platform_system_sepolicy/private/untrusted_app.te
Shiwangi Shah 4aad91d920 Add services and allow app to write to sdk_sandbox
We might want to change this in later android versions.

Ignore-AOSP-First: Already merged via aosp/2051365
Bug: b/228159127
Bug: b/227745962
Bug: b/229251344
Test: Manual
Change-Id: I8f425cc9f2759a29bdd2e6218ad0a1c40750e4f5
Merged-In: I8f425cc9f2759a29bdd2e6218ad0a1c40750e4f5
Merged-In: I2e308ca9ce58e71ac9d7d9b0fa515bdf2f5dfa1f
(cherry picked from commit 13bdca21d5)
(cherry picked from commit ce2b6da673)
2022-05-11 15:52:51 +00:00

23 lines
No EOL
700 B
Text

###
### Untrusted apps.
###
### This file defines the rules for untrusted apps running with
### targetSdkVersion >= 32.
###
### See public/untrusted_app.te for more information about which apps are
### placed in this selinux domain.
###
typeattribute untrusted_app coredomain;
app_domain(untrusted_app)
untrusted_app_domain(untrusted_app)
net_domain(untrusted_app)
bluetooth_domain(untrusted_app)
# Allow webview to access fd shared by sdksandbox for experiments data
# TODO(b/229249719): Will not be supported in Android U
allow untrusted_app sdk_sandbox_data_file:fd use;
allow untrusted_app sdk_sandbox_data_file:file write;
neverallow untrusted_app sdk_sandbox_data_file:file { open create };