diff --git a/kernel/module/main.c b/kernel/module/main.c
index 0715de412359..1c00810b3a6e 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -1113,6 +1113,8 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod,
                                                 const char *name,
                                                 char ownername[])
{
+       bool is_vendor_module;
+       bool is_vendor_exported_symbol;
       struct find_symbol_arg fsa = {
               .name   = name,
               .gplok  = !(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)),
@@ -1150,16 +1152,19 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod,
       }
 
       /*
-        * ANDROID: GKI:
-        * In case of an unsigned module symbol resolves only if:
-        * 1. Symbol is in the list of unprotected symbol list OR
-        * 2. If symbol owner is not NULL i.e. owner is another module;
-        *    it has to be an unsigned module and not signed GKI module
-        *    to protect symbols exported by signed GKI modules.
+        * ANDROID GKI
+        *
+        * Vendor (i.e., unsigned) modules are only permitted to use:
+        *
+        * 1. symbols exported by other vendor (unsigned) modules
+        * 2. unprotected symbols
        */
-       if (!mod->sig_ok &&
-           !gki_is_module_unprotected_symbol(name) &&
-           fsa.owner && fsa.owner->sig_ok) {
+       is_vendor_module = !mod->sig_ok;
+       is_vendor_exported_symbol = fsa.owner && !fsa.owner->sig_ok;
+
+       if (is_vendor_module &&
+           !is_vendor_exported_symbol &&
+           !gki_is_module_unprotected_symbol(name)) {
               fsa.sym = ERR_PTR(-EACCES);
               goto getname;
       }