Add untrusted_app_27 This is a partial cherry pick of commit 6231b4d9 'Enforce per-app data protections for targetSdk 28+'. Untrusted_app_27 remains unreachable, but it's existence prevents future merge conflicts. Bug: 63897054 Test: build/boot aosp_walleye-userdebug Change-Id: I64b013874fe87b55f47e817a1279e76ecf86b7c0 Merged-In: I64b013874fe87b55f47e817a1279e76ecf86b7c0 (cherry picked from commit 6231b4d9fc98bb42956198e9f54cabde69464339)

commit: 3aa7ca56fdbcc710cb18ddcb53f4eda618ba83a9 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Tue Apr 03 11:22:38 2018 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Tue Apr 03 12:25:51 2018 -0700
tree: 3ed0ace2fdac2e7588dede4215350adfb157f260
parent: 0d1e52a50f1770bbdcae11f444570a86c3b1eeb1 [diff] [blame]
diff --git a/private/mls b/private/mls
index a561de1..3b8ee3f 100644
--- a/private/mls
+++ b/private/mls

@@ -53,11 +53,11 @@
 
 # Only constrain open, not read/write.
 # Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc.
-# Subject must be equivalent to object unless the subject is trusted.
+# Subject must dominate object unless the subject is trusted.
 mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
-	     (t2 != app_data_file or l1 eq l2 or t1 == mlstrustedsubject);
+	     (t2 != app_data_file or l1 dom l2 or t1 == mlstrustedsubject);
 mlsconstrain { file lnk_file sock_file } { open setattr unlink link rename }
-	     (t2 != app_data_file or l1 eq l2 or t1 == mlstrustedsubject);
+	     (t2 != app_data_file or l1 dom l2 or t1 == mlstrustedsubject);
 
 #
 # Constraints for file types other than app data files.
commit	3aa7ca56fdbcc710cb18ddcb53f4eda618ba83a9	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Tue Apr 03 11:22:38 2018 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Tue Apr 03 12:25:51 2018 -0700
tree	3ed0ace2fdac2e7588dede4215350adfb157f260
parent	0d1e52a50f1770bbdcae11f444570a86c3b1eeb1 [diff] [blame]