diff options
Diffstat (limited to 'fsck_untrusted.te')
-rw-r--r-- | fsck_untrusted.te | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/fsck_untrusted.te b/fsck_untrusted.te new file mode 100644 index 0000000..67c67b7 --- /dev/null +++ b/fsck_untrusted.te @@ -0,0 +1,36 @@ +# Any fsck program run on untrusted block devices +type fsck_untrusted, domain; + +# Inherit and use pty created by android_fork_execvp_ext(). +allow fsck_untrusted devpts:chr_file { read write ioctl getattr }; + +# Allow stdin/out back to vold +allow fsck_untrusted vold:fd use; +allow fsck_untrusted vold:fifo_file { read write getattr }; + +# Run fsck on vold block devices +allow fsck_untrusted block_device:dir search; +allow fsck_untrusted vold_device:blk_file rw_file_perms; + +### +### neverallow rules +### + +# Untrusted fsck should never be run on block devices holding sensitive data +neverallow fsck_untrusted { + boot_block_device + frp_block_device + metadata_block_device + recovery_block_device + root_block_device + swap_block_device + system_block_device + userdata_block_device + cache_block_device + dm_device +}:blk_file no_rw_file_perms; + +# Only allow entry from vold via fsck binaries +neverallow { domain -vold } fsck_untrusted:process transition; +neverallow domain fsck_untrusted:process dyntransition; +neverallow fsck_untrusted { file_type fs_type -fsck_exec }:file entrypoint; |