seapp_contexts

# Input selectors:
#	isSystemServer (boolean)
#	user (string)
#	seinfo (string)
#	name (string)
#	path (string)
#	sebool (string)
# isSystemServer=true can only be used once.
# An unspecified isSystemServer defaults to false.
# An unspecified string selector will match any value.
# A user string selector that ends in * will perform a prefix match.
# user=_app will match any regular app UID.
# user=_isolated will match any isolated service UID.
# All specified input selectors in an entry must match (i.e. logical AND).
# Matching is case-insensitive.
#
# Precedence rules:
# 	  (1) isSystemServer=true before isSystemServer=false.
#	  (2) Specified user= string before unspecified user= string.
#	  (3) Fixed user= string before user= prefix (i.e. ending in *).
#	  (4) Longer user= prefix before shorter user= prefix.
#	  (5) Specified seinfo= string before unspecified seinfo= string.
#	  (6) Specified name= string before unspecified name= string.
#	  (7) Specified path= string before unspecified path= string.
#	  (8) Specified sebool= string before unspecified sebool= string.
#
# Outputs:
#	domain (string)
#	type (string)
#	levelFrom (string; one of none, all, app, or user)
#	level (string)
# Only entries that specify domain= will be used for app process labeling.
# Only entries that specify type= will be used for app directory labeling.
# levelFrom=user is only supported for _app or _isolated UIDs.
# levelFrom=app or levelFrom=all is only supported for _app UIDs.
# level may be used to specify a fixed level for any UID.
#
isSystemServer=true domain=system_server
user=system domain=system_app type=system_app_data_file
user=bluetooth domain=bluetooth type=bluetooth_data_file
user=nfc domain=nfc type=nfc_data_file
user=radio domain=radio type=radio_data_file
user=shared_relro domain=shared_relro
user=shell domain=shell type=shell_data_file
user=_isolated domain=isolated_app
user=_app seinfo=platform domain=platform_app type=app_data_file
user=_app domain=untrusted_app type=app_data_file