public/fsck.te - platform/system/sepolicy - Git at Google

 # Any fsck program run by init
 type fsck, domain;
 type fsck_exec, exec_type, file_type;

 # /dev/__null__ created by init prior to policy load,
 # open fd inherited by fsck.
 allow fsck tmpfs:chr_file { read write ioctl };

 # Inherit and use pty created by android_fork_execvp_ext().
 allow fsck devpts:chr_file { read write ioctl getattr };

 # Allow stdin/out back to vold
 allow fsck vold:fd use;
 allow fsck vold:fifo_file { read write getattr };

 # Run fsck on certain block devices
 allow fsck block_device:dir search;
 allow fsck userdata_block_device:blk_file rw_file_perms;
 allow fsck cache_block_device:blk_file rw_file_perms;
 allow fsck dm_device:blk_file rw_file_perms;

 # To determine if it is safe to run fsck on a filesystem, e2fsck
 # must first determine if the filesystem is mounted. To do that,
 # e2fsck scans through /proc/mounts and collects all the mounted
 # block devices. With that information, it runs stat() on each block
 # device, comparing the major and minor numbers to the filesystem
 # passed in on the command line. If there is a match, then the filesystem
 # is currently mounted and running fsck is dangerous.
 # Allow stat access to all block devices so that fsck can compare
 # major/minor values.
 allow fsck dev_type:blk_file getattr;

 allow fsck {
   proc_mounts
   proc_swaps
 }:file r_file_perms;
 allow fsck rootfs:dir r_dir_perms;

 ###
 ### neverallow rules
 ###

 # fsck should never be run on these block devices
 neverallow fsck {
   boot_block_device
   frp_block_device
   recovery_block_device
   root_block_device
   swap_block_device
   system_block_device
   vold_device
 }:blk_file no_rw_file_perms;

 # Only allow entry from init or vold via fsck binaries
 neverallow { domain -init -vold } fsck:process transition;
 neverallow * fsck:process dyntransition;
 neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;
	# Any fsck program run by init
	type fsck, domain;
	type fsck_exec, exec_type, file_type;

	# /dev/__null__ created by init prior to policy load,
	# open fd inherited by fsck.
	allow fsck tmpfs:chr_file { read write ioctl };

	# Inherit and use pty created by android_fork_execvp_ext().
	allow fsck devpts:chr_file { read write ioctl getattr };

	# Allow stdin/out back to vold
	allow fsck vold:fd use;
	allow fsck vold:fifo_file { read write getattr };

	# Run fsck on certain block devices
	allow fsck block_device:dir search;
	allow fsck userdata_block_device:blk_file rw_file_perms;
	allow fsck cache_block_device:blk_file rw_file_perms;
	allow fsck dm_device:blk_file rw_file_perms;

	# To determine if it is safe to run fsck on a filesystem, e2fsck
	# must first determine if the filesystem is mounted. To do that,
	# e2fsck scans through /proc/mounts and collects all the mounted
	# block devices. With that information, it runs stat() on each block
	# device, comparing the major and minor numbers to the filesystem
	# passed in on the command line. If there is a match, then the filesystem
	# is currently mounted and running fsck is dangerous.
	# Allow stat access to all block devices so that fsck can compare
	# major/minor values.
	allow fsck dev_type:blk_file getattr;

	allow fsck {
	proc_mounts
	proc_swaps
	}:file r_file_perms;
	allow fsck rootfs:dir r_dir_perms;

	###
	### neverallow rules
	###

	# fsck should never be run on these block devices
	neverallow fsck {
	boot_block_device
	frp_block_device
	recovery_block_device
	root_block_device
	swap_block_device
	system_block_device
	vold_device
	}:blk_file no_rw_file_perms;

	# Only allow entry from init or vold via fsck binaries
	neverallow { domain -init -vold } fsck:process transition;
	neverallow * fsck:process dyntransition;
	neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint;