build/bazel_sdk/bazel_rules_fuchsia/fuchsia/private/assembly/goldens/pre_signing_user.recovery.json5 - fuchsia - Git at Google

 // This policy enforces platform-level contraints on Fuchsia user recovery builds at build time.
 // It is consumed by Scrutiny and defines assorted checks that are not currently categorized
 // under the existing component, routing, or package allowlist-based verifiers.
 // This should be run in addition to any product-specific policy.
 // See https://fuchsia.dev/fuchsia-src/contribute/governance/rfcs/0115_build_types for more
 // detail on build type strategy.
 {
     additional_boot_args_checks: {
         // Ensure virtcon is disabled by default in recovery.
         // virtcon is a system terminal UI and may log sensitive information or allow users shell
         // access if input is enabled.
         must_contain: [
             {
                 KeyValuePair: [
                     "virtcon.disable",
                     "true",
                 ],
             },
         ],

         // Ensure netsvc is disabled on non-eng builds.
         // netsvc allows for execution of unverified code via netbooting and is not suitable for
         // use outside of dev environments.
         must_not_contain: [
             {
                 KeyValuePair: [
                     "netsvc.all-features",
                     "true",
                 ],
             },
             {
                 KeyValuePair: [
                     "netsvc.netboot",
                     "true",
                 ],
             },
         ],
     },
     package_checks: [
         // Checks involving the system image package.
         {
             source: "SystemImage",
             file_checks: [
                 // Ensure that iquery is not included in static packages, as it is a debugging
                 // tool for use in eng builds.
                 {
                     source: {
                         MetaContents: "data/static_packages",
                     },
                     state: "Present",
                     content_checks: {
                         must_not_contain: [
                             {
                                 String: "iquery",
                             },
                         ],
                     },
                 },

                 // One of either data/cache_packages or data/cache_packages.json may be present.
                 // Ensure that it is absent or empty for user builds.
                 {
                     source: {
                         MetaContents: "data/cache_packages",
                     },
                     state: "AbsentOrEmpty",
                 },
                 {
                     source: {
                         MetaContents: "data/cache_packages.json",
                     },
                     state: "AbsentOrEmpty",
                 },

                 // Ensure data/pkgfs_disable_executability_restrictions file is absent.
                 // The presence of this file disables executability enforcement.
                 {
                     source: {
                         MetaContents: "data/pkgfs_disable_executability_restrictions",
                     },
                     state: "Absent",
                 },
             ],
         },

         // Note: there is no pkg-resolver config check for recovery because pkg-resolver is not
         // expected to be present on recovery builds.
     ],
 }
	// This policy enforces platform-level contraints on Fuchsia user recovery builds at build time.
	// It is consumed by Scrutiny and defines assorted checks that are not currently categorized
	// under the existing component, routing, or package allowlist-based verifiers.
	// This should be run in addition to any product-specific policy.
	// See https://fuchsia.dev/fuchsia-src/contribute/governance/rfcs/0115_build_types for more
	// detail on build type strategy.
	{
	additional_boot_args_checks: {
	// Ensure virtcon is disabled by default in recovery.
	// virtcon is a system terminal UI and may log sensitive information or allow users shell
	// access if input is enabled.
	must_contain: [
	{
	KeyValuePair: [
	"virtcon.disable",
	"true",
	],
	},
	],

	// Ensure netsvc is disabled on non-eng builds.
	// netsvc allows for execution of unverified code via netbooting and is not suitable for
	// use outside of dev environments.
	must_not_contain: [
	{
	KeyValuePair: [
	"netsvc.all-features",
	"true",
	],
	},
	{
	KeyValuePair: [
	"netsvc.netboot",
	"true",
	],
	},
	],
	},
	package_checks: [
	// Checks involving the system image package.
	{
	source: "SystemImage",
	file_checks: [
	// Ensure that iquery is not included in static packages, as it is a debugging
	// tool for use in eng builds.
	{
	source: {
	MetaContents: "data/static_packages",
	},
	state: "Present",
	content_checks: {
	must_not_contain: [
	{
	String: "iquery",
	},
	],
	},
	},

	// One of either data/cache_packages or data/cache_packages.json may be present.
	// Ensure that it is absent or empty for user builds.
	{
	source: {
	MetaContents: "data/cache_packages",
	},
	state: "AbsentOrEmpty",
	},
	{
	source: {
	MetaContents: "data/cache_packages.json",
	},
	state: "AbsentOrEmpty",
	},

	// Ensure data/pkgfs_disable_executability_restrictions file is absent.
	// The presence of this file disables executability enforcement.
	{
	source: {
	MetaContents: "data/pkgfs_disable_executability_restrictions",
	},
	state: "Absent",
	},
	],
	},

	// Note: there is no pkg-resolver config check for recovery because pkg-resolver is not
	// expected to be present on recovery builds.
	],
	}