8a525d768f
This resulted from changes in e2fsprogs logic which traverses
/proc/mounts to warn about fixing a mounted filesystem.
Denials:
07-08 15:08:21.207 853 853 I auditd : type=1400 audit(0.0:88): avc: denied { getattr } for comm="e2fsck" path="/metadata" dev="vda12" ino=2 scontext=u:r:fsck:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0
07-08 15:08:21.207 853 853 I auditd : type=1400 audit(0.0:89): avc: denied { search } for comm="e2fsck" name="/" dev="tmpfs" ino=1 scontext=u:r:fsck:s0 tcontext=u:object_r:mirror_data_file:s0 tclass=dir permissive=0
Bug: 193137337
Test: treehugger
Change-Id: Ib050463f7fa6ea453795c933ff388d3594bb7c23
73 lines
2.3 KiB
Text
73 lines
2.3 KiB
Text
# Any fsck program run by init
|
|
type fsck, domain;
|
|
type fsck_exec, system_file_type, exec_type, file_type;
|
|
|
|
# /dev/__null__ created by init prior to policy load,
|
|
# open fd inherited by fsck.
|
|
allow fsck tmpfs:chr_file { read write ioctl };
|
|
|
|
# Inherit and use pty created by android_fork_execvp_ext().
|
|
allow fsck devpts:chr_file { read write ioctl getattr };
|
|
|
|
# Allow stdin/out back to vold
|
|
allow fsck vold:fd use;
|
|
allow fsck vold:fifo_file { read write getattr };
|
|
|
|
# Run fsck on certain block devices
|
|
allow fsck userdata_block_device:blk_file rw_file_perms;
|
|
allow fsck cache_block_device:blk_file rw_file_perms;
|
|
allow fsck dm_device:blk_file rw_file_perms;
|
|
userdebug_or_eng(`
|
|
allow fsck system_block_device:blk_file rw_file_perms;
|
|
')
|
|
|
|
# e2fsck performs a comprehensive search of /proc/mounts to check whether the
|
|
# checked filesystem is currently mounted.
|
|
allow fsck metadata_file:dir getattr;
|
|
allow fsck block_device:dir search;
|
|
allow fsck mirror_data_file:dir search;
|
|
|
|
# For the block devices where we have ioctl access,
|
|
# allow at a minimum the following common fsck ioctls.
|
|
allowxperm fsck dev_type:blk_file ioctl {
|
|
BLKDISCARDZEROES
|
|
BLKROGET
|
|
};
|
|
|
|
# To determine if it is safe to run fsck on a filesystem, e2fsck
|
|
# must first determine if the filesystem is mounted. To do that,
|
|
# e2fsck scans through /proc/mounts and collects all the mounted
|
|
# block devices. With that information, it runs stat() on each block
|
|
# device, comparing the major and minor numbers to the filesystem
|
|
# passed in on the command line. If there is a match, then the filesystem
|
|
# is currently mounted and running fsck is dangerous.
|
|
# Allow stat access to all block devices so that fsck can compare
|
|
# major/minor values.
|
|
allow fsck dev_type:blk_file getattr;
|
|
|
|
allow fsck {
|
|
proc_mounts
|
|
proc_swaps
|
|
}:file r_file_perms;
|
|
allow fsck rootfs:dir r_dir_perms;
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# fsck should never be run on these block devices
|
|
neverallow fsck {
|
|
boot_block_device
|
|
frp_block_device
|
|
recovery_block_device
|
|
root_block_device
|
|
swap_block_device
|
|
system_block_device
|
|
userdebug_or_eng(`-system_block_device')
|
|
vold_device
|
|
}:blk_file no_rw_file_perms;
|
|
|
|
# Only allow entry from init or vold via fsck binaries
|
|
neverallow { domain -init -vold } fsck:process transition;
|
|
neverallow * fsck:process dyntransition;
|
|
neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;
|