1# Any fsck program run by init
2type fsck, domain;
3type fsck_exec, system_file_type, exec_type, file_type;
4
5# /dev/__null__ created by init prior to policy load,
6# open fd inherited by fsck.
7allow fsck tmpfs:chr_file { read write ioctl };
8
9# Inherit and use pty created by android_fork_execvp_ext().
10allow fsck devpts:chr_file { read write ioctl getattr };
11
12# Allow stdin/out back to vold
13allow fsck vold:fd use;
14allow fsck vold:fifo_file { read write getattr };
15
16# Run fsck on certain block devices
17allow fsck block_device:dir search;
18allow fsck userdata_block_device:blk_file rw_file_perms;
19allow fsck cache_block_device:blk_file rw_file_perms;
20allow fsck dm_device:blk_file rw_file_perms;
21userdebug_or_eng(`
22allow fsck system_block_device:blk_file rw_file_perms;
23')
24
25# For the block devices where we have ioctl access,
26# allow at a minimum the following common fsck ioctls.
27allowxperm fsck dev_type:blk_file ioctl {
28  BLKDISCARDZEROES
29  BLKROGET
30};
31
32# To determine if it is safe to run fsck on a filesystem, e2fsck
33# must first determine if the filesystem is mounted. To do that,
34# e2fsck scans through /proc/mounts and collects all the mounted
35# block devices. With that information, it runs stat() on each block
36# device, comparing the major and minor numbers to the filesystem
37# passed in on the command line. If there is a match, then the filesystem
38# is currently mounted and running fsck is dangerous.
39# Allow stat access to all block devices so that fsck can compare
40# major/minor values.
41allow fsck dev_type:blk_file getattr;
42
43allow fsck {
44  proc_mounts
45  proc_swaps
46}:file r_file_perms;
47allow fsck rootfs:dir r_dir_perms;
48
49###
50### neverallow rules
51###
52
53# fsck should never be run on these block devices
54neverallow fsck {
55  boot_block_device
56  frp_block_device
57  recovery_block_device
58  root_block_device
59  swap_block_device
60  system_block_device
61  userdebug_or_eng(`-system_block_device')
62  vold_device
63}:blk_file no_rw_file_perms;
64
65# Only allow entry from init or vold via fsck binaries
66neverallow { domain -init -vold } fsck:process transition;
67neverallow * fsck:process dyntransition;
68neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;
69