# Any fsck program run by init type fsck, domain, domain_deprecated; type fsck_exec, exec_type, file_type; init_daemon_domain(fsck) # /dev/__null__ created by init prior to policy load, # open fd inherited by fsck. allow fsck tmpfs:chr_file { read write ioctl }; # Inherit and use pty created by android_fork_execvp_ext(). allow fsck devpts:chr_file { read write ioctl getattr }; # Allow stdin/out back to vold allow fsck vold:fd use; allow fsck vold:fifo_file { read write getattr }; # Run fsck on certain block devices allow fsck block_device:dir search; allow fsck userdata_block_device:blk_file rw_file_perms; allow fsck cache_block_device:blk_file rw_file_perms; allow fsck dm_device:blk_file rw_file_perms; # fsck performs a stat() on swap to verify that it is a valid # swap device before setting the EXT2_MF_SWAP mount flag. allow fsck swap_block_device:blk_file getattr; ### ### neverallow rules ### # fsck should never be run on these block devices neverallow fsck { boot_block_device frp_block_device metadata_block_device recovery_block_device root_block_device swap_block_device system_block_device vold_device }:blk_file no_rw_file_perms; # Only allow entry from init or vold via fsck binaries neverallow { domain -init -vold } fsck:process transition; neverallow * fsck:process dyntransition; neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;