platform_system_sepolicy/public/system_app.te

###
### Apps that run with the system UID, e.g. com.android.system.ui,
### com.android.settings.  These are not as privileged as the system
### server.
###

type system_app, domain;

# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.
Move system_app policy to private This leaves only the existence of system_app domain as public API. All other rules are implementation details of this domain's policy and are thus now private. Test: No change to policy according to sesearch, except for disappearance of all allow rules from system_app_current attribute (as expected). Bug: 31364497 Change-Id: Ifc7d350ed9749a32b0c38a78ac5f41c819dbdb96 2017-01-06 02:18:32 +01:00			`###`
			`### Apps that run with the system UID, e.g. com.android.system.ui,`
			`### com.android.settings. These are not as privileged as the system`
			`### server.`
			`###`
Restore app_domain macro and move to private use. app_domain was split up in commit: 2e00e6373faa6271d7839d33c5b9e69d998ff020 to enable compilation by hiding type_transition rules from public policy. These rules need to be hidden from public policy because they describe how objects are labeled, of which non-platform should be unaware. Instead of cutting apart the app_domain macro, which non-platform policy may rely on for implementing new app types, move all app_domain calls to private policy. (cherry-pick of commit: 76035ea01971156895cf0d8efc1876bfa2025bd6) Bug: 33428593 Test: bullhead and sailfish both boot. sediff shows no policy change. Change-Id: I4beead8ccc9b6e13c6348da98bb575756f539665 2016-12-08 20:23:34 +01:00
Move system_app policy to private This leaves only the existence of system_app domain as public API. All other rules are implementation details of this domain's policy and are thus now private. Test: No change to policy according to sesearch, except for disappearance of all allow rules from system_app_current attribute (as expected). Bug: 31364497 Change-Id: Ifc7d350ed9749a32b0c38a78ac5f41c819dbdb96 2017-01-06 02:18:32 +01:00			`type system_app, domain;`
Add "DO NOT ADD statements" comments to public For visibility Bug: 232023812 Test: N/A Change-Id: I0bc6dc568210b81ba1f52acb18afd4bcc454ea1c 2024-03-28 02:37:28 +01:00
			`# system/sepolicy/public is for vendor-facing type and attribute definitions.`
			`# DO NOT ADD allow, neverallow, or dontaudit statements here.`
			`# Instead, add such policy rules to system/sepolicy/private/*.te.`