Home | History | Annotate | Download | only in sepolicy 
      1 # Input selectors:
      2 #	isSystemServer (boolean)
      3 #	isOwner (boolean)
      4 #	user (string)
      5 #	seinfo (string)
      6 #	name (string)
      7 #	path (string)
      8 # isSystemServer=true can only be used once.
      9 # An unspecified isSystemServer defaults to false.
     10 # isOwner=true will only match for the owner/primary user.
     11 # isOwner=false will only match for secondary users.
     12 # If unspecified, the entry can match either case.
     13 # An unspecified string selector will match any value.
     14 # A user string selector that ends in * will perform a prefix match.
     15 # user=_app will match any regular app UID.
     16 # user=_isolated will match any isolated service UID.
     17 # All specified input selectors in an entry must match (i.e. logical AND).
     18 # Matching is case-insensitive.
     19 #
     20 # Precedence rules:
     21 # 	  (1) isSystemServer=true before isSystemServer=false.
     22 # 	  (2) Specified isOwner= before unspecified isOwner= boolean.
     23 #	  (3) Specified user= string before unspecified user= string.
     24 #	  (4) Fixed user= string before user= prefix (i.e. ending in *).
     25 #	  (5) Longer user= prefix before shorter user= prefix.
     26 #	  (6) Specified seinfo= string before unspecified seinfo= string.
     27 #	  (7) Specified name= string before unspecified name= string.
     28 #	  (8) Specified path= string before unspecified path= string.
     29 #
     30 # Outputs:
     31 #	domain (string)
     32 #	type (string)
     33 #	levelFrom (string; one of none, all, app, or user)
     34 #	level (string)
     35 # Only entries that specify domain= will be used for app process labeling.
     36 # Only entries that specify type= will be used for app directory labeling.
     37 # levelFrom=user is only supported for _app or _isolated UIDs.
     38 # levelFrom=app or levelFrom=all is only supported for _app UIDs.
     39 # level may be used to specify a fixed level for any UID.
     40 #
     41 isSystemServer=true domain=system_server
     42 user=system seinfo=platform domain=system_app type=system_app_data_file
     43 user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
     44 user=nfc seinfo=platform domain=nfc type=nfc_data_file
     45 user=radio seinfo=platform domain=radio type=radio_data_file
     46 user=shared_relro domain=shared_relro
     47 user=shell seinfo=platform domain=shell type=shell_data_file
     48 user=_isolated domain=isolated_app levelFrom=user
     49 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
     50 user=_app domain=untrusted_app type=app_data_file levelFrom=user
     51