Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 2b413622ce237b4ef355cafd24bbebaba7f22804 / . / private / vold.te
blob: 4256ac38ee4b9c3921bdc0f0a4f12181d9bc92b7 [file] [log] [blame]
Alex Klyubinf5446eb2017-03-23 14:27:32 -0700[diff] [blame]1typeattribute vold coredomain;
2
dcashmancc39f632016-07-22 13:13:11 -0700[diff] [blame]3init_daemon_domain(vold)
4
5# Switch to more restrictive domains when executing common tools
6domain_auto_trans(vold, sgdisk_exec, sgdisk);
7domain_auto_trans(vold, sdcardd_exec, sdcardd);
Alfred Piccioni30ae4272023-01-17 18:22:34 +0100[diff] [blame]8domain_auto_trans(vold, fuseblkd_untrusted_exec, fuseblkd_untrusted);
dcashmancc39f632016-07-22 13:13:11 -0700[diff] [blame]9
Kelvin Zhang2b413622023-06-26 14:52:27 -0700[diff] [blame^]10# Switch to e2fs domain when running mkfs.ext4 to format a partition
11domain_auto_trans(vold, e2fs_exec, e2fs);
12
13
dcashmancc39f632016-07-22 13:13:11 -0700[diff] [blame]14# For a handful of probing tools, we choose an even more restrictive
15# domain when working with untrusted block devices
Paul Crowleyf9f75392018-11-30 15:58:26 -0800[diff] [blame]16domain_trans(vold, blkid_exec, blkid);
17domain_trans(vold, blkid_exec, blkid_untrusted);
dcashmancc39f632016-07-22 13:13:11 -0700[diff] [blame]18domain_trans(vold, fsck_exec, fsck);
19domain_trans(vold, fsck_exec, fsck_untrusted);
20
21# Newly created storage dirs are always treated as mount stubs to prevent us
22# from accidentally writing when the mount point isn't present.
23type_transition vold storage_file:dir storage_stub_file;
24type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file;
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]25
26# Property Service
Inseob Kim3f5a7d22020-04-06 20:49:17 +0900[diff] [blame]27get_prop(vold, vold_config_prop)
Martijn Coenen01234d32020-04-10 14:11:49 +0200[diff] [blame]28get_prop(vold, storage_config_prop);
Songchun Fan9fdcbcd2020-04-28 13:24:54 -0700[diff] [blame]29get_prop(vold, incremental_prop);
Howard Chen87204922021-09-16 09:55:50 +0800[diff] [blame]30get_prop(vold, gsid_prop);
Inseob Kim3f5a7d22020-04-06 20:49:17 +0900[diff] [blame]31
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]32set_prop(vold, vold_prop)
Inseob Kim3f5a7d22020-04-06 20:49:17 +0900[diff] [blame]33set_prop(vold, vold_status_prop)
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame]34set_prop(vold, powerctl_prop)
35set_prop(vold, ctl_fuse_prop)
36set_prop(vold, restorecon_prop)
37set_prop(vold, ota_prop)
38set_prop(vold, boottime_prop)
Inseob Kim42c7d892020-03-04 17:20:35 +0900[diff] [blame]39set_prop(vold, boottime_public_prop)
Janis Danisevskis32d77382020-07-31 22:22:49 -0700[diff] [blame]40
41# Vold will use Keystore instead of using Keymint directly. But it still needs
42# to manage its Keymint blobs. This is why it needs the `manage_blob` permission.
43allow vold vold_key:keystore2_key {
Satya Tangirala06533742021-03-08 09:48:42 -0800[diff] [blame]44 convert_storage_key_to_ephemeral
Janis Danisevskis32d77382020-07-31 22:22:49 -0700[diff] [blame]45 delete
46 get_info
Janis Danisevskis32d77382020-07-31 22:22:49 -0700[diff] [blame]47 manage_blob
48 rebind
49 req_forced_op
50 update
51 use
52};
Xin Li11da9e62020-08-29 01:45:24 -0700[diff] [blame]53
Satya Tangiralaa9990042021-03-01 02:53:46 -0800[diff] [blame]54# vold needs to call keystore methods
55allow vold keystore:binder call;
56
Satya Tangirala5ef86862021-03-11 03:57:03 -0800[diff] [blame]57# vold needs to find keystore2 services
Satya Tangiralaa9990042021-03-01 02:53:46 -0800[diff] [blame]58allow vold keystore_service:service_manager find;
Satya Tangirala5ef86862021-03-11 03:57:03 -0800[diff] [blame]59allow vold keystore_maintenance_service:service_manager find;
60
Paul Crowleybf29c3a2021-08-06 15:11:53 -0700[diff] [blame]61# vold needs to be able to call earlyBootEnded() and deleteAllKeys()
Satya Tangirala5ef86862021-03-11 03:57:03 -0800[diff] [blame]62allow vold keystore:keystore2 early_boot_ended;
Paul Crowleybf29c3a2021-08-06 15:11:53 -0700[diff] [blame]63allow vold keystore:keystore2 delete_all_keys;
Satya Tangirala5ef86862021-03-11 03:57:03 -0800[diff] [blame]64
Yo Chiangffe786e2020-10-07 13:59:52 +0800[diff] [blame]65neverallow {
66 domain
67 -system_server
68 -vdc
69 -vold
70 -update_verifier
71 -apexd
72 -gsid
73} vold_service:service_manager find;
Eric Biggers9a599232022-05-04 22:18:02 +0000[diff] [blame]74
75# Allow vold to create and delete per-user directories like /data/user/$userId.
76allow vold {
77 media_userdir_file
78 system_userdir_file
79 vendor_userdir_file
80}:dir {
81 add_name
82 remove_name
83 write
84};
85
86# Only vold should create (and delete) per-user directories like
87# /data/user/$userId. This is very important, as these directories need to be
88# encrypted with per-user keys, which only vold can do. Encryption can only be
89# set up on empty directories, so creation and encryption must happen together.
Eric Biggers9a599232022-05-04 22:18:02 +0000[diff] [blame]90neverallow {
91 domain
92 -vold
93} {
Eric Biggers9a599232022-05-04 22:18:02 +0000[diff] [blame]94 media_userdir_file
Eric Biggers17369be2022-05-11 05:33:07 +0000[diff] [blame]95 system_userdir_file
96 vendor_userdir_file
Eric Biggers9a599232022-05-04 22:18:02 +0000[diff] [blame]97}:dir {
98 add_name
99 remove_name
100 write
101};