1*e4a36f41SAndroid Build Coastguard Workertypeattribute fsck coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(fsck) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# fsck can run before apex is ready. 6*e4a36f41SAndroid Build Coastguard Workeruse_bootstrap_libs(fsck) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Workerallow fsck metadata_block_device:blk_file rw_file_perms; 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# /dev/__null__ created by init prior to policy load, 11*e4a36f41SAndroid Build Coastguard Worker# open fd inherited by fsck. 12*e4a36f41SAndroid Build Coastguard Workerallow fsck tmpfs:chr_file { read write ioctl }; 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# Inherit and use pty created by android_fork_execvp_ext(). 15*e4a36f41SAndroid Build Coastguard Workerallow fsck devpts:chr_file { read write ioctl getattr }; 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Worker# Allow stdin/out back to vold 18*e4a36f41SAndroid Build Coastguard Workerallow fsck vold:fd use; 19*e4a36f41SAndroid Build Coastguard Workerallow fsck vold:fifo_file { read write getattr }; 20*e4a36f41SAndroid Build Coastguard Worker 21*e4a36f41SAndroid Build Coastguard Worker# Run fsck on certain block devices 22*e4a36f41SAndroid Build Coastguard Workerallow fsck userdata_block_device:blk_file rw_file_perms; 23*e4a36f41SAndroid Build Coastguard Workerallow fsck cache_block_device:blk_file rw_file_perms; 24*e4a36f41SAndroid Build Coastguard Workerallow fsck dm_device:blk_file rw_file_perms; 25*e4a36f41SAndroid Build Coastguard Workerallow fsck zoned_block_device:blk_file rw_file_perms; 26*e4a36f41SAndroid Build Coastguard Workeruserdebug_or_eng(` 27*e4a36f41SAndroid Build Coastguard Workerallow fsck system_block_device:blk_file rw_file_perms; 28*e4a36f41SAndroid Build Coastguard Worker') 29*e4a36f41SAndroid Build Coastguard Worker 30*e4a36f41SAndroid Build Coastguard Worker# e2fsck performs a comprehensive search of /proc/mounts to check whether the 31*e4a36f41SAndroid Build Coastguard Worker# checked filesystem is currently mounted. 32*e4a36f41SAndroid Build Coastguard Workerallow fsck metadata_file:dir getattr; 33*e4a36f41SAndroid Build Coastguard Workerallow fsck block_device:dir search; 34*e4a36f41SAndroid Build Coastguard Workerallow fsck mirror_data_file:dir search; 35*e4a36f41SAndroid Build Coastguard Worker 36*e4a36f41SAndroid Build Coastguard Worker# For the block devices where we have ioctl access, 37*e4a36f41SAndroid Build Coastguard Worker# allow at a minimum the following common fsck ioctls. 38*e4a36f41SAndroid Build Coastguard Workerallowxperm fsck dev_type:blk_file ioctl { 39*e4a36f41SAndroid Build Coastguard Worker BLKDISCARDZEROES 40*e4a36f41SAndroid Build Coastguard Worker BLKROGET 41*e4a36f41SAndroid Build Coastguard Worker BLKREPORTZONE 42*e4a36f41SAndroid Build Coastguard Worker}; 43*e4a36f41SAndroid Build Coastguard Worker 44*e4a36f41SAndroid Build Coastguard Worker# To determine if it is safe to run fsck on a filesystem, e2fsck 45*e4a36f41SAndroid Build Coastguard Worker# must first determine if the filesystem is mounted. To do that, 46*e4a36f41SAndroid Build Coastguard Worker# e2fsck scans through /proc/mounts and collects all the mounted 47*e4a36f41SAndroid Build Coastguard Worker# block devices. With that information, it runs stat() on each block 48*e4a36f41SAndroid Build Coastguard Worker# device, comparing the major and minor numbers to the filesystem 49*e4a36f41SAndroid Build Coastguard Worker# passed in on the command line. If there is a match, then the filesystem 50*e4a36f41SAndroid Build Coastguard Worker# is currently mounted and running fsck is dangerous. 51*e4a36f41SAndroid Build Coastguard Worker# Allow stat access to all block devices so that fsck can compare 52*e4a36f41SAndroid Build Coastguard Worker# major/minor values. 53*e4a36f41SAndroid Build Coastguard Workerallow fsck dev_type:blk_file getattr; 54*e4a36f41SAndroid Build Coastguard Worker 55*e4a36f41SAndroid Build Coastguard Workerallow fsck { 56*e4a36f41SAndroid Build Coastguard Worker proc_mounts 57*e4a36f41SAndroid Build Coastguard Worker proc_swaps 58*e4a36f41SAndroid Build Coastguard Worker sysfs_dm 59*e4a36f41SAndroid Build Coastguard Worker}:file r_file_perms; 60*e4a36f41SAndroid Build Coastguard Workerallow fsck rootfs:dir r_dir_perms; 61*e4a36f41SAndroid Build Coastguard Workerallow fsck sysfs_dm:dir r_dir_perms; 62*e4a36f41SAndroid Build Coastguard Worker 63*e4a36f41SAndroid Build Coastguard Worker### 64*e4a36f41SAndroid Build Coastguard Worker### neverallow rules 65*e4a36f41SAndroid Build Coastguard Worker### 66*e4a36f41SAndroid Build Coastguard Worker 67*e4a36f41SAndroid Build Coastguard Worker# fsck should never be run on these block devices 68*e4a36f41SAndroid Build Coastguard Workerneverallow fsck { 69*e4a36f41SAndroid Build Coastguard Worker boot_block_device 70*e4a36f41SAndroid Build Coastguard Worker frp_block_device 71*e4a36f41SAndroid Build Coastguard Worker recovery_block_device 72*e4a36f41SAndroid Build Coastguard Worker root_block_device 73*e4a36f41SAndroid Build Coastguard Worker swap_block_device 74*e4a36f41SAndroid Build Coastguard Worker system_block_device 75*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-system_block_device') 76*e4a36f41SAndroid Build Coastguard Worker vold_device 77*e4a36f41SAndroid Build Coastguard Worker}:blk_file no_rw_file_perms; 78*e4a36f41SAndroid Build Coastguard Worker 79*e4a36f41SAndroid Build Coastguard Worker# Only allow entry from init or vold via fsck binaries 80*e4a36f41SAndroid Build Coastguard Workerneverallow { domain -init -vold } fsck:process transition; 81*e4a36f41SAndroid Build Coastguard Workerneverallow * fsck:process dyntransition; 82*e4a36f41SAndroid Build Coastguard Workerneverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; 83