| Jeff Sharkey | 84e1c61 | 2015-04-01 10:15:51 -0700 | [diff] [blame] | 1 | # Any fsck program run on untrusted block devices |
| 2 | type fsck_untrusted, domain; |
| 3 | |
| 4 | # Inherit and use pty created by android_fork_execvp_ext(). |
| 5 | allow fsck_untrusted devpts:chr_file { read write ioctl getattr }; |
| 6 | |
| 7 | # Allow stdin/out back to vold |
| 8 | allow fsck_untrusted vold:fd use; |
| 9 | allow fsck_untrusted vold:fifo_file { read write getattr }; |
| 10 | |
| 11 | # Run fsck on vold block devices |
| 12 | allow fsck_untrusted block_device:dir search; |
| 13 | allow fsck_untrusted vold_device:blk_file rw_file_perms; |
| 14 | |
| 15 | ### |
| 16 | ### neverallow rules |
| 17 | ### |
| 18 | |
| 19 | # Untrusted fsck should never be run on block devices holding sensitive data |
| 20 | neverallow fsck_untrusted { |
| 21 | boot_block_device |
| 22 | frp_block_device |
| 23 | metadata_block_device |
| 24 | recovery_block_device |
| 25 | root_block_device |
| 26 | swap_block_device |
| 27 | system_block_device |
| 28 | userdata_block_device |
| 29 | cache_block_device |
| 30 | dm_device |
| 31 | }:blk_file no_rw_file_perms; |
| 32 | |
| 33 | # Only allow entry from vold via fsck binaries |
| 34 | neverallow { domain -vold } fsck_untrusted:process transition; |
| 35 | neverallow domain fsck_untrusted:process dyntransition; |
| 36 | neverallow fsck_untrusted { file_type fs_type -fsck_exec }:file entrypoint; |