1# fastbootd (used in recovery init.rc for /sbin/fastbootd)
2
3# Declare the domain unconditionally so we can always reference it
4# in neverallow rules.
5type fastbootd, domain;
6
7# But the allow rules are only included in the recovery policy.
8# Otherwise fastbootd is only allowed the domain rules.
9recovery_only(`
10  # fastbootd can only use HALs in passthrough mode
11  passthrough_hal_client_domain(fastbootd, hal_bootctl)
12
13  # Access /dev/usb-ffs/fastbootd/ep0
14  allow fastbootd functionfs:dir search;
15  allow fastbootd functionfs:file rw_file_perms;
16
17  allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC };
18  # Log to serial
19  allow fastbootd kmsg_device:chr_file { open getattr write };
20
21  # battery info
22  allow fastbootd sysfs_batteryinfo:file r_file_perms;
23
24  allow fastbootd device:dir r_dir_perms;
25
26  # Reboot the device
27  set_prop(fastbootd, powerctl_prop)
28
29  # Read serial number of the device from system properties
30  get_prop(fastbootd, serialno_prop)
31
32  # For dev/block/by-name dir
33  allow fastbootd block_device:dir r_dir_perms;
34
35  # Needed for DM_DEV_CREATE ioctl call
36  allow fastbootd self:capability sys_admin;
37
38  # Set sys.usb.ffs.ready.
39  set_prop(fastbootd, ffs_prop)
40  set_prop(fastbootd, exported_ffs_prop)
41
42  unix_socket_connect(fastbootd, recovery, recovery)
43
44  # Required for flashing
45  allow fastbootd dm_device:chr_file rw_file_perms;
46  allow fastbootd dm_device:blk_file rw_file_perms;
47
48  allow fastbootd cache_block_device:blk_file rw_file_perms;
49  allow fastbootd super_block_device_type:blk_file rw_file_perms;
50  allow fastbootd {
51    boot_block_device
52    metadata_block_device
53    system_block_device
54    userdata_block_device
55  }:blk_file { w_file_perms getattr ioctl };
56
57  # For disabling/wiping GSI, and for modifying/deleting files created via
58  # libfiemap.
59  allow fastbootd metadata_block_device:blk_file r_file_perms;
60  allow fastbootd {rootfs tmpfs}:dir mounton;
61  allow fastbootd metadata_file:dir { search getattr };
62  allow fastbootd gsi_metadata_file:dir rw_dir_perms;
63  allow fastbootd gsi_metadata_file:file create_file_perms;
64
65  allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
66
67  allowxperm fastbootd {
68    metadata_block_device
69    userdata_block_device
70    dm_device
71    cache_block_device
72  }:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
73
74  allow fastbootd misc_block_device:blk_file rw_file_perms;
75
76  allow fastbootd proc_cmdline:file r_file_perms;
77  allow fastbootd rootfs:dir r_dir_perms;
78
79  # Needed to read fstab node from device tree.
80  allow fastbootd sysfs_dt_firmware_android:file r_file_perms;
81  allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms;
82
83  # Needed because libdm reads sysfs to validate when a dm path is ready.
84  r_dir_file(fastbootd, sysfs_dm)
85
86  # Needed for realpath() call to resolve symlinks.
87  allow fastbootd block_device:dir getattr;
88  userdebug_or_eng(`
89    # Refined manipulation of /mnt/scratch, without these perms resorts
90    # to deleting scratch partition when partition(s) are flashed.
91    allow fastbootd self:process setfscreate;
92    allow fastbootd cache_file:dir search;
93    allow fastbootd proc_filesystems:file { getattr open read };
94    allow fastbootd self:capability sys_rawio;
95    dontaudit fastbootd kernel:system module_request;
96    allowxperm fastbootd dev_type:blk_file ioctl BLKROSET;
97    allow fastbootd overlayfs_file:dir { create_dir_perms mounton };
98    allow fastbootd {
99      system_file_type
100      unlabeled
101      vendor_file_type
102    }:dir { remove_name rmdir search write };
103    allow fastbootd {
104      overlayfs_file
105      system_file_type
106      unlabeled
107      vendor_file_type
108    }:{ file lnk_file } unlink;
109    allow fastbootd tmpfs:dir rw_dir_perms;
110    allow fastbootd labeledfs:filesystem { mount unmount };
111    get_prop(fastbootd, persistent_properties_ready_prop)
112  ')
113
114  # Allow using libfiemap/gsid directly (no binder in recovery).
115  set_prop(fastbootd, gsid_prop)
116  allow fastbootd gsi_metadata_file:dir search;
117  allow fastbootd ota_metadata_file:dir rw_dir_perms;
118  allow fastbootd ota_metadata_file:file create_file_perms;
119
120  # Determine allocation scheme (whether B partitions needs to be
121  # at the second half of super.
122  get_prop(fastbootd, virtual_ab_prop)
123
124  # Needed for TCP protocol
125  allow fastbootd node:tcp_socket node_bind;
126  allow fastbootd port:tcp_socket name_bind;
127  allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept };
128
129  # Get fastbootd protocol property
130  get_prop(fastbootd, fastbootd_protocol_prop)
131')
132
133###
134### neverallow rules
135###
136
137# Write permission is required to wipe userdata
138# until recovery supports vold.
139neverallow fastbootd {
140   data_file_type
141}:file { no_x_file_perms };
142