diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-01-04 12:33:27 -0500 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2012-01-04 12:33:27 -0500 |
commit | 2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 (patch) | |
tree | 70cf7ff792b5f782a2963f87c873b7a7ae926af4 /seapp_contexts | |
download | android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.gz android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.bz2 android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.zip |
SE Android policy.
Diffstat (limited to 'seapp_contexts')
-rw-r--r-- | seapp_contexts | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/seapp_contexts b/seapp_contexts new file mode 100644 index 0000000..c301792 --- /dev/null +++ b/seapp_contexts @@ -0,0 +1,37 @@ +# Input selectors: +# isSystemServer (boolean) +# user (string) +# seinfo (string) +# name (string) +# isSystemServer=true can only be used once. +# An unspecified boolean defaults to false. +# An unspecified string selector will match any value. +# A user string selector that ends in * will perform a prefix match. +# seinfo= is only used when looking up app process security contexts. +# All specified input selectors in an entry must match (i.e. logical AND). +# Matching is case-insensitive. +# Precedence rules: +# (1) isSystemServer=true before isSystemServer=false. +# (2) Specified user= string before unspecified user= string. +# (3) Fixed user= string before user= prefix (i.e. ending in *). +# (4) Longer user= prefix before shorter user= prefix. +# (5) Specified seinfo= string before unspecified seinfo= string. +# (6) Specified name= string before unspecified name= string. +# +# Outputs: +# domain (string) +# type (string) +# levelFromUid (boolean) +# level (string) +# Only entries that specify domain= will be used for app process labeling. +# Only entries that specify type= will be used for app directory labeling. +# levelfromUid is only supported for app UIDs presently. +# level may be used to specify a fixed level for any UID. +# +isSystemServer=true domain=system +user=system domain=system_app type=system_data_file +user=nfc domain=nfc type=nfc_data_file +user=radio domain=radio type=radio_data_file +user=app_* domain=untrusted_app type=app_data_file levelFromUid=true +user=app_* seinfo=systemApp domain=trusted_app levelFromUid=true +user=app_* seinfo=systemApp name=com.android.browser domain=browser_app levelFromUid=true |