1*e4a36f41SAndroid Build Coastguard Worker# Any fsck program run by init 2*e4a36f41SAndroid Build Coastguard Workertype fsck, domain; 3*e4a36f41SAndroid Build Coastguard Workertype fsck_exec, system_file_type, exec_type, file_type; 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# /dev/__null__ created by init prior to policy load, 6*e4a36f41SAndroid Build Coastguard Worker# open fd inherited by fsck. 7*e4a36f41SAndroid Build Coastguard Workerallow fsck tmpfs:chr_file { read write ioctl }; 8*e4a36f41SAndroid Build Coastguard Worker 9*e4a36f41SAndroid Build Coastguard Worker# Inherit and use pty created by android_fork_execvp_ext(). 10*e4a36f41SAndroid Build Coastguard Workerallow fsck devpts:chr_file { read write ioctl getattr }; 11*e4a36f41SAndroid Build Coastguard Worker 12*e4a36f41SAndroid Build Coastguard Worker# Allow stdin/out back to vold 13*e4a36f41SAndroid Build Coastguard Workerallow fsck vold:fd use; 14*e4a36f41SAndroid Build Coastguard Workerallow fsck vold:fifo_file { read write getattr }; 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker# Run fsck on certain block devices 17*e4a36f41SAndroid Build Coastguard Workerallow fsck userdata_block_device:blk_file rw_file_perms; 18*e4a36f41SAndroid Build Coastguard Workerallow fsck cache_block_device:blk_file rw_file_perms; 19*e4a36f41SAndroid Build Coastguard Workerallow fsck dm_device:blk_file rw_file_perms; 20*e4a36f41SAndroid Build Coastguard Workeruserdebug_or_eng(` 21*e4a36f41SAndroid Build Coastguard Workerallow fsck system_block_device:blk_file rw_file_perms; 22*e4a36f41SAndroid Build Coastguard Worker') 23*e4a36f41SAndroid Build Coastguard Worker 24*e4a36f41SAndroid Build Coastguard Worker# e2fsck performs a comprehensive search of /proc/mounts to check whether the 25*e4a36f41SAndroid Build Coastguard Worker# checked filesystem is currently mounted. 26*e4a36f41SAndroid Build Coastguard Workerallow fsck metadata_file:dir getattr; 27*e4a36f41SAndroid Build Coastguard Workerallow fsck block_device:dir search; 28*e4a36f41SAndroid Build Coastguard Workerallow fsck mirror_data_file:dir search; 29*e4a36f41SAndroid Build Coastguard Worker 30*e4a36f41SAndroid Build Coastguard Worker# For the block devices where we have ioctl access, 31*e4a36f41SAndroid Build Coastguard Worker# allow at a minimum the following common fsck ioctls. 32*e4a36f41SAndroid Build Coastguard Workerallowxperm fsck dev_type:blk_file ioctl { 33*e4a36f41SAndroid Build Coastguard Worker BLKDISCARDZEROES 34*e4a36f41SAndroid Build Coastguard Worker BLKROGET 35*e4a36f41SAndroid Build Coastguard Worker}; 36*e4a36f41SAndroid Build Coastguard Worker 37*e4a36f41SAndroid Build Coastguard Worker# To determine if it is safe to run fsck on a filesystem, e2fsck 38*e4a36f41SAndroid Build Coastguard Worker# must first determine if the filesystem is mounted. To do that, 39*e4a36f41SAndroid Build Coastguard Worker# e2fsck scans through /proc/mounts and collects all the mounted 40*e4a36f41SAndroid Build Coastguard Worker# block devices. With that information, it runs stat() on each block 41*e4a36f41SAndroid Build Coastguard Worker# device, comparing the major and minor numbers to the filesystem 42*e4a36f41SAndroid Build Coastguard Worker# passed in on the command line. If there is a match, then the filesystem 43*e4a36f41SAndroid Build Coastguard Worker# is currently mounted and running fsck is dangerous. 44*e4a36f41SAndroid Build Coastguard Worker# Allow stat access to all block devices so that fsck can compare 45*e4a36f41SAndroid Build Coastguard Worker# major/minor values. 46*e4a36f41SAndroid Build Coastguard Workerallow fsck dev_type:blk_file getattr; 47*e4a36f41SAndroid Build Coastguard Worker 48*e4a36f41SAndroid Build Coastguard Workerallow fsck { 49*e4a36f41SAndroid Build Coastguard Worker proc_mounts 50*e4a36f41SAndroid Build Coastguard Worker proc_swaps 51*e4a36f41SAndroid Build Coastguard Worker}:file r_file_perms; 52*e4a36f41SAndroid Build Coastguard Workerallow fsck rootfs:dir r_dir_perms; 53*e4a36f41SAndroid Build Coastguard Worker 54*e4a36f41SAndroid Build Coastguard Worker### 55*e4a36f41SAndroid Build Coastguard Worker### neverallow rules 56*e4a36f41SAndroid Build Coastguard Worker### 57*e4a36f41SAndroid Build Coastguard Worker 58*e4a36f41SAndroid Build Coastguard Worker# fsck should never be run on these block devices 59*e4a36f41SAndroid Build Coastguard Workerneverallow fsck { 60*e4a36f41SAndroid Build Coastguard Worker boot_block_device 61*e4a36f41SAndroid Build Coastguard Worker frp_block_device 62*e4a36f41SAndroid Build Coastguard Worker recovery_block_device 63*e4a36f41SAndroid Build Coastguard Worker root_block_device 64*e4a36f41SAndroid Build Coastguard Worker swap_block_device 65*e4a36f41SAndroid Build Coastguard Worker system_block_device 66*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-system_block_device') 67*e4a36f41SAndroid Build Coastguard Worker vold_device 68*e4a36f41SAndroid Build Coastguard Worker}:blk_file no_rw_file_perms; 69*e4a36f41SAndroid Build Coastguard Worker 70*e4a36f41SAndroid Build Coastguard Worker# Only allow entry from init or vold via fsck binaries 71*e4a36f41SAndroid Build Coastguard Workerneverallow { domain -init -vold } fsck:process transition; 72*e4a36f41SAndroid Build Coastguard Workerneverallow * fsck:process dyntransition; 73*e4a36f41SAndroid Build Coastguard Workerneverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; 74