76aab82cb3
This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.
Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
permissions.
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
55 lines
1.8 KiB
Text
55 lines
1.8 KiB
Text
# Any fsck program run by init
|
|
type fsck, domain;
|
|
type fsck_exec, exec_type, file_type;
|
|
|
|
# /dev/__null__ created by init prior to policy load,
|
|
# open fd inherited by fsck.
|
|
allow fsck tmpfs:chr_file { read write ioctl };
|
|
|
|
# Inherit and use pty created by android_fork_execvp_ext().
|
|
allow fsck devpts:chr_file { read write ioctl getattr };
|
|
|
|
# Allow stdin/out back to vold
|
|
allow fsck vold:fd use;
|
|
allow fsck vold:fifo_file { read write getattr };
|
|
|
|
# Run fsck on certain block devices
|
|
allow fsck block_device:dir search;
|
|
allow fsck userdata_block_device:blk_file rw_file_perms;
|
|
allow fsck cache_block_device:blk_file rw_file_perms;
|
|
allow fsck dm_device:blk_file rw_file_perms;
|
|
|
|
# To determine if it is safe to run fsck on a filesystem, e2fsck
|
|
# must first determine if the filesystem is mounted. To do that,
|
|
# e2fsck scans through /proc/mounts and collects all the mounted
|
|
# block devices. With that information, it runs stat() on each block
|
|
# device, comparing the major and minor numbers to the filesystem
|
|
# passed in on the command line. If there is a match, then the filesystem
|
|
# is currently mounted and running fsck is dangerous.
|
|
# Allow stat access to all block devices so that fsck can compare
|
|
# major/minor values.
|
|
allow fsck dev_type:blk_file getattr;
|
|
|
|
r_dir_file(fsck, proc)
|
|
allow fsck rootfs:dir r_dir_perms;
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# fsck should never be run on these block devices
|
|
neverallow fsck {
|
|
boot_block_device
|
|
frp_block_device
|
|
metadata_block_device
|
|
recovery_block_device
|
|
root_block_device
|
|
swap_block_device
|
|
system_block_device
|
|
vold_device
|
|
}:blk_file no_rw_file_perms;
|
|
|
|
# Only allow entry from init or vold via fsck binaries
|
|
neverallow { domain -init -vold } fsck:process transition;
|
|
neverallow * fsck:process dyntransition;
|
|
neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;
|