5a5b364c54
Create new vold_fsck domain that only has access to vold_block devices to prevent any access to internal userdata. Change-Id: I25ddcd16cbf83d7a25b70bc64d95f5345d0d5731
35 lines
979 B
Text
35 lines
979 B
Text
# Any fsck program run by vold
|
|
type vold_fsck, domain;
|
|
|
|
# Inherit and use pty created by android_fork_execvp_ext().
|
|
allow vold_fsck devpts:chr_file { read write ioctl getattr };
|
|
|
|
# Run fsck on certain block devices
|
|
allow vold_fsck block_device:dir search;
|
|
allow vold_fsck vold_device:blk_file rw_file_perms;
|
|
|
|
# Allow stdin/out back to vold
|
|
allow vold_fsck vold:fd use;
|
|
allow vold_fsck vold:fifo_file { read write getattr };
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# fsck should never be run on these block devices
|
|
neverallow vold_fsck {
|
|
boot_block_device
|
|
frp_block_device
|
|
metadata_block_device
|
|
recovery_block_device
|
|
root_block_device
|
|
swap_block_device
|
|
system_block_device
|
|
userdata_block_device
|
|
cache_block_device
|
|
}:blk_file no_rw_file_perms;
|
|
|
|
# Only allow entry from vold via fsck binaries
|
|
neverallow { domain -vold } vold_fsck:process transition;
|
|
neverallow domain vold_fsck:process dyntransition;
|
|
neverallow vold_fsck { file_type fs_type -fsck_exec }:file entrypoint;
|