Revert "untrusted_app_29: add new targetSdk domain"
This reverts commit a1aa2210a939aebc752ea410d9d434104bc4b5d6.
Reason for revert: Potential culprit for Bug b/148049462 - verifying through Forrest before revert submission
Change-Id: Ibe4fa1dee84defde324deca87d9de24a1cc2911a
diff --git a/private/untrusted_app.te b/private/untrusted_app.te
index 6e7a99c..c15fa22 100644
--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te
@@ -1,11 +1,20 @@
###
### Untrusted apps.
###
-### This file defines the rules for untrusted apps running with
-### targetSdkVersion >= 30.
-###
-### See public/untrusted_app.te for more information about which apps are
-### placed in this selinux domain.
+### This file defines the rules for untrusted apps.
+### Apps are labeled based on mac_permissions.xml (maps signer and
+### optionally package name to seinfo value) and seapp_contexts (maps UID
+### and optionally seinfo value to domain for process and type for data
+### directory). The untrusted_app domain is the default assignment in
+### seapp_contexts for any app with UID between APP_AID (10000)
+### and AID_ISOLATED_START (99000) if the app has no specific seinfo
+### value as determined from mac_permissions.xml. In current AOSP, this
+### domain is assigned to all non-system apps as well as to any system apps
+### that are not signed by the platform key. To move
+### a system app into a specific domain, add a signer entry for it to
+### mac_permissions.xml and assign it one of the pre-existing seinfo values
+### or define and use a new seinfo value in both mac_permissions.xml and
+### seapp_contexts.
###
typeattribute untrusted_app coredomain;