blob: a62cc47afec654788a168aab73ae094f0c5c3a0c [file] [log] [blame]
Jerry Zhang1d85efa2018-05-29 10:54:16 -07001typeattribute fastbootd coredomain;
Inseob Kim55e5c9b2020-03-04 17:20:35 +09002
3# The allow rules are only included in the recovery policy.
4# Otherwise fastbootd is only allowed the domain rules.
5recovery_only(`
6 # Reboot the device
7 set_prop(fastbootd, powerctl_prop)
8
9 # Read serial number of the device from system properties
10 get_prop(fastbootd, serialno_prop)
11
12 # Set sys.usb.ffs.ready.
Inseob Kimbfb37082020-04-27 23:49:15 +090013 get_prop(fastbootd, ffs_config_prop)
14 set_prop(fastbootd, ffs_control_prop)
Inseob Kim55e5c9b2020-03-04 17:20:35 +090015
16 userdebug_or_eng(`
17 get_prop(fastbootd, persistent_properties_ready_prop)
18 ')
19
20 set_prop(fastbootd, gsid_prop)
21
22 # Determine allocation scheme (whether B partitions needs to be
23 # at the second half of super.
24 get_prop(fastbootd, virtual_ab_prop)
David Anderson9e21df22021-07-27 18:51:18 -070025 get_prop(fastbootd, snapuserd_prop)
Hongguang Chen91a5f4e2020-04-23 23:43:13 -070026
27 # Needed for TCP protocol
28 allow fastbootd node:tcp_socket node_bind;
29 allow fastbootd port:tcp_socket name_bind;
30 allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
31
David Anderson83035772021-02-04 20:24:23 -080032 # Start snapuserd for merging VABC updates
33 set_prop(fastbootd, ctl_snapuserd_prop)
34
35 # Needed to communicate with snapuserd to complete merges.
36 allow fastbootd snapuserd_socket:sock_file write;
37 allow fastbootd snapuserd:unix_stream_socket connectto;
38 allow fastbootd dm_user_device:dir r_dir_perms;
39
Hongguang Chen91a5f4e2020-04-23 23:43:13 -070040 # Get fastbootd protocol property
41 get_prop(fastbootd, fastbootd_protocol_prop)
David Anderson018004d2021-05-05 16:33:48 -070042
43 # Mount /metadata to interact with Virtual A/B snapshots.
44 allow fastbootd labeledfs:filesystem { mount unmount };
Wilson Sunga2964962023-04-28 10:57:28 +080045 set_prop(fastbootd, boottime_prop)
David Anderson08a08ab2021-06-07 18:38:53 -070046
47 # Needed for reading boot properties.
48 allow fastbootd proc_bootconfig:file r_file_perms;
Sandeep Dhavalef0ea9532022-11-08 23:57:09 +000049 # Let this domain use the hal fastboot service
50 binder_use(fastbootd)
51 hal_client_domain(fastbootd, hal_fastboot)
Inseob Kim75806ef2024-03-27 17:18:41 +090052
53 # fastbootd can only use HALs in passthrough mode
54 passthrough_hal_client_domain(fastbootd, hal_bootctl)
55
56 # fastbootd can use AIDL HALs in binder mode
57 binder_use(fastbootd)
58 hal_client_domain(fastbootd, hal_health)
59 hal_client_domain(fastbootd, hal_fastboot)
60
61 # Access /dev/usb-ffs/fastbootd/ep0
62 allow fastbootd functionfs:dir search;
63 allow fastbootd functionfs:file rw_file_perms;
64
65 allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC };
66 # Log to serial
67 allow fastbootd kmsg_device:chr_file { open getattr write };
68
69 # battery info
70 allow fastbootd sysfs_batteryinfo:file r_file_perms;
71
72 allow fastbootd device:dir r_dir_perms;
73
74 # For dev/block/by-name dir
75 allow fastbootd block_device:dir r_dir_perms;
76
77 # Needed for DM_DEV_CREATE ioctl call
78 allow fastbootd self:capability sys_admin;
79
80 unix_socket_connect(fastbootd, recovery, recovery)
81
82 # Required for flashing
83 allow fastbootd dm_device:chr_file rw_file_perms;
84 allow fastbootd dm_device:blk_file rw_file_perms;
85
86 allow fastbootd cache_block_device:blk_file rw_file_perms;
87 allow fastbootd super_block_device_type:blk_file rw_file_perms;
88 allow fastbootd {
89 boot_block_device
90 metadata_block_device
91 system_block_device
92 userdata_block_device
93 }:blk_file { w_file_perms getattr ioctl };
94
95 # For disabling/wiping GSI, and for modifying/deleting files created via
96 # libfiemap.
