08d4c8fa6e
This commit adds fake 31.0 prebuilt. The prebuilt is based on AOSP policy, but slightly modified so the set of types and attributes is a subset of real 31.0 prebuilt (sc-dev policy). Steps taken to make the fake prebuilt: 1) build plat_sepolicy.cil both on AOSP and sc-dev, with lunch target aosp_arm64-eng. 2) diff both outputs to find out which types and attributes don't exist. 3) remove all relevant files and statements. As a result, the following types are removed. artd artd_exec artd_service power_stats_service transformer_service virtualizationservice virtualizationservice_data_file virtualizationservice_exec Bug: 189161483 Test: N/A, will do after adding 31.0 mapping files. Change-Id: Ia957fc32b1838dae730d9dd7bd917d684d4a24cf Merged-In: Ia4ea2999f4bc8ae80f13e51d99fba3e98e293447
49 lines
1.7 KiB
Text
49 lines
1.7 KiB
Text
# Any fsck program run on untrusted block devices
|
|
type fsck_untrusted, domain;
|
|
|
|
# Inherit and use pty created by android_fork_execvp_ext().
|
|
allow fsck_untrusted devpts:chr_file { read write ioctl getattr };
|
|
|
|
# Allow stdin/out back to vold
|
|
allow fsck_untrusted vold:fd use;
|
|
allow fsck_untrusted vold:fifo_file { read write getattr };
|
|
|
|
# Run fsck on vold block devices
|
|
allow fsck_untrusted block_device:dir search;
|
|
allow fsck_untrusted vold_device:blk_file rw_file_perms;
|
|
|
|
allow fsck_untrusted proc_mounts:file r_file_perms;
|
|
|
|
# To determine if it is safe to run fsck on a filesystem, e2fsck
|
|
# must first determine if the filesystem is mounted. To do that,
|
|
# e2fsck scans through /proc/mounts and collects all the mounted
|
|
# block devices. With that information, it runs stat() on each block
|
|
# device, comparing the major and minor numbers to the filesystem
|
|
# passed in on the command line. If there is a match, then the filesystem
|
|
# is currently mounted and running fsck is dangerous.
|
|
# Allow stat access to all block devices so that fsck can compare
|
|
# major/minor values.
|
|
allow fsck_untrusted dev_type:blk_file getattr;
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# Untrusted fsck should never be run on block devices holding sensitive data
|
|
neverallow fsck_untrusted {
|
|
boot_block_device
|
|
frp_block_device
|
|
metadata_block_device
|
|
recovery_block_device
|
|
root_block_device
|
|
swap_block_device
|
|
system_block_device
|
|
userdata_block_device
|
|
cache_block_device
|
|
dm_device
|
|
}:blk_file no_rw_file_perms;
|
|
|
|
# Only allow entry from vold via fsck binaries
|
|
neverallow { domain -vold } fsck_untrusted:process transition;
|
|
neverallow * fsck_untrusted:process dyntransition;
|
|
neverallow fsck_untrusted { file_type fs_type -fsck_exec }:file entrypoint;
|