-
Jeff Sharkey authored
vold works with two broad classes of block devices: untrusted devices that come in from the wild, and trusted devices. When running blkid and fsck, we pick which SELinux execution domain to use based on which class the device belongs to. Bug: 19993667 Change-Id: I44f5bac5dd94f0f76f3e4ef50ddbde5a32bd17a5
84e1c611
fsck_untrusted.te 1.06 KiB
# Any fsck program run on untrusted block devices
type fsck_untrusted, domain;
# Inherit and use pty created by android_fork_execvp_ext().
allow fsck_untrusted devpts:chr_file { read write ioctl getattr };
# Allow stdin/out back to vold
allow fsck_untrusted vold:fd use;
allow fsck_untrusted vold:fifo_file { read write getattr };
# Run fsck on vold block devices
allow fsck_untrusted block_device:dir search;
allow fsck_untrusted vold_device:blk_file rw_file_perms;
###
### neverallow rules
###
# Untrusted fsck should never be run on block devices holding sensitive data
neverallow fsck_untrusted {
boot_block_device
frp_block_device
metadata_block_device
recovery_block_device
root_block_device
swap_block_device
system_block_device
userdata_block_device
cache_block_device
dm_device
}:blk_file no_rw_file_perms;
# Only allow entry from vold via fsck binaries
neverallow { domain -vold } fsck_untrusted:process transition;
neverallow domain fsck_untrusted:process dyntransition;
neverallow fsck_untrusted { file_type fs_type -fsck_exec }:file entrypoint;