blob: 1a74ba8309cb98765d8e737c70558bbf67589cbe [file] [log] [blame]
# Any fsck program run by init
type fsck, domain;
type fsck_exec, system_file_type, exec_type, file_type;
# /dev/__null__ created by init prior to policy load,
# open fd inherited by fsck.
allow fsck tmpfs:chr_file { read write ioctl };
# Inherit and use pty created by android_fork_execvp_ext().
allow fsck devpts:chr_file { read write ioctl getattr };
# Allow stdin/out back to vold
allow fsck vold:fd use;
allow fsck vold:fifo_file { read write getattr };
# Run fsck on certain block devices
allow fsck userdata_block_device:blk_file rw_file_perms;
allow fsck cache_block_device:blk_file rw_file_perms;
allow fsck dm_device:blk_file rw_file_perms;
allow fsck zoned_block_device:blk_file rw_file_perms;
userdebug_or_eng(`
allow fsck system_block_device:blk_file rw_file_perms;
')
# e2fsck performs a comprehensive search of /proc/mounts to check whether the
# checked filesystem is currently mounted.
allow fsck metadata_file:dir getattr;
allow fsck block_device:dir search;
allow fsck mirror_data_file:dir search;
# For the block devices where we have ioctl access,
# allow at a minimum the following common fsck ioctls.
allowxperm fsck dev_type:blk_file ioctl {
BLKDISCARDZEROES
BLKROGET
BLKREPORTZONE
};
# To determine if it is safe to run fsck on a filesystem, e2fsck
# must first determine if the filesystem is mounted. To do that,
# e2fsck scans through /proc/mounts and collects all the mounted
# block devices. With that information, it runs stat() on each block
# device, comparing the major and minor numbers to the filesystem
# passed in on the command line. If there is a match, then the filesystem
# is currently mounted and running fsck is dangerous.
# Allow stat access to all block devices so that fsck can compare
# major/minor values.
allow fsck dev_type:blk_file getattr;
allow fsck {
proc_mounts
proc_swaps
sysfs_dm
}:file r_file_perms;
allow fsck rootfs:dir r_dir_perms;
allow fsck sysfs_dm:dir r_dir_perms;
###
### neverallow rules
###
# fsck should never be run on these block devices
neverallow fsck {
boot_block_device
frp_block_device
recovery_block_device
root_block_device
swap_block_device
system_block_device
userdebug_or_eng(`-system_block_device')
vold_device
}:blk_file no_rw_file_perms;
# Only allow entry from init or vold via fsck binaries
neverallow { domain -init -vold } fsck:process transition;
neverallow * fsck:process dyntransition;
neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;