aboutsummaryrefslogtreecommitdiffstats
path: root/fsck_untrusted.te
diff options
context:
space:
mode:
Diffstat (limited to 'fsck_untrusted.te')
-rw-r--r--fsck_untrusted.te36
1 files changed, 36 insertions, 0 deletions
diff --git a/fsck_untrusted.te b/fsck_untrusted.te
new file mode 100644
index 0000000..67c67b7
--- /dev/null
+++ b/fsck_untrusted.te
@@ -0,0 +1,36 @@
+# Any fsck program run on untrusted block devices
+type fsck_untrusted, domain;
+
+# Inherit and use pty created by android_fork_execvp_ext().
+allow fsck_untrusted devpts:chr_file { read write ioctl getattr };
+
+# Allow stdin/out back to vold
+allow fsck_untrusted vold:fd use;
+allow fsck_untrusted vold:fifo_file { read write getattr };
+
+# Run fsck on vold block devices
+allow fsck_untrusted block_device:dir search;
+allow fsck_untrusted vold_device:blk_file rw_file_perms;
+
+###
+### neverallow rules
+###
+
+# Untrusted fsck should never be run on block devices holding sensitive data
+neverallow fsck_untrusted {
+ boot_block_device
+ frp_block_device
+ metadata_block_device
+ recovery_block_device
+ root_block_device
+ swap_block_device
+ system_block_device
+ userdata_block_device
+ cache_block_device
+ dm_device
+}:blk_file no_rw_file_perms;
+
+# Only allow entry from vold via fsck binaries
+neverallow { domain -vold } fsck_untrusted:process transition;
+neverallow domain fsck_untrusted:process dyntransition;
+neverallow fsck_untrusted { file_type fs_type -fsck_exec }:file entrypoint;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 09:04:39 +0000