1 ### 2 ### Untrusted apps. 3 ### 4 ### Apps are labeled based on mac_permissions.xml (maps signer and 5 ### optionally package name to seinfo value) and seapp_contexts (maps UID 6 ### and optionally seinfo value to domain for process and type for data 7 ### directory). The untrusted_app domain is the default assignment in 8 ### seapp_contexts for any app with UID between APP_AID (10000) 9 ### and AID_ISOLATED_START (99000) if the app has no specific seinfo 10 ### value as determined from mac_permissions.xml. In current AOSP, this 11 ### domain is assigned to all non-system apps as well as to any system apps 12 ### that are not signed by the platform key. To move 13 ### a system app into a specific domain, add a signer entry for it to 14 ### mac_permissions.xml and assign it one of the pre-existing seinfo values 15 ### or define and use a new seinfo value in both mac_permissions.xml and 16 ### seapp_contexts. 17 ### 18 19 type untrusted_app, domain; 20 type untrusted_app_27, domain; 21 type untrusted_app_25, domain; 22
