From eda4b88d3a54642a9faa6e2dc8217324471f798a Mon Sep 17 00:00:00 2001
From: Chad Brubaker <cbrubaker@google.com>
Date: Wed, 26 Apr 2017 12:32:51 -0700
Subject: [PATCH] Correct documentation in untrusted_app_all

Rules defined in utrusted_app_all do not apply to all untrusted apps,
update the comments to reflect that.

Test: builds
Change-Id: I6f064bd93c13d8341128d941be34fdfaa0bec5da
---
 private/untrusted_app_all.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 73aa79e90..bf9593697 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -2,7 +2,8 @@
 ### Untrusted_app_all.
 ###
 ### This file defines the rules shared by all untrusted app domains except
-### ephemeral apps.
+### apps which target the v2 security sandbox (ephemeral_app for instant apps,
+### untrusted_v2_app for fully installed v2 apps).
 ### Apps are labeled based on mac_permissions.xml (maps signer and
 ### optionally package name to seinfo value) and seapp_contexts (maps UID
 ### and optionally seinfo value to domain for process and type for data
@@ -17,6 +18,8 @@
 ### or define and use a new seinfo value in both mac_permissions.xml and
 ### seapp_contexts.
 ###
+### Note that rules that should apply to all untrusted apps must be in app.te or also
+### added to untrusted_v2_app.te and ephemeral_app.te.
 
 # Legacy text relocations
 allow untrusted_app_all apk_data_file:file execmod;
-- 
GitLab