2018-05-29 19:54:16 +02:00
|
|
|
typeattribute fastbootd coredomain;
|
2020-03-04 09:20:35 +01:00
|
|
|
|
|
|
|
|
# The allow rules are only included in the recovery policy.
|
|
|
|
|
# Otherwise fastbootd is only allowed the domain rules.
|
|
|
|
|
recovery_only(`
|
|
|
|
|
# Reboot the device
|
|
|
|
|
set_prop(fastbootd, powerctl_prop)
|
|
|
|
|
|
|
|
|
|
# Read serial number of the device from system properties
|
|
|
|
|
get_prop(fastbootd, serialno_prop)
|
|
|
|
|
|
|
|
|
|
# Set sys.usb.ffs.ready.
|
2020-04-27 16:49:15 +02:00
|
|
|
get_prop(fastbootd, ffs_config_prop)
|
|
|
|
|
set_prop(fastbootd, ffs_control_prop)
|
2020-03-04 09:20:35 +01:00
|
|
|
|
|
|
|
|
userdebug_or_eng(`
|
|
|
|
|
get_prop(fastbootd, persistent_properties_ready_prop)
|
|
|
|
|
')
|
|
|
|
|
|
|
|
|
|
set_prop(fastbootd, gsid_prop)
|
|
|
|
|
|
|
|
|
|
# Determine allocation scheme (whether B partitions needs to be
|
|
|
|
|
# at the second half of super.
|
|
|
|
|
get_prop(fastbootd, virtual_ab_prop)
|
2021-07-28 03:51:18 +02:00
|
|
|
get_prop(fastbootd, snapuserd_prop)
|
2020-04-24 08:43:13 +02:00
|
|
|
|
|
|
|
|
# Needed for TCP protocol
|
|
|
|
|
allow fastbootd node:tcp_socket node_bind;
|
|
|
|
|
allow fastbootd port:tcp_socket name_bind;
|
|
|
|
|
allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
|
|
|
|
|
|
2021-02-05 05:24:23 +01:00
|
|
|
# Start snapuserd for merging VABC updates
|
|
|
|
|
set_prop(fastbootd, ctl_snapuserd_prop)
|
|
|
|
|
|
|
|
|
|
# Needed to communicate with snapuserd to complete merges.
|
|
|
|
|
allow fastbootd snapuserd_socket:sock_file write;
|
|
|
|
|
allow fastbootd snapuserd:unix_stream_socket connectto;
|
|
|
|
|
allow fastbootd dm_user_device:dir r_dir_perms;
|
|
|
|
|
|
2020-04-24 08:43:13 +02:00
|
|
|
# Get fastbootd protocol property
|
|
|
|
|
get_prop(fastbootd, fastbootd_protocol_prop)
|
2021-05-06 01:33:48 +02:00
|
|
|
|
|
|
|
|
# Mount /metadata to interact with Virtual A/B snapshots.
|
|
|
|
|
allow fastbootd labeledfs:filesystem { mount unmount };
|
2023-04-28 04:57:28 +02:00
|
|
|
set_prop(fastbootd, boottime_prop)
|
2021-06-08 03:38:53 +02:00
|
|
|
|
|
|
|
|
# Needed for reading boot properties.
|
|
|
|
|
allow fastbootd proc_bootconfig:file r_file_perms;
|
2022-11-09 00:57:09 +01:00
|
|
|
# Let this domain use the hal fastboot service
|
|
|
|
|
binder_use(fastbootd)
|
|
|
|
|
hal_client_domain(fastbootd, hal_fastboot)
|
2024-03-27 09:18:41 +01:00
|
|
|
|
|
|
|
|
# fastbootd can only use HALs in passthrough mode
|
|
|
|
|
passthrough_hal_client_domain(fastbootd, hal_bootctl)
|
|
|
|
|
|
|
|
|
|
# fastbootd can use AIDL HALs in binder mode
|
|
|
|
|
binder_use(fastbootd)
|
|
|
|
|
hal_client_domain(fastbootd, hal_health)
|
|
|
|
|
hal_client_domain(fastbootd, hal_fastboot)
|
|
|
|
|
|
|
|
|
|
# Access /dev/usb-ffs/fastbootd/ep0
|
|
|
|
|
allow fastbootd functionfs:dir search;
|
|
|
|
|
allow fastbootd functionfs:file rw_file_perms;
|
|
|
|
|
|
|
|
|
|
allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC };
|
|
|
|
|
# Log to serial
|
|
|
|
|
allow fastbootd kmsg_device:chr_file { open getattr write };
|
|
|
|
|
|
|
|
|
|
# battery info
|
|
|
|
|
allow fastbootd sysfs_batteryinfo:file r_file_perms;
|
|
|
|
|
|
|
|
|
|
allow fastbootd device:dir r_dir_perms;
|
|
|
|
|
|
|
|
|
|
# For dev/block/by-name dir
|
|
|
|
|
allow fastbootd block_device:dir r_dir_perms;
|
|
|
|
|
|
|
|
|
|
# Needed for DM_DEV_CREATE ioctl call
|
|
|
|
|
allow fastbootd self:capability sys_admin;
|
|
|
|
|
|
|
|
|
|
unix_socket_connect(fastbootd, recovery, recovery)
|
|
|
|
|
|
|
|
|
|
# Required for flashing
|
|
|
|
|
allow fastbootd dm_device:chr_file rw_file_perms;
|
|
|
|
|
allow fastbootd dm_device:blk_file rw_file_perms;
|
|
|
|
|
|
|
|
|
|
allow fastbootd cache_block_device:blk_file rw_file_perms;
|
|
|
|
|
allow fastbootd super_block_device_type:blk_file rw_file_perms;
|
|
|
|
|
allow fastbootd {
|
|
|
|
|
boot_block_device
|
|
|
|
|
metadata_block_device
|
|
|
|
|
system_block_device
|
|
|
|
|
userdata_block_device
|
|
|
|
|
}:blk_file { w_file_perms getattr ioctl };
