private/vold.te - LeafOS-Project/android_system_sepolicy - Gitiles

 typeattribute vold coredomain;

 init_daemon_domain(vold)

 # Switch to more restrictive domains when executing common tools
 domain_auto_trans(vold, sgdisk_exec, sgdisk);
 domain_auto_trans(vold, sdcardd_exec, sdcardd);
 domain_auto_trans(vold, fuseblkd_untrusted_exec, fuseblkd_untrusted);

 # Switch to e2fs domain when running mkfs.ext4 to format a partition
 domain_auto_trans(vold, e2fs_exec, e2fs);


 # For a handful of probing tools, we choose an even more restrictive
 # domain when working with untrusted block devices
 domain_trans(vold, blkid_exec, blkid);
 domain_trans(vold, blkid_exec, blkid_untrusted);
 domain_trans(vold, fsck_exec, fsck);
 domain_trans(vold, fsck_exec, fsck_untrusted);

 # Newly created storage dirs are always treated as mount stubs to prevent us
 # from accidentally writing when the mount point isn't present.
 type_transition vold storage_file:dir storage_stub_file;
 type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file;

 # Property Service
 get_prop(vold, vold_config_prop)
 get_prop(vold, storage_config_prop);
 get_prop(vold, incremental_prop);
 get_prop(vold, gsid_prop);

 set_prop(vold, vold_prop)
 set_prop(vold, vold_status_prop)
 set_prop(vold, powerctl_prop)
 set_prop(vold, ctl_fuse_prop)
 set_prop(vold, restorecon_prop)
 set_prop(vold, ota_prop)
 set_prop(vold, boottime_prop)
 set_prop(vold, boottime_public_prop)

 # Vold will use Keystore instead of using Keymint directly. But it still needs
 # to manage its Keymint blobs. This is why it needs the `manage_blob` permission.
 allow vold vold_key:keystore2_key {
     convert_storage_key_to_ephemeral
     delete
     get_info
     manage_blob
     rebind
     req_forced_op
     update
     use
 };

 # vold needs to call keystore methods
 allow vold keystore:binder call;

 # vold needs to find keystore2 services
 allow vold keystore_service:service_manager find;
 allow vold keystore_maintenance_service:service_manager find;

 # vold needs to be able to call earlyBootEnded() and deleteAllKeys()
 allow vold keystore:keystore2 early_boot_ended;
 allow vold keystore:keystore2 delete_all_keys;

 neverallow {
     domain
     -system_server
     -vdc
     -vold
     -update_verifier
     -apexd
     -gsid
 } vold_service:service_manager find;

 # Allow vold to create and delete per-user directories like /data/user/$userId.
 allow vold {
     media_userdir_file
     system_userdir_file
     vendor_userdir_file
 }:dir {
     add_name
     remove_name
     write
 };

 # Only vold should create (and delete) per-user directories like
 # /data/user/$userId.  This is very important, as these directories need to be
 # encrypted with per-user keys, which only vold can do.  Encryption can only be
 # set up on empty directories, so creation and encryption must happen together.
 neverallow {
     domain
     -vold
 } {
     media_userdir_file
     system_userdir_file
     vendor_userdir_file
 }:dir {
     add_name
     remove_name
     write
 };
	typeattribute vold coredomain;

	init_daemon_domain(vold)

	# Switch to more restrictive domains when executing common tools
	domain_auto_trans(vold, sgdisk_exec, sgdisk);
	domain_auto_trans(vold, sdcardd_exec, sdcardd);
	domain_auto_trans(vold, fuseblkd_untrusted_exec, fuseblkd_untrusted);

	# Switch to e2fs domain when running mkfs.ext4 to format a partition
	domain_auto_trans(vold, e2fs_exec, e2fs);


	# For a handful of probing tools, we choose an even more restrictive
	# domain when working with untrusted block devices
	domain_trans(vold, blkid_exec, blkid);
	domain_trans(vold, blkid_exec, blkid_untrusted);
	domain_trans(vold, fsck_exec, fsck);
	domain_trans(vold, fsck_exec, fsck_untrusted);

	# Newly created storage dirs are always treated as mount stubs to prevent us
	# from accidentally writing when the mount point isn't present.
	type_transition vold storage_file:dir storage_stub_file;
	type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file;

	# Property Service
	get_prop(vold, vold_config_prop)
	get_prop(vold, storage_config_prop);
	get_prop(vold, incremental_prop);
	get_prop(vold, gsid_prop);

	set_prop(vold, vold_prop)
	set_prop(vold, vold_status_prop)
	set_prop(vold, powerctl_prop)
	set_prop(vold, ctl_fuse_prop)
	set_prop(vold, restorecon_prop)
	set_prop(vold, ota_prop)
	set_prop(vold, boottime_prop)
	set_prop(vold, boottime_public_prop)

	# Vold will use Keystore instead of using Keymint directly. But it still needs
	# to manage its Keymint blobs. This is why it needs the `manage_blob` permission.
	allow vold vold_key:keystore2_key {
	convert_storage_key_to_ephemeral
	delete
	get_info
	manage_blob
	rebind
	req_forced_op
	update
	use
	};

	# vold needs to call keystore methods
	allow vold keystore:binder call;

	# vold needs to find keystore2 services
	allow vold keystore_service:service_manager find;
	allow vold keystore_maintenance_service:service_manager find;

	# vold needs to be able to call earlyBootEnded() and deleteAllKeys()
	allow vold keystore:keystore2 early_boot_ended;
	allow vold keystore:keystore2 delete_all_keys;

	neverallow {
	domain
	-system_server
	-vdc
	-vold
	-update_verifier
	-apexd
	-gsid
	} vold_service:service_manager find;

	# Allow vold to create and delete per-user directories like /data/user/$userId.
	allow vold {
	media_userdir_file
	system_userdir_file
	vendor_userdir_file
	}:dir {
	add_name
	remove_name
	write
	};

	# Only vold should create (and delete) per-user directories like
	# /data/user/$userId. This is very important, as these directories need to be
	# encrypted with per-user keys, which only vold can do. Encryption can only be
	# set up on empty directories, so creation and encryption must happen together.
	neverallow {
	domain
	-vold
	} {
	media_userdir_file
	system_userdir_file
	vendor_userdir_file
	}:dir {
	add_name
	remove_name
	write
	};