1 # 2 # Domains for apps that do not run with one of the predefined 3 # platform UIDs (system, radio, nfc, ...). 4 # 5 6 # 7 # Apps signed with the platform key. 8 # 9 type platform_app, domain; 10 permissive platform_app; 11 app_domain(platform_app) 12 platform_app_domain(platform_app) 13 # Access the network. 14 net_domain(platform_app) 15 # Access bluetooth. 16 bluetooth_domain(platform_app) 17 unconfined_domain(platform_app) 18 19 # Apps signed with the media key. 20 type media_app, domain; 21 permissive media_app; 22 app_domain(media_app) 23 platform_app_domain(media_app) 24 # Access the network. 25 net_domain(media_app) 26 unconfined_domain(media_app) 27 28 # Apps signed with the shared key. 29 type shared_app, domain; 30 permissive shared_app; 31 app_domain(shared_app) 32 platform_app_domain(shared_app) 33 # Access the network. 34 net_domain(shared_app) 35 # Access bluetooth. 36 bluetooth_domain(shared_app) 37 unconfined_domain(shared_app) 38 39 # Apps signed with the release key (testkey in AOSP). 40 type release_app, domain; 41 permissive release_app; 42 app_domain(release_app) 43 platform_app_domain(release_app) 44 # Access the network. 45 net_domain(release_app) 46 # Access bluetooth. 47 bluetooth_domain(release_app) 48 unconfined_domain(release_app) 49 50 # Services with isolatedProcess=true in their manifest. 51 # In order for isolated_apps to interact with apps that have levelFromUid=true 52 # set it must be an mlstrustedsubject. 53 type isolated_app, domain, mlstrustedsubject; 54 permissive isolated_app; 55 app_domain(isolated_app) 56 unconfined_domain(isolated_app) 57 58 # 59 # Untrusted apps. 60 # 61 type untrusted_app, domain; 62 permissive untrusted_app; 63 app_domain(untrusted_app) 64 net_domain(untrusted_app) 65 bluetooth_domain(untrusted_app) 66 unconfined_domain(untrusted_app) 67
