1 # Input selectors: 2 # isSystemServer (boolean) 3 # user (string) 4 # seinfo (string) 5 # name (string) 6 # isSystemServer=true can only be used once. 7 # An unspecified boolean defaults to false. 8 # An unspecified string selector will match any value. 9 # A user string selector that ends in * will perform a prefix match. 10 # seinfo= is only used when looking up app process security contexts. 11 # All specified input selectors in an entry must match (i.e. logical AND). 12 # Matching is case-insensitive. 13 # Precedence rules: 14 # (1) isSystemServer=true before isSystemServer=false. 15 # (2) Specified user= string before unspecified user= string. 16 # (3) Fixed user= string before user= prefix (i.e. ending in *). 17 # (4) Longer user= prefix before shorter user= prefix. 18 # (5) Specified seinfo= string before unspecified seinfo= string. 19 # (6) Specified name= string before unspecified name= string. 20 # 21 # Outputs: 22 # domain (string) 23 # type (string) 24 # levelFromUid (boolean) 25 # level (string) 26 # Only entries that specify domain= will be used for app process labeling. 27 # Only entries that specify type= will be used for app directory labeling. 28 # levelfromUid is only supported for app UIDs presently. 29 # level may be used to specify a fixed level for any UID. 30 # 31 isSystemServer=true domain=system 32 user=system domain=system_app type=system_data_file 33 user=nfc domain=nfc type=nfc_data_file 34 user=radio domain=radio type=radio_data_file 35 user=app_* domain=untrusted_app type=app_data_file levelFromUid=true 36 user=app_* seinfo=systemApp domain=trusted_app levelFromUid=true 37 user=app_* seinfo=systemApp name=com.android.browser domain=browser_app levelFromUid=true 38