prebuilts/api/202404/public/fastbootd.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # fastbootd (used in recovery init.rc for /sbin/fastbootd)

 # Declare the domain unconditionally so we can always reference it
 # in neverallow rules.
 type fastbootd, domain;

 # But the allow rules are only included in the recovery policy.
 # Otherwise fastbootd is only allowed the domain rules.
 recovery_only(`
   # fastbootd can only use HALs in passthrough mode
   passthrough_hal_client_domain(fastbootd, hal_bootctl)

   # fastbootd can use AIDL HALs in binder mode
   binder_use(fastbootd)
   hal_client_domain(fastbootd, hal_health)
   hal_client_domain(fastbootd, hal_fastboot)

   # Access /dev/usb-ffs/fastbootd/ep0
   allow fastbootd functionfs:dir search;
   allow fastbootd functionfs:file rw_file_perms;

   allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC };
   # Log to serial
   allow fastbootd kmsg_device:chr_file { open getattr write };

   # battery info
   allow fastbootd sysfs_batteryinfo:file r_file_perms;

   allow fastbootd device:dir r_dir_perms;

   # For dev/block/by-name dir
   allow fastbootd block_device:dir r_dir_perms;

   # Needed for DM_DEV_CREATE ioctl call
   allow fastbootd self:capability sys_admin;

   unix_socket_connect(fastbootd, recovery, recovery)

   # Required for flashing
   allow fastbootd dm_device:chr_file rw_file_perms;
   allow fastbootd dm_device:blk_file rw_file_perms;

   allow fastbootd cache_block_device:blk_file rw_file_perms;
   allow fastbootd super_block_device_type:blk_file rw_file_perms;
   allow fastbootd {
     boot_block_device
     metadata_block_device
     system_block_device
     userdata_block_device
   }:blk_file { w_file_perms getattr ioctl };

   # For disabling/wiping GSI, and for modifying/deleting files created via
   # libfiemap.
   allow fastbootd metadata_block_device:blk_file r_file_perms;
   allow fastbootd {rootfs tmpfs}:dir mounton;
   allow fastbootd metadata_file:dir { search getattr mounton };
   allow fastbootd gsi_metadata_file_type:dir rw_dir_perms;
   allow fastbootd gsi_metadata_file_type:file create_file_perms;

   allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };

   allowxperm fastbootd {
     metadata_block_device
     userdata_block_device
     dm_device
     cache_block_device
   }:blk_file ioctl { BLKSECDISCARD BLKDISCARD };

   allow fastbootd misc_block_device:blk_file rw_file_perms;

   allow fastbootd proc_cmdline:file r_file_perms;
   allow fastbootd rootfs:dir r_dir_perms;

   # Needed to read fstab node from device tree.
   allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
   allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;

   # Needed because libdm reads sysfs to validate when a dm path is ready.
   r_dir_file(fastbootd, sysfs_dm)

   # Needed for realpath() call to resolve symlinks.
   allow fastbootd block_device:dir getattr;
   userdebug_or_eng(`
     # Refined manipulation of /mnt/scratch, without these perms resorts
     # to deleting scratch partition when partition(s) are flashed.
     allow fastbootd self:process setfscreate;
     allow fastbootd cache_file:dir search;
     allow fastbootd proc_filesystems:file { getattr open read };
     allow fastbootd self:capability sys_rawio;
     allowxperm fastbootd dev_type:blk_file ioctl BLKROSET;
     allow fastbootd overlayfs_file:dir { create_dir_perms mounton };
     allow fastbootd {
       system_file_type
       unlabeled
       vendor_file_type
     }:dir { remove_name rmdir search write };
     allow fastbootd {
       overlayfs_file
       system_file_type
       unlabeled
       vendor_file_type
     }:{ file lnk_file } unlink;
     allow fastbootd tmpfs:dir rw_dir_perms;
     # Fetch vendor_boot partition
     allow fastbootd boot_block_device:blk_file r_file_perms;

     # popen(/system/bin/dmesg) and associated permissions. We only allow this
     # on unlocked devices running userdebug builds.
     allow fastbootd rootfs:file execute_no_trans;
     allow fastbootd system_file:file execute_no_trans;
     allow fastbootd kmsg_device:chr_file read;
     allow fastbootd kernel:system syslog_read;
   ')

   # Allow using libfiemap/gsid directly (no binder in recovery).
   allow fastbootd gsi_metadata_file_type:dir search;
   allow fastbootd ota_metadata_file:dir rw_dir_perms;
   allow fastbootd ota_metadata_file:file create_file_perms;
 ')

 ###
 ### neverallow rules
 ###

 # Write permission is required to wipe userdata
 # until recovery supports vold.
 neverallow fastbootd {
    data_file_type
 }:file { no_x_file_perms };
	# fastbootd (used in recovery init.rc for /sbin/fastbootd)

