platform_system_sepolicy/vold_fsck.te
Jeff Sharkey 5a5b364c54 Separate fsck domains to protect userdata.
Create new vold_fsck domain that only has access to vold_block
devices to prevent any access to internal userdata.

Change-Id: I25ddcd16cbf83d7a25b70bc64d95f5345d0d5731
2015-03-31 08:13:20 -07:00

35 lines
979 B
Text

# Any fsck program run by vold
type vold_fsck, domain;
# Inherit and use pty created by android_fork_execvp_ext().
allow vold_fsck devpts:chr_file { read write ioctl getattr };
# Run fsck on certain block devices
allow vold_fsck block_device:dir search;
allow vold_fsck vold_device:blk_file rw_file_perms;
# Allow stdin/out back to vold
allow vold_fsck vold:fd use;
allow vold_fsck vold:fifo_file { read write getattr };
###
### neverallow rules
###
# fsck should never be run on these block devices
neverallow vold_fsck {
boot_block_device
frp_block_device
metadata_block_device
recovery_block_device
root_block_device
swap_block_device
system_block_device
userdata_block_device
cache_block_device
}:blk_file no_rw_file_perms;
# Only allow entry from vold via fsck binaries
neverallow { domain -vold } vold_fsck:process transition;
neverallow domain vold_fsck:process dyntransition;
neverallow vold_fsck { file_type fs_type -fsck_exec }:file entrypoint;