1# Input selectors:
2#	isSystemServer (boolean)
3#	isAutoPlayApp (boolean)
4#	isOwner (boolean)
5#	user (string)
6#	seinfo (string)
7#	name (string)
8#	path (string)
9#	isPrivApp (boolean)
10# isSystemServer=true can only be used once.
11# An unspecified isSystemServer defaults to false.
12# isAutoPlayApp=true will match apps marked by PackageManager as AutoPlay
13# isOwner=true will only match for the owner/primary user.
14# isOwner=false will only match for secondary users.
15# If unspecified, the entry can match either case.
16# An unspecified string selector will match any value.
17# A user string selector that ends in * will perform a prefix match.
18# user=_app will match any regular app UID.
19# user=_isolated will match any isolated service UID.
20# isPrivApp=true will only match for applications preinstalled in
21#       /system/priv-app.
22# All specified input selectors in an entry must match (i.e. logical AND).
23# Matching is case-insensitive.
24#
25# Precedence rules:
26# 	  (1) isSystemServer=true before isSystemServer=false.
27# 	  (2) Specified isAutoPlayApp= before unspecified isAutoPlayApp= boolean.
28# 	  (3) Specified isOwner= before unspecified isOwner= boolean.
29#	  (4) Specified user= string before unspecified user= string.
30#	  (5) Fixed user= string before user= prefix (i.e. ending in *).
31#	  (6) Longer user= prefix before shorter user= prefix.
32#	  (7) Specified seinfo= string before unspecified seinfo= string.
33#	      ':' character is reserved and may not be used.
34#	  (8) Specified name= string before unspecified name= string.
35#	  (9) Specified path= string before unspecified path= string.
36# 	  (10) Specified isPrivApp= before unspecified isPrivApp= boolean.
37#
38# Outputs:
39#	domain (string)
40#	type (string)
41#	levelFrom (string; one of none, all, app, or user)
42#	level (string)
43# Only entries that specify domain= will be used for app process labeling.
44# Only entries that specify type= will be used for app directory labeling.
45# levelFrom=user is only supported for _app or _isolated UIDs.
46# levelFrom=app or levelFrom=all is only supported for _app UIDs.
47# level may be used to specify a fixed level for any UID.
48#
49#
50# Neverallow Assertions
51# Additional compile time assertion checks can be added as well. The assertion
52# rules are lines beginning with the keyword neverallow. Full support for PCRE
53# regular expressions exists on all input and output selectors. Neverallow
54# rules are never output to the built seapp_contexts file. Like all keywords,
55# neverallows are case-insensitive. A neverallow is asserted when all key value
56# inputs are matched on a key value rule line.
57#
58
59# only the system server can be in system_server domain
60neverallow isSystemServer=false domain=system_server
61neverallow isSystemServer="" domain=system_server
62
63# system domains should never be assigned outside of system uid
64neverallow user=((?!system).)* domain=system_app
65neverallow user=((?!system).)* type=system_app_data_file
66
67# anything with a non-known uid with a specified name should have a specified seinfo
68neverallow user=_app name=.* seinfo=""
69neverallow user=_app name=.* seinfo=default
70
71# neverallow shared relro to any other domain
72# and neverallow any other uid into shared_relro
73neverallow user=shared_relro domain=((?!shared_relro).)*
74neverallow user=((?!shared_relro).)* domain=shared_relro
75
76# neverallow non-isolated uids into isolated_app domain
77# and vice versa
78neverallow user=_isolated domain=((?!isolated_app).)*
79neverallow user=((?!_isolated).)* domain=isolated_app
80
81# uid shell should always be in shell domain, however non-shell
82# uid's can be in shell domain
83neverallow user=shell domain=((?!shell).)*
84
85# AutoPlay Apps must run in the autoplay_app domain
86neverallow isAutoPlayApp=true domain=((?!autoplay_app).)*
87
88isSystemServer=true domain=system_server
89user=system seinfo=platform domain=system_app type=system_app_data_file
90user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
91user=nfc seinfo=platform domain=nfc type=nfc_data_file
92user=radio seinfo=platform domain=radio type=radio_data_file
93user=shared_relro domain=shared_relro
94user=shell seinfo=platform domain=shell type=shell_data_file
95user=_isolated domain=isolated_app levelFrom=user
96user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
97user=_app isAutoPlayApp=true domain=autoplay_app type=autoplay_data_file levelFrom=all
98user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
99user=_app domain=untrusted_app type=app_data_file levelFrom=user
100