1# Any fsck program run by init
2type fsck, domain;
3type fsck_exec, exec_type, file_type;
4
5# /dev/__null__ created by init prior to policy load,
6# open fd inherited by fsck.
7allow fsck tmpfs:chr_file { read write ioctl };
8
9# Inherit and use pty created by android_fork_execvp_ext().
10allow fsck devpts:chr_file { read write ioctl getattr };
11
12# Allow stdin/out back to vold
13allow fsck vold:fd use;
14allow fsck vold:fifo_file { read write getattr };
15
16# Run fsck on certain block devices
17allow fsck block_device:dir search;
18allow fsck userdata_block_device:blk_file rw_file_perms;
19allow fsck cache_block_device:blk_file rw_file_perms;
20allow fsck dm_device:blk_file rw_file_perms;
21
22# To determine if it is safe to run fsck on a filesystem, e2fsck
23# must first determine if the filesystem is mounted. To do that,
24# e2fsck scans through /proc/mounts and collects all the mounted
25# block devices. With that information, it runs stat() on each block
26# device, comparing the major and minor numbers to the filesystem
27# passed in on the command line. If there is a match, then the filesystem
28# is currently mounted and running fsck is dangerous.
29# Allow stat access to all block devices so that fsck can compare
30# major/minor values.
31allow fsck dev_type:blk_file getattr;
32
33r_dir_file(fsck, proc)
34allow fsck rootfs:dir r_dir_perms;
35
36###
37### neverallow rules
38###
39
40# fsck should never be run on these block devices
41neverallow fsck {
42  boot_block_device
43  frp_block_device
44  metadata_block_device
45  recovery_block_device
46  root_block_device
47  swap_block_device
48  system_block_device
49  vold_device
50}:blk_file no_rw_file_perms;
51
52# Only allow entry from init or vold via fsck binaries
53neverallow { domain -init -vold } fsck:process transition;
54neverallow * fsck:process dyntransition;
55neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;
56