Skip to content
Snippets Groups Projects
Select Git revision
  • 33bf667ab1f78ce35555d148ffb0e5f1b96fe9f0
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

Android.mk

Blame
  • seapp_contexts 4.38 KiB
    # Input selectors:
    #	isSystemServer (boolean)
    #	isAutoPlayApp (boolean)
    #	isOwner (boolean)
    #	user (string)
    #	seinfo (string)
    #	name (string)
    #	path (string)
    #	isPrivApp (boolean)
    # isSystemServer=true can only be used once.
    # An unspecified isSystemServer defaults to false.
    # isAutoPlayApp=true will match apps marked by PackageManager as AutoPlay
    # isOwner=true will only match for the owner/primary user.
    # isOwner=false will only match for secondary users.
    # If unspecified, the entry can match either case.
    # An unspecified string selector will match any value.
    # A user string selector that ends in * will perform a prefix match.
    # user=_app will match any regular app UID.
    # user=_isolated will match any isolated service UID.
    # isPrivApp=true will only match for applications preinstalled in
    #       /system/priv-app.
    # All specified input selectors in an entry must match (i.e. logical AND).
    # Matching is case-insensitive.
    #
    # Precedence rules:
    # 	  (1) isSystemServer=true before isSystemServer=false.
    # 	  (2) Specified isAutoPlayApp= before unspecified isAutoPlayApp= boolean.
    # 	  (3) Specified isOwner= before unspecified isOwner= boolean.
    #	  (4) Specified user= string before unspecified user= string.
    #	  (5) Fixed user= string before user= prefix (i.e. ending in *).
    #	  (6) Longer user= prefix before shorter user= prefix.
    #	  (7) Specified seinfo= string before unspecified seinfo= string.
    #	      ':' character is reserved and may not be used.
    #	  (8) Specified name= string before unspecified name= string.
    #	  (9) Specified path= string before unspecified path= string.
    # 	  (10) Specified isPrivApp= before unspecified isPrivApp= boolean.
    #
    # Outputs:
    #	domain (string)
    #	type (string)
    #	levelFrom (string; one of none, all, app, or user)
    #	level (string)
    # Only entries that specify domain= will be used for app process labeling.
    # Only entries that specify type= will be used for app directory labeling.
    # levelFrom=user is only supported for _app or _isolated UIDs.
    # levelFrom=app or levelFrom=all is only supported for _app UIDs.
    # level may be used to specify a fixed level for any UID.
    #
    #
    # Neverallow Assertions
    # Additional compile time assertion checks can be added as well. The assertion
    # rules are lines beginning with the keyword neverallow. Full support for PCRE
    # regular expressions exists on all input and output selectors. Neverallow
    # rules are never output to the built seapp_contexts file. Like all keywords,
    # neverallows are case-insensitive. A neverallow is asserted when all key value
    # inputs are matched on a key value rule line.
    #
    
    # only the system server can be in system_server domain
    neverallow isSystemServer=false domain=system_server
    neverallow isSystemServer="" domain=system_server
    
    # system domains should never be assigned outside of system uid
    neverallow user=((?!system).)* domain=system_app
    neverallow user=((?!system).)* type=system_app_data_file
    
    # anything with a non-known uid with a specified name should have a specified seinfo
    neverallow user=_app name=.* seinfo=""
    neverallow user=_app name=.* seinfo=default
    
    # neverallow shared relro to any other domain
    # and neverallow any other uid into shared_relro
    neverallow user=shared_relro domain=((?!shared_relro).)*
    neverallow user=((?!shared_relro).)* domain=shared_relro
    
    # neverallow non-isolated uids into isolated_app domain
    # and vice versa
    neverallow user=_isolated domain=((?!isolated_app).)*
    neverallow user=((?!_isolated).)* domain=isolated_app
    
    # uid shell should always be in shell domain, however non-shell
    # uid's can be in shell domain
    neverallow user=shell domain=((?!shell).)*
    
    # AutoPlay Apps must run in the autoplay_app domain
    neverallow isAutoPlayApp=true domain=((?!autoplay_app).)*
    
    isSystemServer=true domain=system_server
    user=system seinfo=platform domain=system_app type=system_app_data_file
    user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
    user=nfc seinfo=platform domain=nfc type=nfc_data_file
    user=radio seinfo=platform domain=radio type=radio_data_file
    user=shared_relro domain=shared_relro
    user=shell seinfo=platform domain=shell type=shell_data_file
    user=_isolated domain=isolated_app levelFrom=user
    user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
    user=_app isAutoPlayApp=true domain=autoplay_app type=autoplay_data_file levelFrom=all
    user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
    user=_app domain=untrusted_app type=app_data_file levelFrom=user