97 allow fastbootd metadata_block_device:blk_file r_file_perms;
98 allow fastbootd {rootfs tmpfs}:dir mounton;
99 allow fastbootd metadata_file:dir { search getattr mounton };
100 allow fastbootd gsi_metadata_file_type:dir rw_dir_perms;
101 allow fastbootd gsi_metadata_file_type:file create_file_perms;
102
103 allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
104
105 allowxperm fastbootd {
106 metadata_block_device
107 userdata_block_device
108 dm_device
109 cache_block_device
110 }:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
111
112 allow fastbootd misc_block_device:blk_file rw_file_perms;
113
114 allow fastbootd proc_cmdline:file r_file_perms;
115 allow fastbootd rootfs:dir r_dir_perms;
116
117 # Needed to read fstab node from device tree.
118 allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
119 allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;
120
121 # Needed because libdm reads sysfs to validate when a dm path is ready.
122 r_dir_file(fastbootd, sysfs_dm)
123
124 # Needed for realpath() call to resolve symlinks.
125 allow fastbootd block_device:dir getattr;
126 userdebug_or_eng(`
127 # Refined manipulation of /mnt/scratch, without these perms resorts
128 # to deleting scratch partition when partition(s) are flashed.
129 allow fastbootd self:process setfscreate;
130 allow fastbootd cache_file:dir search;
131 allow fastbootd proc_filesystems:file { getattr open read };
132 allow fastbootd self:capability sys_rawio;
133 allowxperm fastbootd dev_type:blk_file ioctl BLKROSET;
134 allow fastbootd overlayfs_file:dir { create_dir_perms mounton };
135 allow fastbootd {
136 system_file_type
137 unlabeled
138 vendor_file_type
139 }:dir { remove_name rmdir search write };
140 allow fastbootd {
141 overlayfs_file
142 system_file_type
143 unlabeled
144 vendor_file_type
145 }:{ file lnk_file } unlink;
146 allow fastbootd tmpfs:dir rw_dir_perms;
147 # Fetch vendor_boot partition
148 allow fastbootd boot_block_device:blk_file r_file_perms;
149
150 # popen(/system/bin/dmesg) and associated permissions. We only allow this
151 # on unlocked devices running userdebug builds.
152 allow fastbootd rootfs:file execute_no_trans;
153 allow fastbootd system_file:file execute_no_trans;
154 allow fastbootd kmsg_device:chr_file read;
155 allow fastbootd kernel:system syslog_read;
156 ')
157
158 # Allow using libfiemap/gsid directly (no binder in recovery).
159 allow fastbootd gsi_metadata_file_type:dir search;
160 allow fastbootd ota_metadata_file:dir rw_dir_perms;
161 allow fastbootd ota_metadata_file:file create_file_perms;
Randall Huang194d7122023-04-20 16:22:18 +0800162
163 # Fastbootd uses liblogwrap to write mke2fs logs to kmsg, liblogwrap requires devpts.
164 allow fastbootd devpts:chr_file rw_file_perms;
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900165')
Kelvin Zhang853085b2022-09-02 20:01:24 +0000166
Gil Cukierman214294c2022-11-14 17:06:36 -0500167# This capability allows fastbootd to circumvent memlock rlimits while using
168# io_uring. An Alternative would be to up the memlock rlimit for the fastbootd service.
Kelvin Zhang853085b2022-09-02 20:01:24 +0000169allow fastbootd self:capability ipc_lock;
Gil Cukierman214294c2022-11-14 17:06:36 -0500170io_uring_use(fastbootd)
Inseob Kim75806ef2024-03-27 17:18:41 +0900171
172###
173### neverallow rules
174###
175
176# Write permission is required to wipe userdata
177# until recovery supports vold.
178neverallow fastbootd {
179 data_file_type
180}:file { no_x_file_perms };