5e37271df8
system_file_type is a new attribute used to identify files which exist on the /system partition. It's useful for allow rules in init, which are based off of a blacklist of writable files. Additionally, it's useful for constructing neverallow rules to prevent regressions. Additionally, add commented out tests which enforce that all files on the /system partition have the system_file_type attribute. These tests will be uncommented in a future change after all the device-specific policies are cleaned up. Test: Device boots and no obvious problems. Change-Id: Id9bae6625f042594c8eba74ca712abb09702c1e5
24 lines
1,017 B
Text
24 lines
1,017 B
Text
# Any toolbox command run by init.
|
|
# At present, the only known usage is for running mkswap via fs_mgr.
|
|
# Do NOT use this domain for toolbox when run by any other domain.
|
|
type toolbox, domain;
|
|
type toolbox_exec, system_file_type, exec_type, file_type;
|
|
|
|
# /dev/__null__ created by init prior to policy load,
|
|
# open fd inherited by fsck.
|
|
allow toolbox tmpfs:chr_file { read write ioctl };
|
|
|
|
# Inherit and use pty created by android_fork_execvp_ext().
|
|
allow toolbox devpts:chr_file { read write getattr ioctl };
|
|
|
|
# mkswap-specific.
|
|
# Read/write block devices used for swap partitions.
|
|
# Assign swap_block_device type any such partition in your
|
|
# device/<vendor>/<product>/sepolicy/file_contexts file.
|
|
allow toolbox block_device:dir search;
|
|
allow toolbox swap_block_device:blk_file rw_file_perms;
|
|
|
|
# Only allow entry from init via the toolbox binary.
|
|
neverallow { domain -init } toolbox:process transition;
|
|
neverallow * toolbox:process dyntransition;
|
|
neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint;
|