1# fastbootd (used in recovery init.rc for /sbin/fastbootd) 2 3# Declare the domain unconditionally so we can always reference it 4# in neverallow rules. 5type fastbootd, domain; 6 7# But the allow rules are only included in the recovery policy. 8# Otherwise fastbootd is only allowed the domain rules. 9recovery_only(` 10 # fastbootd can only use HALs in passthrough mode 11 passthrough_hal_client_domain(fastbootd, hal_bootctl) 12 13 # Access /dev/usb-ffs/fastbootd/ep0 14 allow fastbootd functionfs:dir search; 15 allow fastbootd functionfs:file rw_file_perms; 16 17 allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC }; 18 # Log to serial 19 allow fastbootd kmsg_device:chr_file { open getattr write }; 20 21 # battery info 22 allow fastbootd sysfs_batteryinfo:file r_file_perms; 23 24 allow fastbootd device:dir r_dir_perms; 25 26 # For dev/block/by-name dir 27 allow fastbootd block_device:dir r_dir_perms; 28 29 # Needed for DM_DEV_CREATE ioctl call 30 allow fastbootd self:capability sys_admin; 31 32 unix_socket_connect(fastbootd, recovery, recovery) 33 34 # Required for flashing 35 allow fastbootd dm_device:chr_file rw_file_perms; 36 allow fastbootd dm_device:blk_file rw_file_perms; 37 38 allow fastbootd cache_block_device:blk_file rw_file_perms; 39 allow fastbootd super_block_device_type:blk_file rw_file_perms; 40 allow fastbootd { 41 boot_block_device 42 metadata_block_device 43 system_block_device 44 userdata_block_device 45 }:blk_file { w_file_perms getattr ioctl }; 46 47 # For disabling/wiping GSI, and for modifying/deleting files created via 48 # libfiemap. 49 allow fastbootd metadata_block_device:blk_file r_file_perms; 50 allow fastbootd {rootfs tmpfs}:dir mounton; 51 allow fastbootd metadata_file:dir { search getattr }; 52 allow fastbootd gsi_metadata_file:dir rw_dir_perms; 53 allow fastbootd gsi_metadata_file:file create_file_perms; 54 55 allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; 56 57 allowxperm fastbootd { 58 metadata_block_device 59 userdata_block_device 60 dm_device 61 cache_block_device 62 }:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; 63 64 allow fastbootd misc_block_device:blk_file rw_file_perms; 65 66 allow fastbootd proc_cmdline:file r_file_perms; 67 allow fastbootd rootfs:dir r_dir_perms; 68 69 # Needed to read fstab node from device tree. 70 allow fastbootd sysfs_dt_firmware_android:file r_file_perms; 71 allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms; 72 73 # Needed because libdm reads sysfs to validate when a dm path is ready. 74 r_dir_file(fastbootd, sysfs_dm) 75 76 # Needed for realpath() call to resolve symlinks. 77 allow fastbootd block_device:dir getattr; 78 userdebug_or_eng(` 79 # Refined manipulation of /mnt/scratch, without these perms resorts 80 # to deleting scratch partition when partition(s) are flashed. 81 allow fastbootd self:process setfscreate; 82 allow fastbootd cache_file:dir search; 83 allow fastbootd proc_filesystems:file { getattr open read }; 84 allow fastbootd self:capability sys_rawio; 85 dontaudit fastbootd kernel:system module_request; 86 allowxperm fastbootd dev_type:blk_file ioctl BLKROSET; 87 allow fastbootd overlayfs_file:dir { create_dir_perms mounton }; 88 allow fastbootd { 89 system_file_type 90 unlabeled 91 vendor_file_type 92 }:dir { remove_name rmdir search write }; 93 allow fastbootd { 94 overlayfs_file 95 system_file_type 96 unlabeled 97 vendor_file_type 98 }:{ file lnk_file } unlink; 99 allow fastbootd tmpfs:dir rw_dir_perms; 100 allow fastbootd labeledfs:filesystem { mount unmount }; 101 ') 102 103 # Allow using libfiemap/gsid directly (no binder in recovery). 104 allow fastbootd gsi_metadata_file:dir search; 105 allow fastbootd ota_metadata_file:dir rw_dir_perms; 106 allow fastbootd ota_metadata_file:file create_file_perms; 107') 108 109### 110### neverallow rules 111### 112 113# Write permission is required to wipe userdata 114# until recovery supports vold. 115neverallow fastbootd { 116 data_file_type 117}:file { no_x_file_perms }; 118