| // This policy enforces platform-level contraints on Fuchsia user recovery builds at build time. |
| // It is consumed by Scrutiny and defines assorted checks that are not currently categorized |
| // under the existing component, routing, or package allowlist-based verifiers. |
| // This should be run in addition to any product-specific policy. |
| // See https://fuchsia.dev/fuchsia-src/contribute/governance/rfcs/0115_build_types for more |
| // detail on build type strategy. |
| { |
| additional_boot_args_checks: { |
| // Ensure virtcon is disabled by default in recovery. |
| // virtcon is a system terminal UI and may log sensitive information or allow users shell |
| // access if input is enabled. |
| must_contain: [ |
| { |
| KeyValuePair: [ |
| "virtcon.disable", |
| "true", |
| ], |
| }, |
| ], |
| |
| // Ensure netsvc is disabled on non-eng builds. |
| // netsvc allows for execution of unverified code via netbooting and is not suitable for |
| // use outside of dev environments. |
| must_not_contain: [ |
| { |
| KeyValuePair: [ |
| "netsvc.all-features", |
| "true", |
| ], |
| }, |
| { |
| KeyValuePair: [ |
| "netsvc.netboot", |
| "true", |
| ], |
| }, |
| ], |
| }, |
| package_checks: [ |
| // Checks involving the system image package. |
| { |
| source: "SystemImage", |
| file_checks: [ |
| // Ensure that iquery is not included in static packages, as it is a debugging |
| // tool for use in eng builds. |
| { |
| source: { |
| MetaContents: "data/static_packages", |
| }, |
| state: "Present", |
| content_checks: { |
| must_not_contain: [ |
| { |
| String: "iquery", |
| }, |
| ], |
| }, |
| }, |
| |
| // One of either data/cache_packages or data/cache_packages.json may be present. |
| // Ensure that it is absent or empty for user builds. |
| { |
| source: { |
| MetaContents: "data/cache_packages", |
| }, |
| state: "AbsentOrEmpty", |
| }, |
| { |
| source: { |
| MetaContents: "data/cache_packages.json", |
| }, |
| state: "AbsentOrEmpty", |
| }, |
| |
| // Ensure data/pkgfs_disable_executability_restrictions file is absent. |
| // The presence of this file disables executability enforcement. |
| { |
| source: { |
| MetaContents: "data/pkgfs_disable_executability_restrictions", |
| }, |
| state: "Absent", |
| }, |
| ], |
| }, |
| |
| // Note: there is no pkg-resolver config check for recovery because pkg-resolver is not |
| // expected to be present on recovery builds. |
| ], |
| } |