1# Any fsck program run by init 2type fsck, domain; 3type fsck_exec, exec_type, file_type; 4 5# /dev/__null__ created by init prior to policy load, 6# open fd inherited by fsck. 7allow fsck tmpfs:chr_file { read write ioctl }; 8 9# Inherit and use pty created by android_fork_execvp_ext(). 10allow fsck devpts:chr_file { read write ioctl getattr }; 11 12# Allow stdin/out back to vold 13allow fsck vold:fd use; 14allow fsck vold:fifo_file { read write getattr }; 15 16# Run fsck on certain block devices 17allow fsck block_device:dir search; 18allow fsck userdata_block_device:blk_file rw_file_perms; 19allow fsck cache_block_device:blk_file rw_file_perms; 20allow fsck dm_device:blk_file rw_file_perms; 21 22# To determine if it is safe to run fsck on a filesystem, e2fsck 23# must first determine if the filesystem is mounted. To do that, 24# e2fsck scans through /proc/mounts and collects all the mounted 25# block devices. With that information, it runs stat() on each block 26# device, comparing the major and minor numbers to the filesystem 27# passed in on the command line. If there is a match, then the filesystem 28# is currently mounted and running fsck is dangerous. 29# Allow stat access to all block devices so that fsck can compare 30# major/minor values. 31allow fsck dev_type:blk_file getattr; 32 33r_dir_file(fsck, proc) 34allow fsck rootfs:dir r_dir_perms; 35 36### 37### neverallow rules 38### 39 40# fsck should never be run on these block devices 41neverallow fsck { 42 boot_block_device 43 frp_block_device 44 metadata_block_device 45 recovery_block_device 46 root_block_device 47 swap_block_device 48 system_block_device 49 vold_device 50}:blk_file no_rw_file_perms; 51 52# Only allow entry from init or vold via fsck binaries 53neverallow { domain -init -vold } fsck:process transition; 54neverallow * fsck:process dyntransition; 55neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; 56