| Dan Cashman | 91d398d | 2017-09-26 12:58:29 -0700 | [diff] [blame] | 1 | # blkid for untrusted block devices |
| 2 | |
| 3 | typeattribute blkid_untrusted coredomain; |
| 4 | |
| 5 | # Allowed read-only access to vold block devices to extract UUID/label |
| 6 | allow blkid_untrusted block_device:dir search; |
| 7 | allow blkid_untrusted vold_device:blk_file r_file_perms; |
| 8 | |
| 9 | # Allow stdin/out back to vold |
| 10 | allow blkid_untrusted vold:fd use; |
| 11 | allow blkid_untrusted vold:fifo_file { read write getattr }; |
| 12 | |
| 13 | # For blkid launched through popen() |
| 14 | allow blkid_untrusted blkid_exec:file rx_file_perms; |
| 15 | |
| 16 | ### |
| 17 | ### neverallow rules |
| 18 | ### |
| 19 | |
| 20 | # Untrusted blkid should never be run on block devices holding sensitive data |
| 21 | neverallow blkid_untrusted { |
| 22 | boot_block_device |
| 23 | frp_block_device |
| 24 | metadata_block_device |
| 25 | recovery_block_device |
| 26 | root_block_device |
| 27 | swap_block_device |
| 28 | system_block_device |
| 29 | userdata_block_device |
| 30 | cache_block_device |
| 31 | dm_device |
| 32 | }:blk_file no_rw_file_perms; |
| 33 | |
| 34 | # Only allow entry from vold via blkid binary |
| 35 | neverallow { domain -vold } blkid_untrusted:process transition; |
| 36 | neverallow * blkid_untrusted:process dyntransition; |
| 37 | neverallow blkid_untrusted { file_type fs_type -blkid_exec -shell_exec }:file entrypoint; |