1typeattribute fsck coredomain; 2 3init_daemon_domain(fsck) 4 5# fsck can run before apex is ready. 6use_bootstrap_libs(fsck) 7 8allow fsck metadata_block_device:blk_file rw_file_perms; 9 10# /dev/__null__ created by init prior to policy load, 11# open fd inherited by fsck. 12allow fsck tmpfs:chr_file { read write ioctl }; 13 14# Inherit and use pty created by android_fork_execvp_ext(). 15allow fsck devpts:chr_file { read write ioctl getattr }; 16 17# Allow stdin/out back to vold 18allow fsck vold:fd use; 19allow fsck vold:fifo_file { read write getattr }; 20 21# Run fsck on certain block devices 22allow fsck userdata_block_device:blk_file rw_file_perms; 23allow fsck cache_block_device:blk_file rw_file_perms; 24allow fsck dm_device:blk_file rw_file_perms; 25allow fsck zoned_block_device:blk_file rw_file_perms; 26userdebug_or_eng(` 27allow fsck system_block_device:blk_file rw_file_perms; 28') 29 30# e2fsck performs a comprehensive search of /proc/mounts to check whether the 31# checked filesystem is currently mounted. 32allow fsck metadata_file:dir getattr; 33allow fsck block_device:dir search; 34allow fsck mirror_data_file:dir search; 35 36# For the block devices where we have ioctl access, 37# allow at a minimum the following common fsck ioctls. 38allowxperm fsck dev_type:blk_file ioctl { 39 BLKDISCARDZEROES 40 BLKROGET 41 BLKREPORTZONE 42}; 43 44# To determine if it is safe to run fsck on a filesystem, e2fsck 45# must first determine if the filesystem is mounted. To do that, 46# e2fsck scans through /proc/mounts and collects all the mounted 47# block devices. With that information, it runs stat() on each block 48# device, comparing the major and minor numbers to the filesystem 49# passed in on the command line. If there is a match, then the filesystem 50# is currently mounted and running fsck is dangerous. 51# Allow stat access to all block devices so that fsck can compare 52# major/minor values. 53allow fsck dev_type:blk_file getattr; 54 55allow fsck { 56 proc_mounts 57 proc_swaps 58 sysfs_dm 59}:file r_file_perms; 60allow fsck rootfs:dir r_dir_perms; 61allow fsck sysfs_dm:dir r_dir_perms; 62 63### 64### neverallow rules 65### 66 67# fsck should never be run on these block devices 68neverallow fsck { 69 boot_block_device 70 frp_block_device 71 recovery_block_device 72 root_block_device 73 swap_block_device 74 system_block_device 75 userdebug_or_eng(`-system_block_device') 76 vold_device 77}:blk_file no_rw_file_perms; 78 79# Only allow entry from init or vold via fsck binaries 80neverallow { domain -init -vold } fsck:process transition; 81neverallow * fsck:process dyntransition; 82neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; 83