| # Any fsck program run by init |
| type fsck, domain, domain_deprecated; |
| type fsck_exec, exec_type, file_type; |
| |
| # /dev/__null__ created by init prior to policy load, |
| # open fd inherited by fsck. |
| allow fsck tmpfs:chr_file { read write ioctl }; |
| |
| # Inherit and use pty created by android_fork_execvp_ext(). |
| allow fsck devpts:chr_file { read write ioctl getattr }; |
| |
| # Allow stdin/out back to vold |
| allow fsck vold:fd use; |
| allow fsck vold:fifo_file { read write getattr }; |
| |
| # Run fsck on certain block devices |
| allow fsck block_device:dir search; |
| allow fsck userdata_block_device:blk_file rw_file_perms; |
| allow fsck cache_block_device:blk_file rw_file_perms; |
| allow fsck dm_device:blk_file rw_file_perms; |
| |
| # fsck performs a stat() on swap to verify that it is a valid |
| # swap device before setting the EXT2_MF_SWAP mount flag. |
| allow fsck swap_block_device:blk_file getattr; |
| |
| r_dir_file(fsck, proc) |
| |
| ### |
| ### neverallow rules |
| ### |
| |
| # fsck should never be run on these block devices |
| neverallow fsck { |
| boot_block_device |
| frp_block_device |
| metadata_block_device |
| recovery_block_device |
| root_block_device |
| swap_block_device |
| system_block_device |
| vold_device |
| }:blk_file no_rw_file_perms; |
| |
| # Only allow entry from init or vold via fsck binaries |
| neverallow { domain -init -vold } fsck:process transition; |
| neverallow * fsck:process dyntransition; |
| neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; |