4aad91d920
We might want to change this in later android versions. Ignore-AOSP-First: Already merged via aosp/2051365 Bug: b/228159127 Bug: b/227745962 Bug: b/229251344 Test: Manual Change-Id: I8f425cc9f2759a29bdd2e6218ad0a1c40750e4f5 Merged-In: I8f425cc9f2759a29bdd2e6218ad0a1c40750e4f5 Merged-In: I2e308ca9ce58e71ac9d7d9b0fa515bdf2f5dfa1f (cherry picked from commit13bdca21d5) (cherry picked from commitce2b6da673)
23 lines
No EOL
700 B
Text
23 lines
No EOL
700 B
Text
###
|
|
### Untrusted apps.
|
|
###
|
|
### This file defines the rules for untrusted apps running with
|
|
### targetSdkVersion >= 32.
|
|
###
|
|
### See public/untrusted_app.te for more information about which apps are
|
|
### placed in this selinux domain.
|
|
###
|
|
|
|
typeattribute untrusted_app coredomain;
|
|
|
|
app_domain(untrusted_app)
|
|
untrusted_app_domain(untrusted_app)
|
|
net_domain(untrusted_app)
|
|
bluetooth_domain(untrusted_app)
|
|
|
|
# Allow webview to access fd shared by sdksandbox for experiments data
|
|
# TODO(b/229249719): Will not be supported in Android U
|
|
allow untrusted_app sdk_sandbox_data_file:fd use;
|
|
allow untrusted_app sdk_sandbox_data_file:file write;
|
|
|
|
neverallow untrusted_app sdk_sandbox_data_file:file { open create }; |