###
### Ephemeral apps.
###
### This file defines the security policy for apps with the ephemeral
### feature.
###
### The ephemeral_app domain is a reduced permissions sandbox allowing
### ephemeral applications to be safely installed and run. Non ephemeral
### applications may also opt-in to ephemeral to take advantage of the
### additional security features.
###
### PackageManager flags an app as ephemeral at install time.

type ephemeral_app, domain;

# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
# Instead, add such policy rules to system/sepolicy/private/*.te.