5c6a227ebb
Copy the final system sepolicy from oc-dev to its prebuilt dir corresponding to its version (26.0) so that we can uprev policy and start maintaining compatibility files, as well as use it for CTS tests targeting future platforms. Bug: 37896931 Test: none, this just copies the old policy. Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93
29 lines
1.2 KiB
Text
29 lines
1.2 KiB
Text
###
|
|
### Untrusted apps.
|
|
###
|
|
### This file defines the rules for untrusted apps.
|
|
### Apps are labeled based on mac_permissions.xml (maps signer and
|
|
### optionally package name to seinfo value) and seapp_contexts (maps UID
|
|
### and optionally seinfo value to domain for process and type for data
|
|
### directory). The untrusted_app domain is the default assignment in
|
|
### seapp_contexts for any app with UID between APP_AID (10000)
|
|
### and AID_ISOLATED_START (99000) if the app has no specific seinfo
|
|
### value as determined from mac_permissions.xml. In current AOSP, this
|
|
### domain is assigned to all non-system apps as well as to any system apps
|
|
### that are not signed by the platform key. To move
|
|
### a system app into a specific domain, add a signer entry for it to
|
|
### mac_permissions.xml and assign it one of the pre-existing seinfo values
|
|
### or define and use a new seinfo value in both mac_permissions.xml and
|
|
### seapp_contexts.
|
|
###
|
|
|
|
typeattribute untrusted_app coredomain;
|
|
|
|
app_domain(untrusted_app)
|
|
untrusted_app_domain(untrusted_app)
|
|
net_domain(untrusted_app)
|
|
bluetooth_domain(untrusted_app)
|
|
|
|
# Allow the allocation and use of ptys
|
|
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
|
|
create_pty(untrusted_app)
|