seinfo for platform based domains should be stated explicitly.

The current policy would allow any application that were to "magically" get a sensitive UID into the coresponding sensitive domain. Rather then only using UID as an input selector, require seinfo=platform. Change-Id: I8a7490ed55bdcd3e4a116aece2c3522b384024ec

seinfo for platform based domains should be stated explicitly.
92dfa31f · William Roberts · 8a0c25ef · 92dfa31f
Commit 92dfa31f authored 10 years ago by William Roberts
--- a/seapp_contexts
+++ b/seapp_contexts
@@ -41,12 +41,12 @@
 # level may be used to specify a fixed level for any UID.
 #
 isSystemServer=true domain=system_server
-user=system domain=system_app type=system_app_data_file
-user=bluetooth domain=bluetooth type=bluetooth_data_file
-user=nfc domain=nfc type=nfc_data_file
-user=radio domain=radio type=radio_data_file
-user=shared_relro domain=shared_relro
-user=shell domain=shell type=shell_data_file
+user=system seinfo=platform domain=system_app type=system_app_data_file
+user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
+user=nfc seinfo=platform domain=nfc type=nfc_data_file
+user=radio seinfo=platform domain=radio type=radio_data_file
+user=shared_relro seinfo=platform domain=shared_relro
+user=shell seinfo=platform domain=shell type=shell_data_file
 user=_isolated domain=isolated_app levelFrom=user
 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
 user=_app domain=untrusted_app type=app_data_file levelFrom=user