t)
 	')
 
-	optional_policy(`
-		modutils_domtrans(init_t)
-	')
-
 	optional_policy(`
 		# for systemd --user:
 		unconfined_search_keys(init_t)
@@ -1228,7 +1224,6 @@ optional_policy(`
 
 optional_policy(`
 	modutils_read_module_config(initrc_t)
-	modutils_domtrans(initrc_t)
 ')
 
 optional_policy(`
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 0792509ec..50cd106b0 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -9,10 +9,9 @@ attribute_role kmod_roles;
 
 type kmod_t;
 type kmod_exec_t;
-application_domain(kmod_t, kmod_exec_t)
+init_system_domain(kmod_t, kmod_exec_t)
 kernel_domtrans_to(kmod_t, kmod_exec_t)
 mls_file_write_all_levels(kmod_t)
-roleattribute system_r kmod_roles;
 role kmod_roles types kmod_t;
 
 # module loading config