1912daf6a9
This CL adds permissions to allow fastbootd to erase
logical partitions.
[ 33.423370] c5 587 audit: type=1400 audit(2073228.303:11): avc: denied { ioctl } for
pid=587 comm="fastbootd" path="/dev/block/dm-0" dev="tmpfs" ino=25433 ioctlcmd=0x127d
scontext=u:r:fastbootd:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0^M
[ 33.446927] c5 587 audit: type=1400 audit(2073228.326:12): avc: denied { ioctl }
for pid=587 comm="fastbootd" path="/dev/block/dm-0" dev="tmpfs" ino=25433 ioctlcmd=0x1277
scontext=u:r:fastbootd:s0 tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0^M
Test: fastboot erase system
Bug: 125391557
Change-Id: I0c99db123ed5357ceb7e16e192042e8e044e3557
115 lines
3.4 KiB
Text
115 lines
3.4 KiB
Text
# fastbootd (used in recovery init.rc for /sbin/fastbootd)
|
|
|
|
# Declare the domain unconditionally so we can always reference it
|
|
# in neverallow rules.
|
|
type fastbootd, domain;
|
|
|
|
# But the allow rules are only included in the recovery policy.
|
|
# Otherwise fastbootd is only allowed the domain rules.
|
|
recovery_only(`
|
|
# fastbootd can only use HALs in passthrough mode
|
|
passthrough_hal_client_domain(fastbootd, hal_bootctl)
|
|
|
|
# Access /dev/usb-ffs/fastbootd/ep0
|
|
allow fastbootd functionfs:dir search;
|
|
allow fastbootd functionfs:file rw_file_perms;
|
|
|
|
allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC };
|
|
# Log to serial
|
|
allow fastbootd kmsg_device:chr_file { open write };
|
|
|
|
# battery info
|
|
allow fastbootd sysfs_batteryinfo:file r_file_perms;
|
|
|
|
allow fastbootd device:dir r_dir_perms;
|
|
|
|
# Reboot the device
|
|
set_prop(fastbootd, powerctl_prop)
|
|
|
|
# Read serial number of the device from system properties
|
|
get_prop(fastbootd, serialno_prop)
|
|
|
|
# For dev/block/by-name dir
|
|
allow fastbootd block_device:dir r_dir_perms;
|
|
|
|
# Needed for DM_DEV_CREATE ioctl call
|
|
allow fastbootd self:capability sys_admin;
|
|
|
|
# Set sys.usb.ffs.ready.
|
|
set_prop(fastbootd, ffs_prop)
|
|
set_prop(fastbootd, exported_ffs_prop)
|
|
|
|
unix_socket_connect(fastbootd, recovery, recovery)
|
|
|
|
# Required for flashing
|
|
allow fastbootd dm_device:chr_file rw_file_perms;
|
|
allow fastbootd dm_device:blk_file rw_file_perms;
|
|
|
|
allow fastbootd super_block_device:blk_file rw_file_perms;
|
|
allow fastbootd {
|
|
boot_block_device
|
|
metadata_block_device
|
|
system_block_device
|
|
userdata_block_device
|
|
}:blk_file { w_file_perms getattr ioctl };
|
|
|
|
# For disabling/wiping GSI.
|
|
allow fastbootd metadata_block_device:blk_file r_file_perms;
|
|
allow fastbootd {rootfs tmpfs}:dir mounton;
|
|
allow fastbootd metadata_file:dir search;
|
|
allow fastbootd gsi_metadata_file:dir r_dir_perms;
|
|
allow fastbootd gsi_metadata_file:file rw_file_perms;
|
|
|
|
allowxperm fastbootd {
|
|
system_block_device
|
|
super_block_device
|
|
}:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
|
|
|
|
allowxperm fastbootd {
|
|
metadata_block_device
|
|
userdata_block_device
|
|
dm_device
|
|
}:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
|
|
|
|
allow fastbootd misc_block_device:blk_file rw_file_perms;
|
|
|
|
allow fastbootd proc_cmdline:file r_file_perms;
|
|
allow fastbootd rootfs:dir r_dir_perms;
|
|
|
|
# Needed to read fstab node from device tree.
|
|
allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
|
|
allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;
|
|
|
|
# Needed for realpath() call to resolve symlinks.
|
|
allow fastbootd block_device:dir getattr;
|
|
userdebug_or_eng(`
|
|
# Refined manipulation of /mnt/scratch, without these perms resorts
|
|
# to deleting scratch partition when partition(s) are flashed.
|
|
allow fastbootd self:process setfscreate;
|
|
allow fastbootd overlayfs_file:dir { create_dir_perms mounton };
|
|
allow fastbootd {
|
|
system_file_type
|
|
unlabeled
|
|
vendor_file_type
|
|
}:dir { remove_name rmdir search write };
|
|
allow fastbootd {
|
|
overlayfs_file
|
|
system_file_type
|
|
unlabeled
|
|
vendor_file_type
|
|
}:{ file lnk_file } unlink;
|
|
allow fastbootd tmpfs:dir rw_dir_perms;
|
|
allow fastbootd labeledfs:filesystem { mount unmount };
|
|
get_prop(fastbootd, persistent_properties_ready_prop)
|
|
')
|
|
')
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# Write permission is required to wipe userdata
|
|
# until recovery supports vold.
|
|
neverallow fastbootd {
|
|
data_file_type
|
|
}:file { no_x_file_perms };
|