Inseob Kim | ff43be2 | 2021-06-07 16:56:56 +0900 | [diff] [blame^] | 1 | # fastbootd (used in recovery init.rc for /sbin/fastbootd) |
| 2 | |
| 3 | # Declare the domain unconditionally so we can always reference it |
| 4 | # in neverallow rules. |
| 5 | type fastbootd, domain; |
| 6 | |
| 7 | # But the allow rules are only included in the recovery policy. |
| 8 | # Otherwise fastbootd is only allowed the domain rules. |
| 9 | recovery_only(` |
| 10 | # fastbootd can only use HALs in passthrough mode |
| 11 | passthrough_hal_client_domain(fastbootd, hal_bootctl) |
| 12 | |
| 13 | # Access /dev/usb-ffs/fastbootd/ep0 |
| 14 | allow fastbootd functionfs:dir search; |
| 15 | allow fastbootd functionfs:file rw_file_perms; |
| 16 | |
| 17 | allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC }; |
| 18 | # Log to serial |
| 19 | allow fastbootd kmsg_device:chr_file { open getattr write }; |
| 20 | |
| 21 | # battery info |
| 22 | allow fastbootd sysfs_batteryinfo:file r_file_perms; |
| 23 | |
| 24 | allow fastbootd device:dir r_dir_perms; |
| 25 | |
| 26 | # For dev/block/by-name dir |
| 27 | allow fastbootd block_device:dir r_dir_perms; |
| 28 | |
| 29 | # Needed for DM_DEV_CREATE ioctl call |
| 30 | allow fastbootd self:capability sys_admin; |
| 31 | |
| 32 | unix_socket_connect(fastbootd, recovery, recovery) |
| 33 | |
| 34 | # Required for flashing |
| 35 | allow fastbootd dm_device:chr_file rw_file_perms; |
| 36 | allow fastbootd dm_device:blk_file rw_file_perms; |
| 37 | |
| 38 | allow fastbootd cache_block_device:blk_file rw_file_perms; |
| 39 | allow fastbootd super_block_device_type:blk_file rw_file_perms; |
| 40 | allow fastbootd { |
| 41 | boot_block_device |
| 42 | metadata_block_device |
| 43 | system_block_device |
| 44 | userdata_block_device |
| 45 | }:blk_file { w_file_perms getattr ioctl }; |
| 46 | |
| 47 | # For disabling/wiping GSI, and for modifying/deleting files created via |
| 48 | # libfiemap. |
| 49 | allow fastbootd metadata_block_device:blk_file r_file_perms; |
| 50 | allow fastbootd {rootfs tmpfs}:dir mounton; |
| 51 | allow fastbootd metadata_file:dir { search getattr mounton }; |
| 52 | allow fastbootd gsi_metadata_file_type:dir rw_dir_perms; |
| 53 | allow fastbootd gsi_metadata_file_type:file create_file_perms; |
| 54 | |
| 55 | allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; |
| 56 | |
| 57 | allowxperm fastbootd { |
| 58 | metadata_block_device |
| 59 | userdata_block_device |
| 60 | dm_device |
| 61 | cache_block_device |
| 62 | }:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; |
| 63 | |
| 64 | allow fastbootd misc_block_device:blk_file rw_file_perms; |
| 65 | |
| 66 | allow fastbootd proc_cmdline:file r_file_perms; |
| 67 | allow fastbootd rootfs:dir r_dir_perms; |
| 68 | |
| 69 | # Needed to read fstab node from device tree. |
| 70 | allow fastbootd sysfs_dt_firmware_android:file r_file_perms; |
| 71 | allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms; |
| 72 | |
| 73 | # Needed because libdm reads sysfs to validate when a dm path is ready. |
| 74 | r_dir_file(fastbootd, sysfs_dm) |
| 75 | |
| 76 | # Needed for realpath() call to resolve symlinks. |
| 77 | allow fastbootd block_device:dir getattr; |
| 78 | userdebug_or_eng(` |
| 79 | # Refined manipulation of /mnt/scratch, without these perms resorts |
| 80 | # to deleting scratch partition when partition(s) are flashed. |
| 81 | allow fastbootd self:process setfscreate; |
| 82 | allow fastbootd cache_file:dir search; |
| 83 | allow fastbootd proc_filesystems:file { getattr open read }; |
| 84 | allow fastbootd self:capability sys_rawio; |
| 85 | dontaudit fastbootd kernel:system module_request; |
| 86 | allowxperm fastbootd dev_type:blk_file ioctl BLKROSET; |
| 87 | allow fastbootd overlayfs_file:dir { create_dir_perms mounton }; |
| 88 | allow fastbootd { |
| 89 | system_file_type |
| 90 | unlabeled |
| 91 | vendor_file_type |
| 92 | }:dir { remove_name rmdir search write }; |
| 93 | allow fastbootd { |
| 94 | overlayfs_file |
| 95 | system_file_type |
| 96 | unlabeled |
| 97 | vendor_file_type |
| 98 | }:{ file lnk_file } unlink; |
| 99 | allow fastbootd tmpfs:dir rw_dir_perms; |
| 100 | # Fetch vendor_boot partition |
| 101 | allow fastbootd boot_block_device:blk_file r_file_perms; |
| 102 | ') |
| 103 | |
| 104 | # Allow using libfiemap/gsid directly (no binder in recovery). |
| 105 | allow fastbootd gsi_metadata_file_type:dir search; |
| 106 | allow fastbootd ota_metadata_file:dir rw_dir_perms; |
| 107 | allow fastbootd ota_metadata_file:file create_file_perms; |
| 108 | ') |
| 109 | |
| 110 | ### |
| 111 | ### neverallow rules |
| 112 | ### |
| 113 | |
| 114 | # Write permission is required to wipe userdata |
| 115 | # until recovery supports vold. |
| 116 | neverallow fastbootd { |
| 117 | data_file_type |
| 118 | }:file { no_x_file_perms }; |