1typeattribute vold coredomain; 2 3init_daemon_domain(vold) 4 5# Switch to more restrictive domains when executing common tools 6domain_auto_trans(vold, sgdisk_exec, sgdisk); 7domain_auto_trans(vold, sdcardd_exec, sdcardd); 8domain_auto_trans(vold, fuseblkd_untrusted_exec, fuseblkd_untrusted); 9 10# For a handful of probing tools, we choose an even more restrictive 11# domain when working with untrusted block devices 12domain_trans(vold, blkid_exec, blkid); 13domain_trans(vold, blkid_exec, blkid_untrusted); 14domain_trans(vold, fsck_exec, fsck); 15domain_trans(vold, fsck_exec, fsck_untrusted); 16 17# Newly created storage dirs are always treated as mount stubs to prevent us 18# from accidentally writing when the mount point isn't present. 19type_transition vold storage_file:dir storage_stub_file; 20type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; 21 22# Property Service 23get_prop(vold, vold_config_prop) 24get_prop(vold, storage_config_prop); 25get_prop(vold, incremental_prop); 26get_prop(vold, gsid_prop); 27 28set_prop(vold, vold_prop) 29set_prop(vold, vold_status_prop) 30set_prop(vold, powerctl_prop) 31set_prop(vold, ctl_fuse_prop) 32set_prop(vold, restorecon_prop) 33set_prop(vold, ota_prop) 34set_prop(vold, boottime_prop) 35set_prop(vold, boottime_public_prop) 36 37# Vold will use Keystore instead of using Keymint directly. But it still needs 38# to manage its Keymint blobs. This is why it needs the `manage_blob` permission. 39allow vold vold_key:keystore2_key { 40 convert_storage_key_to_ephemeral 41 delete 42 get_info 43 manage_blob 44 rebind 45 req_forced_op 46 update 47 use 48}; 49 50# vold needs to call keystore methods 51allow vold keystore:binder call; 52 53# vold needs to find keystore2 services 54allow vold keystore_service:service_manager find; 55allow vold keystore_maintenance_service:service_manager find; 56 57# vold needs to be able to call earlyBootEnded() and deleteAllKeys() 58allow vold keystore:keystore2 early_boot_ended; 59allow vold keystore:keystore2 delete_all_keys; 60 61neverallow { 62 domain 63 -system_server 64 -vdc 65 -vold 66 -update_verifier 67 -apexd 68 -gsid 69} vold_service:service_manager find; 70 71# Allow vold to create and delete per-user directories like /data/user/$userId. 72allow vold { 73 media_userdir_file 74 system_userdir_file 75 vendor_userdir_file 76}:dir { 77 add_name 78 remove_name 79 write 80}; 81 82# Only vold should create (and delete) per-user directories like 83# /data/user/$userId. This is very important, as these directories need to be 84# encrypted with per-user keys, which only vold can do. Encryption can only be 85# set up on empty directories, so creation and encryption must happen together. 86neverallow { 87 domain 88 -vold 89} { 90 media_userdir_file 91 system_userdir_file 92 vendor_userdir_file 93}:dir { 94 add_name 95 remove_name 96 write 97}; 98