Home | History | Annotate | Download | only in sepolicy
      1 # Input selectors: 
      2 #	isSystemServer (boolean)
      3 #	user (string)
      4 #	seinfo (string)
      5 #	name (string)
      6 # isSystemServer=true can only be used once.
      7 # An unspecified boolean defaults to false.
      8 # An unspecified string selector will match any value.
      9 # A user string selector that ends in * will perform a prefix match.
     10 # seinfo= is only used when looking up app process security contexts.
     11 # All specified input selectors in an entry must match (i.e. logical AND).
     12 # Matching is case-insensitive.
     13 # Precedence rules:
     14 # 	  (1) isSystemServer=true before isSystemServer=false.
     15 #	  (2) Specified user= string before unspecified user= string.
     16 #	  (3) Fixed user= string before user= prefix (i.e. ending in *).
     17 #	  (4) Longer user= prefix before shorter user= prefix. 
     18 #	  (5) Specified seinfo= string before unspecified seinfo= string.
     19 #	  (6) Specified name= string before unspecified name= string.
     20 #
     21 # Outputs:
     22 #	domain (string)
     23 #	type (string)
     24 #	levelFromUid (boolean)
     25 #	level (string)
     26 # Only entries that specify domain= will be used for app process labeling.
     27 # Only entries that specify type= will be used for app directory labeling.
     28 # levelfromUid is only supported for app UIDs presently.
     29 # level may be used to specify a fixed level for any UID. 
     30 #
     31 isSystemServer=true domain=system
     32 user=system domain=system_app type=system_data_file
     33 user=nfc domain=nfc type=nfc_data_file
     34 user=radio domain=radio type=radio_data_file
     35 user=app_* domain=untrusted_app type=app_data_file levelFromUid=true
     36 user=app_* seinfo=systemApp domain=trusted_app levelFromUid=true
     37 user=app_* seinfo=systemApp name=com.android.browser domain=browser_app levelFromUid=true
     38