1# fastbootd (used in recovery init.rc for /sbin/fastbootd) 2 3# Declare the domain unconditionally so we can always reference it 4# in neverallow rules. 5type fastbootd, domain; 6 7# But the allow rules are only included in the recovery policy. 8# Otherwise fastbootd is only allowed the domain rules. 9recovery_only(` 10 # fastbootd can only use HALs in passthrough mode 11 passthrough_hal_client_domain(fastbootd, hal_bootctl) 12 13 # fastbootd can use AIDL HALs in binder mode 14 binder_use(fastbootd) 15 hal_client_domain(fastbootd, hal_health) 16 hal_client_domain(fastbootd, hal_fastboot) 17 18 # Access /dev/usb-ffs/fastbootd/ep0 19 allow fastbootd functionfs:dir search; 20 allow fastbootd functionfs:file rw_file_perms; 21 22 allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC }; 23 # Log to serial 24 allow fastbootd kmsg_device:chr_file { open getattr write }; 25 26 # battery info 27 allow fastbootd sysfs_batteryinfo:file r_file_perms; 28 29 allow fastbootd device:dir r_dir_perms; 30 31 # For dev/block/by-name dir 32 allow fastbootd block_device:dir r_dir_perms; 33 34 # Needed for DM_DEV_CREATE ioctl call 35 allow fastbootd self:capability sys_admin; 36 37 unix_socket_connect(fastbootd, recovery, recovery) 38 39 # Required for flashing 40 allow fastbootd dm_device:chr_file rw_file_perms; 41 allow fastbootd dm_device:blk_file rw_file_perms; 42 43 allow fastbootd cache_block_device:blk_file rw_file_perms; 44 allow fastbootd super_block_device_type:blk_file rw_file_perms; 45 allow fastbootd { 46 boot_block_device 47 metadata_block_device 48 system_block_device 49 userdata_block_device 50 }:blk_file { w_file_perms getattr ioctl }; 51 52 # For disabling/wiping GSI, and for modifying/deleting files created via 53 # libfiemap. 54 allow fastbootd metadata_block_device:blk_file r_file_perms; 55 allow fastbootd {rootfs tmpfs}:dir mounton; 56 allow fastbootd metadata_file:dir { search getattr mounton }; 57 allow fastbootd gsi_metadata_file_type:dir rw_dir_perms; 58 allow fastbootd gsi_metadata_file_type:file create_file_perms; 59 60 allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; 61 62 allowxperm fastbootd { 63 metadata_block_device 64 userdata_block_device 65 dm_device 66 cache_block_device 67 }:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; 68 69 allow fastbootd misc_block_device:blk_file rw_file_perms; 70 71 allow fastbootd proc_cmdline:file r_file_perms; 72 allow fastbootd rootfs:dir r_dir_perms; 73 74 # Needed to read fstab node from device tree. 75 allow fastbootd sysfs_dt_firmware_android:file r_file_perms; 76 allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms; 77 78 # Needed because libdm reads sysfs to validate when a dm path is ready. 79 r_dir_file(fastbootd, sysfs_dm) 80 81 # Needed for realpath() call to resolve symlinks. 82 allow fastbootd block_device:dir getattr; 83 userdebug_or_eng(` 84 # Refined manipulation of /mnt/scratch, without these perms resorts 85 # to deleting scratch partition when partition(s) are flashed. 86 allow fastbootd self:process setfscreate; 87 allow fastbootd cache_file:dir search; 88 allow fastbootd proc_filesystems:file { getattr open read }; 89 allow fastbootd self:capability sys_rawio; 90 allowxperm fastbootd dev_type:blk_file ioctl BLKROSET; 91 allow fastbootd overlayfs_file:dir { create_dir_perms mounton }; 92 allow fastbootd { 93 system_file_type 94 unlabeled 95 vendor_file_type 96 }:dir { remove_name rmdir search write }; 97 allow fastbootd { 98 overlayfs_file 99 system_file_type 100 unlabeled 101 vendor_file_type 102 }:{ file lnk_file } unlink; 103 allow fastbootd tmpfs:dir rw_dir_perms; 104 # Fetch vendor_boot partition 105 allow fastbootd boot_block_device:blk_file r_file_perms; 106 107 # popen(/system/bin/dmesg) and associated permissions. We only allow this 108 # on unlocked devices running userdebug builds. 109 allow fastbootd rootfs:file execute_no_trans; 110 allow fastbootd system_file:file execute_no_trans; 111 allow fastbootd kmsg_device:chr_file read; 112 allow fastbootd kernel:system syslog_read; 113 ') 114 115 # Allow using libfiemap/gsid directly (no binder in recovery). 116 allow fastbootd gsi_metadata_file_type:dir search; 117 allow fastbootd ota_metadata_file:dir rw_dir_perms; 118 allow fastbootd ota_metadata_file:file create_file_perms; 119') 120 121### 122### neverallow rules 123### 124 125# Write permission is required to wipe userdata 126# until recovery supports vold. 127neverallow fastbootd { 128 data_file_type 129}:file { no_x_file_perms }; 130