xref: /aosp_15_r20/system/sepolicy/prebuilts/api/34.0/private/snapuserd.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1# snapuserd - Daemon for servicing dm-user requests for Virtual A/B snapshots.
2type snapuserd, domain;
3type snapuserd_exec, exec_type, file_type, system_file_type;
4
5typeattribute snapuserd coredomain;
6
7init_daemon_domain(snapuserd)
8
9allow snapuserd kmsg_device:chr_file rw_file_perms;
10
11# Allow snapuserd to reach block devices in /dev/block.
12allow snapuserd block_device:dir search;
13
14# Read /sys/block to find all the DM directories like (/sys/block/dm-X).
15allow snapuserd sysfs:dir { open read };
16
17# Read /sys/block/dm-X/dm/name (which is a symlink to
18# /sys/devices/virtual/block/dm-X/dm/name) to identify the mapping between
19# dm-X and dynamic partitions.
20allow snapuserd sysfs_dm:dir { open read search };
21allow snapuserd sysfs_dm:file r_file_perms;
22
23# Reading and writing to /dev/block/dm-* (device-mapper) nodes.
24allow snapuserd block_device:dir r_dir_perms;
25allow snapuserd dm_device:chr_file rw_file_perms;
26allow snapuserd dm_device:blk_file rw_file_perms;
27
28# Reading and writing to dm-user control nodes.
29allow snapuserd dm_user_device:dir r_dir_perms;
30allow snapuserd dm_user_device:chr_file rw_file_perms;
31
32# Reading and writing to /dev/socket/snapuserd and snapuserd_proxy.
33allow snapuserd snapuserd_socket:unix_stream_socket { accept listen getattr read write };
34allow snapuserd snapuserd_proxy_socket:sock_file write;
35
36# This arises due to first-stage init opening /dev/null without F_CLOEXEC
37# (see SetStdioToDevNull in init). When we fork() and execveat() snapuserd
38# again, the descriptor leaks into the new process.
39allow snapuserd kernel:fd use;
40
41# snapuserd.* properties
42set_prop(snapuserd, snapuserd_prop)
43get_prop(snapuserd, virtual_ab_prop)
44
45# For inotify watching for /dev/socket/snapuserd_proxy to appear.
46allow snapuserd tmpfs:dir { read watch };
47
48# Forbid anything other than snapuserd and init setting snapuserd properties.
49neverallow {
50  domain
51  -snapuserd
52  -init
53} snapuserd_prop:property_service set;
54
55# Allow to read/write/create OTA metadata files
56allow snapuserd metadata_file:dir search;
57allow snapuserd ota_metadata_file:dir rw_dir_perms;
58allow snapuserd ota_metadata_file:file create_file_perms;
59
60# This capability allows snapuserd to circumvent memlock rlimits while using
61# io_uring. An Alternative would be to up the memlock rlimit for the snapuserd service.
62allow snapuserd self:capability ipc_lock;
63io_uring_use(snapuserd)
64