1*e4a36f41SAndroid Build Coastguard Workertypeattribute vold coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(vold) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# Switch to more restrictive domains when executing common tools 6*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(vold, sgdisk_exec, sgdisk); 7*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(vold, sdcardd_exec, sdcardd); 8*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(vold, fuseblkd_untrusted_exec, fuseblkd_untrusted); 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# Switch to e2fs domain when running mkfs.ext4 to format a partition 11*e4a36f41SAndroid Build Coastguard Workerdomain_auto_trans(vold, e2fs_exec, e2fs); 12*e4a36f41SAndroid Build Coastguard Worker 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# For a handful of probing tools, we choose an even more restrictive 15*e4a36f41SAndroid Build Coastguard Worker# domain when working with untrusted block devices 16*e4a36f41SAndroid Build Coastguard Workerdomain_trans(vold, blkid_exec, blkid); 17*e4a36f41SAndroid Build Coastguard Workerdomain_trans(vold, blkid_exec, blkid_untrusted); 18*e4a36f41SAndroid Build Coastguard Workerdomain_trans(vold, fsck_exec, fsck); 19*e4a36f41SAndroid Build Coastguard Workerdomain_trans(vold, fsck_exec, fsck_untrusted); 20*e4a36f41SAndroid Build Coastguard Worker 21*e4a36f41SAndroid Build Coastguard Worker# Newly created storage dirs are always treated as mount stubs to prevent us 22*e4a36f41SAndroid Build Coastguard Worker# from accidentally writing when the mount point isn't present. 23*e4a36f41SAndroid Build Coastguard Workertype_transition vold storage_file:dir storage_stub_file; 24*e4a36f41SAndroid Build Coastguard Workertype_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; 25*e4a36f41SAndroid Build Coastguard Worker 26*e4a36f41SAndroid Build Coastguard Worker# Property Service 27*e4a36f41SAndroid Build Coastguard Workerget_prop(vold, vold_config_prop) 28*e4a36f41SAndroid Build Coastguard Workerget_prop(vold, storage_config_prop); 29*e4a36f41SAndroid Build Coastguard Workerget_prop(vold, incremental_prop); 30*e4a36f41SAndroid Build Coastguard Workerget_prop(vold, gsid_prop); 31*e4a36f41SAndroid Build Coastguard Worker 32*e4a36f41SAndroid Build Coastguard Workerset_prop(vold, vold_prop) 33*e4a36f41SAndroid Build Coastguard Workerset_prop(vold, vold_status_prop) 34*e4a36f41SAndroid Build Coastguard Workerset_prop(vold, powerctl_prop) 35*e4a36f41SAndroid Build Coastguard Workerset_prop(vold, ctl_fuse_prop) 36*e4a36f41SAndroid Build Coastguard Workerset_prop(vold, restorecon_prop) 37*e4a36f41SAndroid Build Coastguard Workerset_prop(vold, ota_prop) 38*e4a36f41SAndroid Build Coastguard Workerset_prop(vold, boottime_prop) 39*e4a36f41SAndroid Build Coastguard Workerset_prop(vold, boottime_public_prop) 40*e4a36f41SAndroid Build Coastguard Worker 41*e4a36f41SAndroid Build Coastguard Worker# Vold will use Keystore instead of using Keymint directly. But it still needs 42*e4a36f41SAndroid Build Coastguard Worker# to manage its Keymint blobs. This is why it needs the `manage_blob` permission. 