Home | History | Annotate | Download | only in sepolicy 
      1 # Input selectors:
      2 #	isSystemServer (boolean)
      3 #	isAutoPlayApp (boolean)
      4 #	isOwner (boolean)
      5 #	user (string)
      6 #	seinfo (string)
      7 #	name (string)
      8 #	path (string)
      9 #	isPrivApp (boolean)
     10 # isSystemServer=true can only be used once.
     11 # An unspecified isSystemServer defaults to false.
     12 # isAutoPlayApp=true will match apps marked by PackageManager as AutoPlay
     13 # isOwner=true will only match for the owner/primary user.
     14 # isOwner=false will only match for secondary users.
     15 # If unspecified, the entry can match either case.
     16 # An unspecified string selector will match any value.
     17 # A user string selector that ends in * will perform a prefix match.
     18 # user=_app will match any regular app UID.
     19 # user=_isolated will match any isolated service UID.
     20 # isPrivApp=true will only match for applications preinstalled in
     21 #       /system/priv-app.
     22 # All specified input selectors in an entry must match (i.e. logical AND).
     23 # Matching is case-insensitive.
     24 #
     25 # Precedence rules:
     26 # 	  (1) isSystemServer=true before isSystemServer=false.
     27 # 	  (2) Specified isAutoPlayApp= before unspecified isAutoPlayApp= boolean.
     28 # 	  (3) Specified isOwner= before unspecified isOwner= boolean.
     29 #	  (4) Specified user= string before unspecified user= string.
     30 #	  (5) Fixed user= string before user= prefix (i.e. ending in *).
     31 #	  (6) Longer user= prefix before shorter user= prefix.
     32 #	  (7) Specified seinfo= string before unspecified seinfo= string.
     33 #	      ':' character is reserved and may not be used.
     34 #	  (8) Specified name= string before unspecified name= string.
     35 #	  (9) Specified path= string before unspecified path= string.
     36 # 	  (10) Specified isPrivApp= before unspecified isPrivApp= boolean.
     37 #
     38 # Outputs:
     39 #	domain (string)
     40 #	type (string)
     41 #	levelFrom (string; one of none, all, app, or user)
     42 #	level (string)
     43 # Only entries that specify domain= will be used for app process labeling.
     44 # Only entries that specify type= will be used for app directory labeling.
     45 # levelFrom=user is only supported for _app or _isolated UIDs.
     46 # levelFrom=app or levelFrom=all is only supported for _app UIDs.
     47 # level may be used to specify a fixed level for any UID.
     48 #
     49 #
     50 # Neverallow Assertions
     51 # Additional compile time assertion checks can be added as well. The assertion
     52 # rules are lines beginning with the keyword neverallow. Full support for PCRE
     53 # regular expressions exists on all input and output selectors. Neverallow
     54 # rules are never output to the built seapp_contexts file. Like all keywords,
     55 # neverallows are case-insensitive. A neverallow is asserted when all key value
     56 # inputs are matched on a key value rule line.
     57 #
     58 
     59 # only the system server can be in system_server domain
     60 neverallow isSystemServer=false domain=system_server
     61 neverallow isSystemServer="" domain=system_server
     62 
     63 # system domains should never be assigned outside of system uid
     64 neverallow user=((?!system).)* domain=system_app
     65 neverallow user=((?!system).)* type=system_app_data_file
     66 
     67 # anything with a non-known uid with a specified name should have a specified seinfo
     68 neverallow user=_app name=.* seinfo=""
     69 neverallow user=_app name=.* seinfo=default
     70 
     71 # neverallow shared relro to any other domain
     72 # and neverallow any other uid into shared_relro
     73 neverallow user=shared_relro domain=((?!shared_relro).)*
     74 neverallow user=((?!shared_relro).)* domain=shared_relro
     75 
     76 # neverallow non-isolated uids into isolated_app domain
     77 # and vice versa
     78 neverallow user=_isolated domain=((?!isolated_app).)*
     79 neverallow user=((?!_isolated).)* domain=isolated_app
     80 
     81 # uid shell should always be in shell domain, however non-shell
     82 # uid's can be in shell domain
     83 neverallow user=shell domain=((?!shell).)*
     84 
     85 # AutoPlay Apps must run in the autoplay_app domain
     86 neverallow isAutoPlayApp=true domain=((?!autoplay_app).)*
     87 
     88 isSystemServer=true domain=system_server
     89 user=system seinfo=platform domain=system_app type=system_app_data_file
     90 user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
     91 user=nfc seinfo=platform domain=nfc type=nfc_data_file
     92 user=radio seinfo=platform domain=radio type=radio_data_file
     93 user=shared_relro domain=shared_relro
     94 user=shell seinfo=platform domain=shell type=shell_data_file
     95 user=_isolated domain=isolated_app levelFrom=user
     96 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
     97 user=_app isAutoPlayApp=true domain=autoplay_app type=autoplay_data_file levelFrom=all
     98 user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
     99 user=_app domain=untrusted_app type=app_data_file levelFrom=user
    100