	# Declare the domain unconditionally so we can always reference it
	# in neverallow rules.
	type fastbootd, domain;

	# But the allow rules are only included in the recovery policy.
	# Otherwise fastbootd is only allowed the domain rules.
	recovery_only(`
	# fastbootd can only use HALs in passthrough mode
	passthrough_hal_client_domain(fastbootd, hal_bootctl)

	# fastbootd can use AIDL HALs in binder mode
	binder_use(fastbootd)
	hal_client_domain(fastbootd, hal_health)
	hal_client_domain(fastbootd, hal_fastboot)

	# Access /dev/usb-ffs/fastbootd/ep0
	allow fastbootd functionfs:dir search;
	allow fastbootd functionfs:file rw_file_perms;

	allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC };
	# Log to serial
	allow fastbootd kmsg_device:chr_file { open getattr write };

	# battery info
	allow fastbootd sysfs_batteryinfo:file r_file_perms;

	allow fastbootd device:dir r_dir_perms;

	# For dev/block/by-name dir
	allow fastbootd block_device:dir r_dir_perms;

	# Needed for DM_DEV_CREATE ioctl call
	allow fastbootd self:capability sys_admin;

	unix_socket_connect(fastbootd, recovery, recovery)

	# Required for flashing
	allow fastbootd dm_device:chr_file rw_file_perms;
	allow fastbootd dm_device:blk_file rw_file_perms;

	allow fastbootd cache_block_device:blk_file rw_file_perms;
	allow fastbootd super_block_device_type:blk_file rw_file_perms;
	allow fastbootd {
	boot_block_device
	metadata_block_device
	system_block_device
	userdata_block_device
	}:blk_file { w_file_perms getattr ioctl };

	# For disabling/wiping GSI, and for modifying/deleting files created via
	# libfiemap.
	allow fastbootd metadata_block_device:blk_file r_file_perms;
	allow fastbootd {rootfs tmpfs}:dir mounton;
	allow fastbootd metadata_file:dir { search getattr mounton };
	allow fastbootd gsi_metadata_file_type:dir rw_dir_perms;
	allow fastbootd gsi_metadata_file_type:file create_file_perms;

	allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };

	allowxperm fastbootd {
	metadata_block_device
	userdata_block_device
	dm_device
	cache_block_device
	}:blk_file ioctl { BLKSECDISCARD BLKDISCARD };

	allow fastbootd misc_block_device:blk_file rw_file_perms;

	allow fastbootd proc_cmdline:file r_file_perms;
	allow fastbootd rootfs:dir r_dir_perms;

	# Needed to read fstab node from device tree.
	allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
	allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;

	# Needed because libdm reads sysfs to validate when a dm path is ready.
	r_dir_file(fastbootd, sysfs_dm)

	# Needed for realpath() call to resolve symlinks.
	allow fastbootd block_device:dir getattr;
	userdebug_or_eng(`
	# Refined manipulation of /mnt/scratch, without these perms resorts
	# to deleting scratch partition when partition(s) are flashed.
	allow fastbootd self:process setfscreate;
	allow fastbootd cache_file:dir search;
	allow fastbootd proc_filesystems:file { getattr open read };
	allow fastbootd self:capability sys_rawio;
	allowxperm fastbootd dev_type:blk_file ioctl BLKROSET;
	allow fastbootd overlayfs_file:dir { create_dir_perms mounton };
	allow fastbootd {
	system_file_type
	unlabeled
	vendor_file_type
	}:dir { remove_name rmdir search write };
	allow fastbootd {
	overlayfs_file
	system_file_type
	unlabeled
	vendor_file_type
	}:{ file lnk_file } unlink;
	allow fastbootd tmpfs:dir rw_dir_perms;
	# Fetch vendor_boot partition
	allow fastbootd boot_block_device:blk_file r_file_perms;

	# popen(/system/bin/dmesg) and associated permissions. We only allow this
	# on unlocked devices running userdebug builds.
	allow fastbootd rootfs:file execute_no_trans;
	allow fastbootd system_file:file execute_no_trans;
	allow fastbootd kmsg_device:chr_file read;
	allow fastbootd kernel:system syslog_read;
	')

	# Allow using libfiemap/gsid directly (no binder in recovery).
	allow fastbootd gsi_metadata_file_type:dir search;
	allow fastbootd ota_metadata_file:dir rw_dir_perms;
	allow fastbootd ota_metadata_file:file create_file_perms;
	')

	###
	### neverallow rules
	###

	# Write permission is required to wipe userdata
	# until recovery supports vold.
	neverallow fastbootd {
	data_file_type
	}:file { no_x_file_perms };