e491020f3a
Make sure we're not running fsck on block devices where it doesn't make any sense. In particular, we should not be running fsck on /system since it's mounted read-only, and any modification to that block device will screw up verified boot. Change-Id: Ic8dd4b0519b423bb5ceb814daeebef06a8f065b4
37 lines
1 KiB
Text
37 lines
1 KiB
Text
# e2fsck or any other fsck program run by init.
|
|
type fsck, domain;
|
|
type fsck_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(fsck)
|
|
|
|
# /dev/__null__ created by init prior to policy load,
|
|
# open fd inherited by fsck.
|
|
allow fsck tmpfs:chr_file { read write ioctl };
|
|
|
|
# Inherit and use pty created by android_fork_execvp_ext().
|
|
allow fsck devpts:chr_file { read write ioctl getattr };
|
|
|
|
# Run e2fsck on block devices.
|
|
allow fsck block_device:dir search;
|
|
allow fsck userdata_block_device:blk_file rw_file_perms;
|
|
allow fsck cache_block_device:blk_file rw_file_perms;
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# fsck should never be run on these block devices
|
|
neverallow fsck {
|
|
boot_block_device
|
|
frp_block_device
|
|
metadata_block_device
|
|
recovery_block_device
|
|
root_block_device
|
|
swap_block_device
|
|
system_block_device
|
|
}:blk_file no_rw_file_perms;
|
|
|
|
# Only allow entry from init via the e2fsck binary.
|
|
neverallow { domain -init } fsck:process transition;
|
|
neverallow domain fsck:process dyntransition;
|
|
neverallow fsck { file_type fs_type -fsck_exec}:file entrypoint;
|