Add autoplay_app domain Initial check in of empty autoplay_app.te policy file. Create isAutoPlayApp input selector. Give this selector high precedence - only below isSystemServer. Add neverallow rule disallowing an app context with isAutoPlayApp=true from running in a domain other than autoplay_app. Change-Id: I1d06669d2f1acf953e50867dfa2b264ccaee29a4

commit: 400d3ac1408d34ca6ed19d7c5da65331e00edc8c [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Fri Oct 30 12:43:19 2015 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Mon Nov 09 13:43:55 2015 -0800
tree: eb7eb0617575bedef3a245fb65c6095dc89ce1e2
parent: d20a46ef175079d210da8320d8c8ce32cbe8207f [diff] [blame]
diff --git a/autoplay_app.te b/autoplay_app.te
new file mode 100644
index 0000000..c34207c
--- /dev/null
+++ b/autoplay_app.te

@@ -0,0 +1,13 @@
+###
+### AutoPlay apps.
+###
+### This file defines the security policy for apps with the autoplay
+### feature.
+###
+### The autoplay_app domain is a reduced permissions sandbox allowing
+### ephemeral applications to be safely installed and run. Non ephemeral
+### applications may also opt-in to autoplay to take advantage of the
+### additional security features.
+###
+### PackageManager flags an app as autoplay at install time.
+type autoplay_app, domain;
commit	400d3ac1408d34ca6ed19d7c5da65331e00edc8c	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Fri Oct 30 12:43:19 2015 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Mon Nov 09 13:43:55 2015 -0800
tree	eb7eb0617575bedef3a245fb65c6095dc89ce1e2
parent	d20a46ef175079d210da8320d8c8ce32cbe8207f [diff] [blame]