1 # Any fsck program run by init 2 type fsck, domain; 3 type fsck_exec, exec_type, file_type; 4 5 # /dev/__null__ created by init prior to policy load, 6 # open fd inherited by fsck. 7 allow fsck tmpfs:chr_file { read write ioctl }; 8 9 # Inherit and use pty created by android_fork_execvp_ext(). 10 allow fsck devpts:chr_file { read write ioctl getattr }; 11 12 # Allow stdin/out back to vold 13 allow fsck vold:fd use; 14 allow fsck vold:fifo_file { read write getattr }; 15 16 # Run fsck on certain block devices 17 allow fsck block_device:dir search; 18 allow fsck userdata_block_device:blk_file rw_file_perms; 19 allow fsck cache_block_device:blk_file rw_file_perms; 20 allow fsck dm_device:blk_file rw_file_perms; 21 22 # To determine if it is safe to run fsck on a filesystem, e2fsck 23 # must first determine if the filesystem is mounted. To do that, 24 # e2fsck scans through /proc/mounts and collects all the mounted 25 # block devices. With that information, it runs stat() on each block 26 # device, comparing the major and minor numbers to the filesystem 27 # passed in on the command line. If there is a match, then the filesystem 28 # is currently mounted and running fsck is dangerous. 29 # Allow stat access to all block devices so that fsck can compare 30 # major/minor values. 31 allow fsck dev_type:blk_file getattr; 32 33 allow fsck { 34 proc_mounts 35 proc_swaps 36 }:file r_file_perms; 37 allow fsck rootfs:dir r_dir_perms; 38 39 ### 40 ### neverallow rules 41 ### 42 43 # fsck should never be run on these block devices 44 neverallow fsck { 45 boot_block_device 46 frp_block_device 47 recovery_block_device 48 root_block_device 49 swap_block_device 50 system_block_device 51 vold_device 52 }:blk_file no_rw_file_perms; 53 54 # Only allow entry from init or vold via fsck binaries 55 neverallow { domain -init -vold } fsck:process transition; 56 neverallow * fsck:process dyntransition; 57 neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; 58
