1# Any fsck program run by init 2type fsck, domain; 3type fsck_exec, system_file_type, exec_type, file_type; 4 5# /dev/__null__ created by init prior to policy load, 6# open fd inherited by fsck. 7allow fsck tmpfs:chr_file { read write ioctl }; 8 9# Inherit and use pty created by android_fork_execvp_ext(). 10allow fsck devpts:chr_file { read write ioctl getattr }; 11 12# Allow stdin/out back to vold 13allow fsck vold:fd use; 14allow fsck vold:fifo_file { read write getattr }; 15 16# Run fsck on certain block devices 17allow fsck userdata_block_device:blk_file rw_file_perms; 18allow fsck cache_block_device:blk_file rw_file_perms; 19allow fsck dm_device:blk_file rw_file_perms; 20allow fsck zoned_block_device:blk_file rw_file_perms; 21userdebug_or_eng(` 22allow fsck system_block_device:blk_file rw_file_perms; 23') 24 25# e2fsck performs a comprehensive search of /proc/mounts to check whether the 26# checked filesystem is currently mounted. 27allow fsck metadata_file:dir getattr; 28allow fsck block_device:dir search; 29allow fsck mirror_data_file:dir search; 30 31# For the block devices where we have ioctl access, 32# allow at a minimum the following common fsck ioctls. 33allowxperm fsck dev_type:blk_file ioctl { 34 BLKDISCARDZEROES 35 BLKROGET 36 BLKREPORTZONE 37}; 38 39# To determine if it is safe to run fsck on a filesystem, e2fsck 40# must first determine if the filesystem is mounted. To do that, 41# e2fsck scans through /proc/mounts and collects all the mounted 42# block devices. With that information, it runs stat() on each block 43# device, comparing the major and minor numbers to the filesystem 44# passed in on the command line. If there is a match, then the filesystem 45# is currently mounted and running fsck is dangerous. 46# Allow stat access to all block devices so that fsck can compare 47# major/minor values. 48allow fsck dev_type:blk_file getattr; 49 50allow fsck { 51 proc_mounts 52 proc_swaps 53 sysfs_dm 54}:file r_file_perms; 55allow fsck rootfs:dir r_dir_perms; 56allow fsck sysfs_dm:dir r_dir_perms; 57 58### 59### neverallow rules 60### 61 62# fsck should never be run on these block devices 63neverallow fsck { 64 boot_block_device 65 frp_block_device 66 recovery_block_device 67 root_block_device 68 swap_block_device 69 system_block_device 70 userdebug_or_eng(`-system_block_device') 71 vold_device 72}:blk_file no_rw_file_perms; 73 74# Only allow entry from init or vold via fsck binaries 75neverallow { domain -init -vold } fsck:process transition; 76neverallow * fsck:process dyntransition; 77neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; 78