1# Any fsck program run by init 2type fsck, domain; 3type fsck_exec, exec_type, file_type; 4 5# /dev/__null__ created by init prior to policy load, 6# open fd inherited by fsck. 7allow fsck tmpfs:chr_file { read write ioctl }; 8 9# Inherit and use pty created by android_fork_execvp_ext(). 10allow fsck devpts:chr_file { read write ioctl getattr }; 11 12# Allow stdin/out back to vold 13allow fsck vold:fd use; 14allow fsck vold:fifo_file { read write getattr }; 15 16# Run fsck on certain block devices 17allow fsck block_device:dir search; 18allow fsck userdata_block_device:blk_file rw_file_perms; 19allow fsck cache_block_device:blk_file rw_file_perms; 20allow fsck dm_device:blk_file rw_file_perms; 21 22# To determine if it is safe to run fsck on a filesystem, e2fsck 23# must first determine if the filesystem is mounted. To do that, 24# e2fsck scans through /proc/mounts and collects all the mounted 25# block devices. With that information, it runs stat() on each block 26# device, comparing the major and minor numbers to the filesystem 27# passed in on the command line. If there is a match, then the filesystem 28# is currently mounted and running fsck is dangerous. 29# Allow stat access to all block devices so that fsck can compare 30# major/minor values. 31allow fsck dev_type:blk_file getattr; 32 33allow fsck { 34 proc_mounts 35 proc_swaps 36}:file r_file_perms; 37allow fsck rootfs:dir r_dir_perms; 38 39### 40### neverallow rules 41### 42 43# fsck should never be run on these block devices 44neverallow fsck { 45 boot_block_device 46 frp_block_device 47 recovery_block_device 48 root_block_device 49 swap_block_device 50 system_block_device 51 vold_device 52}:blk_file no_rw_file_perms; 53 54# Only allow entry from init or vold via fsck binaries 55neverallow { domain -init -vold } fsck:process transition; 56neverallow * fsck:process dyntransition; 57neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; 58