400d3ac140
Initial check in of empty autoplay_app.te policy file. Create isAutoPlayApp input selector. Give this selector high precedence - only below isSystemServer. Add neverallow rule disallowing an app context with isAutoPlayApp=true from running in a domain other than autoplay_app. Change-Id: I1d06669d2f1acf953e50867dfa2b264ccaee29a4
13 lines
452 B
Text
13 lines
452 B
Text
###
|
|
### AutoPlay apps.
|
|
###
|
|
### This file defines the security policy for apps with the autoplay
|
|
### feature.
|
|
###
|
|
### The autoplay_app domain is a reduced permissions sandbox allowing
|
|
### ephemeral applications to be safely installed and run. Non ephemeral
|
|
### applications may also opt-in to autoplay to take advantage of the
|
|
### additional security features.
|
|
###
|
|
### PackageManager flags an app as autoplay at install time.
|
|
type autoplay_app, domain;
|