43*e4a36f41SAndroid Build Coastguard Workerallow vold vold_key:keystore2_key { 44*e4a36f41SAndroid Build Coastguard Worker convert_storage_key_to_ephemeral 45*e4a36f41SAndroid Build Coastguard Worker delete 46*e4a36f41SAndroid Build Coastguard Worker get_info 47*e4a36f41SAndroid Build Coastguard Worker manage_blob 48*e4a36f41SAndroid Build Coastguard Worker rebind 49*e4a36f41SAndroid Build Coastguard Worker req_forced_op 50*e4a36f41SAndroid Build Coastguard Worker update 51*e4a36f41SAndroid Build Coastguard Worker use 52*e4a36f41SAndroid Build Coastguard Worker}; 53*e4a36f41SAndroid Build Coastguard Worker 54*e4a36f41SAndroid Build Coastguard Worker# vold needs to call keystore methods 55*e4a36f41SAndroid Build Coastguard Workerallow vold keystore:binder call; 56*e4a36f41SAndroid Build Coastguard Worker 57*e4a36f41SAndroid Build Coastguard Worker# vold needs to find keystore2 services 58*e4a36f41SAndroid Build Coastguard Workerallow vold keystore_service:service_manager find; 59*e4a36f41SAndroid Build Coastguard Workerallow vold keystore_maintenance_service:service_manager find; 60*e4a36f41SAndroid Build Coastguard Worker 61*e4a36f41SAndroid Build Coastguard Worker# vold needs to be able to call earlyBootEnded() and deleteAllKeys() 62*e4a36f41SAndroid Build Coastguard Workerallow vold keystore:keystore2 early_boot_ended; 63*e4a36f41SAndroid Build Coastguard Workerallow vold keystore:keystore2 delete_all_keys; 64*e4a36f41SAndroid Build Coastguard Worker 65*e4a36f41SAndroid Build Coastguard Workerneverallow { 66*e4a36f41SAndroid Build Coastguard Worker domain 67*e4a36f41SAndroid Build Coastguard Worker -system_server 68*e4a36f41SAndroid Build Coastguard Worker -vdc 69*e4a36f41SAndroid Build Coastguard Worker -vold 70*e4a36f41SAndroid Build Coastguard Worker -update_verifier 71*e4a36f41SAndroid Build Coastguard Worker -apexd 72*e4a36f41SAndroid Build Coastguard Worker -gsid 73*e4a36f41SAndroid Build Coastguard Worker} vold_service:service_manager find; 74*e4a36f41SAndroid Build Coastguard Worker 75*e4a36f41SAndroid Build Coastguard Worker# Allow vold to create and delete per-user directories like /data/user/$userId. 76*e4a36f41SAndroid Build Coastguard Workerallow vold { 77*e4a36f41SAndroid Build Coastguard Worker media_userdir_file 78*e4a36f41SAndroid Build Coastguard Worker system_userdir_file 79*e4a36f41SAndroid Build Coastguard Worker vendor_userdir_file 80*e4a36f41SAndroid Build Coastguard Worker}:dir { 81*e4a36f41SAndroid Build Coastguard Worker add_name 82*e4a36f41SAndroid Build Coastguard Worker remove_name 83*e4a36f41SAndroid Build Coastguard Worker write 84*e4a36f41SAndroid Build Coastguard Worker}; 85*e4a36f41SAndroid Build Coastguard Worker 86*e4a36f41SAndroid Build Coastguard Worker# Only vold should create (and delete) per-user directories like 87*e4a36f41SAndroid Build Coastguard Worker# /data/user/$userId. This is very important, as these directories need to be 88*e4a36f41SAndroid Build Coastguard Worker# encrypted with per-user keys, which only vold can do. Encryption can only be 89*e4a36f41SAndroid Build Coastguard Worker# set up on empty directories, so creation and encryption must happen together. 90*e4a36f41SAndroid Build Coastguard Workerneverallow { 91*e4a36f41SAndroid Build Coastguard Worker domain 92*e4a36f41SAndroid Build Coastguard Worker -vold 93*e4a36f41SAndroid Build Coastguard Worker} { 94*e4a36f41SAndroid Build Coastguard Worker media_userdir_file 95*e4a36f41SAndroid Build Coastguard Worker system_userdir_file 96*e4a36f41SAndroid Build Coastguard Worker vendor_userdir_file 97*e4a36f41SAndroid Build Coastguard Worker}:dir { 98*e4a36f41SAndroid Build Coastguard Worker add_name 99*e4a36f41SAndroid Build Coastguard Worker remove_name 100*e4a36f41SAndroid Build Coastguard Worker write 101*e4a36f41SAndroid Build Coastguard Worker}; 102