cfdea5f4f3
The untrusted apps should not directly access /dev/socket/mdnsd since API level 34 (U). Only adbd and netd should remain to have access to /dev/socket/mdnsd. For untrusted apps running with API level 33-, they still have access to /dev/socket/mdnsd for backward compatibility. Bug: 265364111 Test: Manual test Change-Id: Id37998fcb9379fda6917782b0eaee29cd3c51525
23 lines
701 B
Text
23 lines
701 B
Text
###
|
|
### Untrusted apps.
|
|
###
|
|
### This file defines the rules for untrusted apps running with
|
|
### targetSdkVersion >= 34.
|
|
###
|
|
### See public/untrusted_app.te for more information about which apps are
|
|
### placed in this selinux domain.
|
|
###
|
|
|
|
typeattribute untrusted_app coredomain;
|
|
|
|
app_domain(untrusted_app)
|
|
untrusted_app_domain(untrusted_app)
|
|
net_domain(untrusted_app)
|
|
bluetooth_domain(untrusted_app)
|
|
|
|
# Allow webview to access fd shared by sdksandbox for experiments data
|
|
# TODO(b/229249719): Will not be supported in Android U
|
|
allow untrusted_app sdk_sandbox_data_file:fd use;
|
|
allow untrusted_app sdk_sandbox_data_file:file write;
|
|
|
|
neverallow untrusted_app sdk_sandbox_data_file:file { open create };
|