1###
2### Untrusted apps.
3###
4### This file defines the rules for untrusted apps.
5### Apps are labeled based on mac_permissions.xml (maps signer and
6### optionally package name to seinfo value) and seapp_contexts (maps UID
7### and optionally seinfo value to domain for process and type for data
8### directory).  The untrusted_app domain is the default assignment in
9### seapp_contexts for any app with UID between APP_AID (10000)
10### and AID_ISOLATED_START (99000) if the app has no specific seinfo
11### value as determined from mac_permissions.xml.  In current AOSP, this
12### domain is assigned to all non-system apps as well as to any system apps
13### that are not signed by the platform key.  To move
14### a system app into a specific domain, add a signer entry for it to
15### mac_permissions.xml and assign it one of the pre-existing seinfo values
16### or define and use a new seinfo value in both mac_permissions.xml and
17### seapp_contexts.
18###
19
20typeattribute untrusted_app coredomain;
21
22app_domain(untrusted_app)
23untrusted_app_domain(untrusted_app)
24net_domain(untrusted_app)
25bluetooth_domain(untrusted_app)
26
27# Allow the allocation and use of ptys
28# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
29create_pty(untrusted_app)
30