suppress spurious module loading denials

We only load modules during boot, on only by a single script:
init.insmod.sh

Other denials are caused by code we don't rely on that
automatically looks for modules.

Bug: 34784662
Test: build policy
Change-Id: Iccdbe52582e9960f49ecb4ba9b472cf792e48fe6

sepolicy/vendor/init.te

@@ -9,3 +9,5 @@ allow init debugfs_clk:file w_file_perms;
 allow init tty_device:chr_file rw_file_perms;
 
 allow init persist_file:dir mounton;
+
+dontaudit init kernel:system module_request;

sepolicy/vendor/kernel.te

@@ -6,3 +6,5 @@ userdebug_or_eng(`
 
 allow kernel vendor_firmware_file:dir search;
 allow kernel vendor_firmware_file:file r_file_perms;
+
+dontaudit kernel kernel:system module_request;

sepolicy/vendor/location.te

@@ -36,3 +36,5 @@ r_dir_file(location, sysfs_type)
 # socket communications between system components and vendor components are not permted.
 # Once we switch full Treble devices to binderized only mode, this issue will disappear.
 typeattribute location socket_between_core_and_vendor_violators;
+
+dontaudit location kernel:system module_request;

sepolicy/vendor/netd.te

@@ -1 +1,4 @@
 allow netd sysfs_net:file w_file_perms;
+
+dontaudit netd kernel:system module_request;
+dontaudit netd self:system module_request;

sepolicy/vendor/netmgrd.te

@@ -43,3 +43,6 @@ allow netmgrd system_file:file execute_no_trans;
 allow netmgrd self:capability { net_admin net_raw setgid setpcap setuid };
 
 allow netmgrd toolbox_exec:file rx_file_perms;
+
+dontaudit netmgrd kernel:system module_request;
+dontaudit netmgrd self:system module_request;

sepolicy/vendor/surfaceflinger.te

@@ -1,2 +1,3 @@
 dontaudit surfaceflinger firmware_file:dir search;
+dontaudit surfaceflinger kernel:system module_request;
 allow surfaceflinger debugfs_ion:dir search;