|
|
|
|
|
|
|
|
|
|
# For disabling/wiping GSI, and for modifying/deleting files created via
|
|
|
|
|
# libfiemap.
|
|
|
|
|
allow fastbootd metadata_block_device:blk_file r_file_perms;
|
|
|
|
|
allow fastbootd {rootfs tmpfs}:dir mounton;
|
|
|
|
|
allow fastbootd metadata_file:dir { search getattr mounton };
|
|
|
|
|
allow fastbootd gsi_metadata_file_type:dir rw_dir_perms;
|
|
|
|
|
allow fastbootd gsi_metadata_file_type:file create_file_perms;
|
|
|
|
|
|
|
|
|
|
allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
|
|
|
|
|
|
|
|
|
|
allowxperm fastbootd {
|
|
|
|
|
metadata_block_device
|
|
|
|
|
userdata_block_device
|
|
|
|
|
dm_device
|
|
|
|
|
cache_block_device
|
|
|
|
|
}:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
|
|
|
|
|
|
|
|
|
|
allow fastbootd misc_block_device:blk_file rw_file_perms;
|
|
|
|
|
|
|
|
|
|
allow fastbootd proc_cmdline:file r_file_perms;
|
|
|
|
|
allow fastbootd rootfs:dir r_dir_perms;
|
|
|
|
|
|
|
|
|
|
# Needed to read fstab node from device tree.
|
|
|
|
|
allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
|
|
|
|
|
allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;
|
|
|
|
|
|
|
|
|
|
# Needed because libdm reads sysfs to validate when a dm path is ready.
|
|
|
|
|
r_dir_file(fastbootd, sysfs_dm)
|
|
|
|
|
|
|
|
|
|
# Needed for realpath() call to resolve symlinks.
|
|
|
|
|
allow fastbootd block_device:dir getattr;
|
|
|
|
|
userdebug_or_eng(`
|
|
|
|
|
# Refined manipulation of /mnt/scratch, without these perms resorts
|
|
|
|
|
# to deleting scratch partition when partition(s) are flashed.
|
|
|
|
|
allow fastbootd self:process setfscreate;
|
|
|
|
|
allow fastbootd cache_file:dir search;
|
|
|
|
|
allow fastbootd proc_filesystems:file { getattr open read };
|
|
|
|
|
allow fastbootd self:capability sys_rawio;
|
|
|
|
|
allowxperm fastbootd dev_type:blk_file ioctl BLKROSET;
|
|
|
|
|
allow fastbootd overlayfs_file:dir { create_dir_perms mounton };
|
|
|
|
|
allow fastbootd {
|
|
|
|
|
system_file_type
|
|
|
|
|
unlabeled
|
|
|
|
|
vendor_file_type
|
|
|
|
|
}:dir { remove_name rmdir search write };
|
|
|
|
|
allow fastbootd {
|
|
|
|
|
overlayfs_file
|
|
|
|
|
system_file_type
|
|
|
|
|
unlabeled
|
|
|
|
|
vendor_file_type
|
|
|
|
|
}:{ file lnk_file } unlink;
|
|
|
|
|
allow fastbootd tmpfs:dir rw_dir_perms;
|
|
|
|
|
# Fetch vendor_boot partition
|
|
|
|
|
allow fastbootd boot_block_device:blk_file r_file_perms;
|
|
|
|
|
|
|
|
|
|
# popen(/system/bin/dmesg) and associated permissions. We only allow this
|
|
|
|
|
# on unlocked devices running userdebug builds.
|
|
|
|
|
allow fastbootd rootfs:file execute_no_trans;
|
|
|
|
|
allow fastbootd system_file:file execute_no_trans;
|
|
|
|
|
allow fastbootd kmsg_device:chr_file read;
|
|
|
|
|
allow fastbootd kernel:system syslog_read;
|
|
|
|
|
')
|
|
|
|
|
|
|
|
|
|
# Allow using libfiemap/gsid directly (no binder in recovery).
|
|
|
|
|
allow fastbootd gsi_metadata_file_type:dir search;
|
|
|
|
|
allow fastbootd ota_metadata_file:dir rw_dir_perms;
|
|
|
|
|
allow fastbootd ota_metadata_file:file create_file_perms;
|
2020-03-04 09:20:35 +01:00
|
|
|
')
|
2022-09-02 22:01:24 +02:00
|
|
|
|
2022-11-14 23:06:36 +01:00
|
|
|
# This capability allows fastbootd to circumvent memlock rlimits while using
|
|
|
|
|
# io_uring. An Alternative would be to up the memlock rlimit for the fastbootd service.
|
2022-09-02 22:01:24 +02:00
|
|
|
allow fastbootd self:capability ipc_lock;
|
2022-11-14 23:06:36 +01:00
|
|
|
io_uring_use(fastbootd)
|
2024-03-27 09:18:41 +01:00
|
|
|
|
|
|
|
|
###
|
|
|
|
|
### neverallow rules
|
|
|
|
|
###
|
|
|
|
|
|
|
|
|
|
# Write permission is required to wipe userdata
|
|
|
|
|
# until recovery supports vold.
|
|
|
|
|
neverallow fastbootd {
|
|
|
|
|
data_file_type
|
|
|
|
|
}:file { no_x_file_perms };
|
