84e1c61193
vold works with two broad classes of block devices: untrusted devices that come in from the wild, and trusted devices. When running blkid and fsck, we pick which SELinux execution domain to use based on which class the device belongs to. Bug: 19993667 Change-Id: I44f5bac5dd94f0f76f3e4ef50ddbde5a32bd17a5
20 lines
694 B
Text
20 lines
694 B
Text
# blkid called from vold
|
|
type blkid, domain;
|
|
type blkid_exec, exec_type, file_type;
|
|
|
|
# Allowed read-only access to encrypted devices to extract UUID/label
|
|
allow blkid block_device:dir search;
|
|
allow blkid userdata_block_device:blk_file r_file_perms;
|
|
allow blkid dm_device:blk_file r_file_perms;
|
|
|
|
# Allow stdin/out back to vold
|
|
allow blkid vold:fd use;
|
|
allow blkid vold:fifo_file { read write getattr };
|
|
|
|
# For blkid launched through popen()
|
|
allow blkid blkid_exec:file rx_file_perms;
|
|
|
|
# Only allow entry from vold
|
|
neverallow { domain -vold } blkid:process transition;
|
|
neverallow domain blkid:process dyntransition;
|
|
neverallow blkid { file_type fs_type -blkid_exec -shell_exec }:file entrypoint;
|