From a035f6bbef474a356eee80e7dac9fc94ab2cc93f Mon Sep 17 00:00:00 2001
From: Steve Muckle <smuckle@google.com>
Date: Wed, 10 May 2017 16:28:53 -0700
Subject: [PATCH] disable kernel module loading after boot

Disable kernel module loading after boot on user builds.

Bug: 38204366
Test: boot walleye, confirm kernel module does not load after boot
Change-Id: I40217ff37c1b1bcf00155e5bec74b92a020481f7
---
 init-common.rc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/init-common.rc b/init-common.rc
index c990de1..fcd5a68 100644
--- a/init-common.rc
+++ b/init-common.rc
@@ -18,3 +18,6 @@ on property:sys.boot_completed=1
     # TODO: uncomment this when enable dm-verity
     #write /sys/block/dm-0/queue/read_ahead_kb 128
     #write /sys/block/dm-1/queue/read_ahead_kb 128
+
+on property:sys.boot_completed=1 && property:ro.build.type=user
+    write /proc/sys/kernel/modules_disabled 1