xref: /aosp_15_r20/system/sepolicy/prebuilts/api/33.0/public/fsck.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1# Any fsck program run by init
2type fsck, domain;
3type fsck_exec, system_file_type, exec_type, file_type;
4
5# /dev/__null__ created by init prior to policy load,
6# open fd inherited by fsck.
7allow fsck tmpfs:chr_file { read write ioctl };
8
9# Inherit and use pty created by android_fork_execvp_ext().
10allow fsck devpts:chr_file { read write ioctl getattr };
11
12# Allow stdin/out back to vold
13allow fsck vold:fd use;
14allow fsck vold:fifo_file { read write getattr };
15
16# Run fsck on certain block devices
17allow fsck userdata_block_device:blk_file rw_file_perms;
18allow fsck cache_block_device:blk_file rw_file_perms;
19allow fsck dm_device:blk_file rw_file_perms;
20userdebug_or_eng(`
21allow fsck system_block_device:blk_file rw_file_perms;
22')
23
24# e2fsck performs a comprehensive search of /proc/mounts to check whether the
25# checked filesystem is currently mounted.
26allow fsck metadata_file:dir getattr;
27allow fsck block_device:dir search;
28allow fsck mirror_data_file:dir search;
29
30# For the block devices where we have ioctl access,
31# allow at a minimum the following common fsck ioctls.
32allowxperm fsck dev_type:blk_file ioctl {
33  BLKDISCARDZEROES
34  BLKROGET
35};
36
37# To determine if it is safe to run fsck on a filesystem, e2fsck
38# must first determine if the filesystem is mounted. To do that,
39# e2fsck scans through /proc/mounts and collects all the mounted
40# block devices. With that information, it runs stat() on each block
41# device, comparing the major and minor numbers to the filesystem
42# passed in on the command line. If there is a match, then the filesystem
43# is currently mounted and running fsck is dangerous.
44# Allow stat access to all block devices so that fsck can compare
45# major/minor values.
46allow fsck dev_type:blk_file getattr;
47
48allow fsck {
49  proc_mounts
50  proc_swaps
51}:file r_file_perms;
52allow fsck rootfs:dir r_dir_perms;
53
54###
55### neverallow rules
56###
57
58# fsck should never be run on these block devices
59neverallow fsck {
60  boot_block_device
61  frp_block_device
62  recovery_block_device
63  root_block_device
64  swap_block_device
65  system_block_device
66  userdebug_or_eng(`-system_block_device')
67  vold_device
68}:blk_file no_rw_file_perms;
69
70# Only allow entry from init or vold via fsck binaries
71neverallow { domain -init -vold } fsck:process transition;
72neverallow * fsck:process dyntransition;
73neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;
74