1# fastbootd (used in recovery init.rc for /sbin/fastbootd) 2 3# Declare the domain unconditionally so we can always reference it 4# in neverallow rules. 5type fastbootd, domain; 6 7# But the allow rules are only included in the recovery policy. 8# Otherwise fastbootd is only allowed the domain rules. 9recovery_only(` 10 # fastbootd can only use HALs in passthrough mode 11 passthrough_hal_client_domain(fastbootd, hal_bootctl) 12 13 # fastbootd can use AIDL HALs in binder mode 14 binder_use(fastbootd) 15 hal_client_domain(fastbootd, hal_health) 16 hal_client_domain(fastbootd, hal_fastboot) 17 18 # Access /dev/usb-ffs/fastbootd/ep0 19 allow fastbootd functionfs:dir search; 20 allow fastbootd functionfs:file rw_file_perms; 21 22 allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC }; 23 # Log to serial 24 allow fastbootd kmsg_device:chr_file { open getattr write }; 25 26 # battery info 27 allow fastbootd sysfs_batteryinfo:file r_file_perms; 28 29 allow fastbootd device:dir r_dir_perms; 30 31 # For dev/block/by-name dir 32 allow fastbootd block_device:dir r_dir_perms; 33 34 # Needed for DM_DEV_CREATE ioctl call 35 allow fastbootd self:capability sys_admin; 36 37 unix_socket_connect(fastbootd, recovery, recovery) 38 39 # Required for flashing 40 allow fastbootd dm_device:chr_file rw_file_perms; 41 allow fastbootd dm_device:blk_file rw_file_perms; 42 43 allow fastbootd cache_block_device:blk_file rw_file_perms; 44 allow fastbootd super_block_device_type:blk_file rw_file_perms; 45 allow fastbootd { 46 boot_block_device 47 metadata_block_device 48 system_block_device 49 userdata_block_device 50 }:blk_file { w_file_perms getattr ioctl }; 51 52 # For disabling/wiping GSI, and for modifying/deleting files created via 53 # libfiemap. 54 allow fastbootd metadata_block_device:blk_file r_file_perms; 55 allow fastbootd {rootfs tmpfs}:dir mounton; 56 allow fastbootd metadata_file:dir { search getattr mounton }; 57 allow fastbootd gsi_metadata_file_type:dir rw_dir_perms; 58 allow fastbootd gsi_metadata_file_type:file create_file_perms; 59 60 allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; 61 62 allowxperm fastbootd { 63 metadata_block_device 64 userdata_block_device 65 dm_device 66 cache_block_device 67 }:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; 68 69 allow fastbootd misc_block_device:blk_file rw_file_perms; 70 71 allow fastbootd proc_cmdline:file r_file_perms; 72 allow fastbootd rootfs:dir r_dir_perms; 73 74 # Needed to read fstab node from device tree. 75 allow fastbootd sysfs_dt_firmware_android:file r_file_perms; 76 allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms; 77 78 # Needed because libdm reads sysfs to validate when a dm path is ready. 79 r_dir_file(fastbootd, sysfs_dm) 80 81 # Needed for realpath() call to resolve symlinks. 82 allow fastbootd block_device:dir getattr; 83 userdebug_or_eng(` 84 # Refined manipulation of /mnt/scratch, without these perms resorts 85 # to deleting scratch partition when partition(s) are flashed. 86 allow fastbootd self:process setfscreate; 87 allow fastbootd cache_file:dir search; 88 allow fastbootd proc_filesystems:file { getattr open read }; 89 allow fastbootd self:capability sys_rawio; 90 dontaudit fastbootd kernel:system module_request; 91 allowxperm fastbootd dev_type:blk_file ioctl BLKROSET; 92 allow fastbootd overlayfs_file:dir { create_dir_perms mounton }; 93 allow fastbootd { 94 system_file_type 95 unlabeled 96 vendor_file_type 97 }:dir { remove_name rmdir search write }; 98 allow fastbootd { 99 overlayfs_file 100 system_file_type 101 unlabeled 102 vendor_file_type 103 }:{ file lnk_file } unlink; 104 allow fastbootd tmpfs:dir rw_dir_perms; 105 # Fetch vendor_boot partition 106 allow fastbootd boot_block_device:blk_file r_file_perms; 107 108 # popen(/system/bin/dmesg) and associated permissions. We only allow this 109 # on unlocked devices running userdebug builds. 110 allow fastbootd rootfs:file execute_no_trans; 111 allow fastbootd system_file:file execute_no_trans; 112 allow fastbootd kmsg_device:chr_file read; 113 allow fastbootd kernel:system syslog_read; 114 ') 115 116 # Allow using libfiemap/gsid directly (no binder in recovery). 117 allow fastbootd gsi_metadata_file_type:dir search; 118 allow fastbootd ota_metadata_file:dir rw_dir_perms; 119 allow fastbootd ota_metadata_file:file create_file_perms; 120') 121 122### 123### neverallow rules 124### 125 126# Write permission is required to wipe userdata 127# until recovery supports vold. 128neverallow fastbootd { 129 data_file_type 130}:file { no_x_file_perms }; 131