# MLS override can't be used to access private app data.

# Apps should not normally be mlstrustedsubject, but if they must be
# they cannot use this to access app private data files; their own app
# data files must use a different label.

neverallow {
  mlstrustedsubject
  -installd
} { app_data_file privapp_data_file }:file ~{ read write map getattr ioctl lock append };

neverallow {
  mlstrustedsubject
  -installd
} { app_data_file privapp_data_file }:dir ~{ read getattr search };

neverallow {
  mlstrustedsubject
  -installd
  -system_server
  -adbd
  -runas
  -zygote
} { app_data_file privapp_data_file }:dir { read getattr search };