Merge "Correct documentation in untrusted_app_all" into oc-dev am: 89671020

am: 3644d0f5 Change-Id: I7da846bfe3db1a19782db13be6c2ab3d1b17accb

Merge "Correct documentation in untrusted_app_all" into oc-dev am: 89671020
dcb471f2 · Nick Kralevich · android-build-merger · c4816868 · 3644d0f5 · dcb471f2
Commit dcb471f2 authored 7 years ago by Nick Kralevich Committed by android-build-merger 7 years ago
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -2,7 +2,8 @@
 ### Untrusted_app_all.
 ###
 ### This file defines the rules shared by all untrusted app domains except
-### ephemeral apps.
+### apps which target the v2 security sandbox (ephemeral_app for instant apps,
+### untrusted_v2_app for fully installed v2 apps).
 ### Apps are labeled based on mac_permissions.xml (maps signer and
 ### optionally package name to seinfo value) and seapp_contexts (maps UID
 ### and optionally seinfo value to domain for process and type for data
@@ -17,6 +18,8 @@
 ### or define and use a new seinfo value in both mac_permissions.xml and
 ### seapp_contexts.
 ###
+### Note that rules that should apply to all untrusted apps must be in app.te or also
+### added to untrusted_v2_app.te and ephemeral_app.te.

 # Legacy text relocations
 allow untrusted_app_all apk_data_file:file execmod;