diff options
author | Nick Kralevich <nnk@google.com> | 2014-07-01 13:59:50 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-07-01 14:02:38 -0700 |
commit | 4be31900a480b1c71d77cf6da02349c72a876daa (patch) | |
tree | c7e65577f1dcfa11a9382fb8b2375c3b0a28c105 /seapp_contexts | |
parent | 77eb35263f40607e36fdcd85d95050a4ecedb6b8 (diff) | |
download | android_external_sepolicy-4be31900a480b1c71d77cf6da02349c72a876daa.tar.gz android_external_sepolicy-4be31900a480b1c71d77cf6da02349c72a876daa.tar.bz2 android_external_sepolicy-4be31900a480b1c71d77cf6da02349c72a876daa.zip |
Trivial change to support different SELinux policies for third party apps
Needed to support https://android-review.googlesource.com/80871
Change-Id: Iba569c046135c0e81140faf6296c5da26a243037
Diffstat (limited to 'seapp_contexts')
-rw-r--r-- | seapp_contexts | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/seapp_contexts b/seapp_contexts index 57b443f..26d0c8f 100644 --- a/seapp_contexts +++ b/seapp_contexts @@ -1,4 +1,4 @@ -# Input selectors: +# Input selectors: # isSystemServer (boolean) # user (string) # seinfo (string) @@ -13,11 +13,12 @@ # user=_isolated will match any isolated service UID. # All specified input selectors in an entry must match (i.e. logical AND). # Matching is case-insensitive. +# # Precedence rules: # (1) isSystemServer=true before isSystemServer=false. # (2) Specified user= string before unspecified user= string. # (3) Fixed user= string before user= prefix (i.e. ending in *). -# (4) Longer user= prefix before shorter user= prefix. +# (4) Longer user= prefix before shorter user= prefix. # (5) Specified seinfo= string before unspecified seinfo= string. # (6) Specified name= string before unspecified name= string. # (7) Specified path= string before unspecified path= string. @@ -32,7 +33,7 @@ # Only entries that specify type= will be used for app directory labeling. # levelFrom=user is only supported for _app or _isolated UIDs. # levelFrom=app or levelFrom=all is only supported for _app UIDs. -# level may be used to specify a fixed level for any UID. +# level may be used to specify a fixed level for any UID. # isSystemServer=true domain=system_server user=system domain=system_app type=system_app_data_file |