Define security labeling for isolated processes. Used when an app service is declared with android:isolatedProcess="true". Place such processes in a separate domain, and further isolate them from each other via categories. Change-Id: I1d64f8278f0619eedb448f9a741f1d2c31985325 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 061f254def394fdc4784fe6c446bdd779cfec768 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Thu Sep 20 10:57:03 2012 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Thu Sep 20 11:00:43 2012 -0400
tree: be40436ba5353f074c811a3d989216eb903ab67a
parent: 66a3e8d91ef6098dd7cab127530f1cdb7973f53e [diff] [blame]
diff --git a/seapp_contexts b/seapp_contexts
index 71eca75..0050cc2 100644
--- a/seapp_contexts
+++ b/seapp_contexts

@@ -39,3 +39,4 @@
 user=app_* seinfo=media domain=media_app type=platform_app_data_file
 user=app_* seinfo=release domain=release_app type=platform_app_data_file
 user=app_* seinfo=release name=com.android.browser domain=browser_app type=platform_app_data_file
+user=isolated domain=isolated_app levelFromUid=true
commit	061f254def394fdc4784fe6c446bdd779cfec768	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Thu Sep 20 10:57:03 2012 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Thu Sep 20 11:00:43 2012 -0400
tree	be40436ba5353f074c811a3d989216eb903ab67a
parent	66a3e8d91ef6098dd7cab127530f1cdb7973f53e [diff] [blame]