1 # Input selectors: 2 # isSystemServer (boolean) 3 # isOwner (boolean) 4 # user (string) 5 # seinfo (string) 6 # name (string) 7 # path (string) 8 # isSystemServer=true can only be used once. 9 # An unspecified isSystemServer defaults to false. 10 # isOwner=true will only match for the owner/primary user. 11 # isOwner=false will only match for secondary users. 12 # If unspecified, the entry can match either case. 13 # An unspecified string selector will match any value. 14 # A user string selector that ends in * will perform a prefix match. 15 # user=_app will match any regular app UID. 16 # user=_isolated will match any isolated service UID. 17 # All specified input selectors in an entry must match (i.e. logical AND). 18 # Matching is case-insensitive. 19 # 20 # Precedence rules: 21 # (1) isSystemServer=true before isSystemServer=false. 22 # (2) Specified isOwner= before unspecified isOwner= boolean. 23 # (3) Specified user= string before unspecified user= string. 24 # (4) Fixed user= string before user= prefix (i.e. ending in *). 25 # (5) Longer user= prefix before shorter user= prefix. 26 # (6) Specified seinfo= string before unspecified seinfo= string. 27 # (7) Specified name= string before unspecified name= string. 28 # (8) Specified path= string before unspecified path= string. 29 # 30 # Outputs: 31 # domain (string) 32 # type (string) 33 # levelFrom (string; one of none, all, app, or user) 34 # level (string) 35 # Only entries that specify domain= will be used for app process labeling. 36 # Only entries that specify type= will be used for app directory labeling. 37 # levelFrom=user is only supported for _app or _isolated UIDs. 38 # levelFrom=app or levelFrom=all is only supported for _app UIDs. 39 # level may be used to specify a fixed level for any UID. 40 # 41 isSystemServer=true domain=system_server 42 user=system seinfo=platform domain=system_app type=system_app_data_file 43 user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file 44 user=nfc seinfo=platform domain=nfc type=nfc_data_file 45 user=radio seinfo=platform domain=radio type=radio_data_file 46 user=shared_relro domain=shared_relro 47 user=shell seinfo=platform domain=shell type=shell_data_file 48 user=_isolated domain=isolated_app levelFrom=user 49 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user 50 user=_app domain=untrusted_app type=app_data_file levelFrom=user 51