Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 400d3ac1408d34ca6ed19d7c5da65331e00edc8c^! / . / seapp_contexts
commit400d3ac1408d34ca6ed19d7c5da65331e00edc8c[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Fri Oct 30 12:43:19 2015 -0700
committerJeff Vander Stoep <jeffv@google.com>Mon Nov 09 13:43:55 2015 -0800
treeeb7eb0617575bedef3a245fb65c6095dc89ce1e2
parentd20a46ef175079d210da8320d8c8ce32cbe8207f [diff] [blame]
Add autoplay_app domain

Initial check in of empty autoplay_app.te policy file.

Create isAutoPlayApp input selector. Give this selector high precedence -
only below isSystemServer.

Add neverallow rule disallowing an app context with isAutoPlayApp=true from
running in a domain other than autoplay_app.

Change-Id: I1d06669d2f1acf953e50867dfa2b264ccaee29a4

diff --git a/seapp_contexts b/seapp_contexts
index d8d2240..5d5ad75 100644
--- a/seapp_contexts
+++ b/seapp_contexts

@@ -1,5 +1,6 @@
 # Input selectors:
 #	isSystemServer (boolean)
+#	isAutoPlayApp (boolean)
 #	isOwner (boolean)
 #	user (string)
 #	seinfo (string)
@@ -8,6 +9,7 @@
 #	isPrivApp (boolean)
 # isSystemServer=true can only be used once.
 # An unspecified isSystemServer defaults to false.
+# isAutoPlayApp=true will match apps marked by PackageManager as AutoPlay
 # isOwner=true will only match for the owner/primary user.
 # isOwner=false will only match for secondary users.
 # If unspecified, the entry can match either case.
@@ -22,15 +24,16 @@
 #
 # Precedence rules:
 # 	  (1) isSystemServer=true before isSystemServer=false.
-# 	  (2) Specified isOwner= before unspecified isOwner= boolean.
-#	  (3) Specified user= string before unspecified user= string.
-#	  (4) Fixed user= string before user= prefix (i.e. ending in *).
-#	  (5) Longer user= prefix before shorter user= prefix.
-#	  (6) Specified seinfo= string before unspecified seinfo= string.
+# 	  (2) Specified isAutoPlayApp= before unspecified isAutoPlayApp= boolean.
+# 	  (3) Specified isOwner= before unspecified isOwner= boolean.
+#	  (4) Specified user= string before unspecified user= string.
+#	  (5) Fixed user= string before user= prefix (i.e. ending in *).
+#	  (6) Longer user= prefix before shorter user= prefix.
+#	  (7) Specified seinfo= string before unspecified seinfo= string.
 #	      ':' character is reserved and may not be used.
-#	  (7) Specified name= string before unspecified name= string.
-#	  (8) Specified path= string before unspecified path= string.
-# 	  (9) Specified isPrivApp= before unspecified isPrivApp= boolean.
+#	  (8) Specified name= string before unspecified name= string.
+#	  (9) Specified path= string before unspecified path= string.
+# 	  (10) Specified isPrivApp= before unspecified isPrivApp= boolean.
 #
 # Outputs:
 #	domain (string)
@@ -79,6 +82,9 @@
 # uid's can be in shell domain
 neverallow user=shell domain=((?!shell).)*
 
+# AutoPlay Apps must run in the autoplay_app domain
+neverallow isAutoPlayApp=true domain=((?!autoplay_app).)*
+
 isSystemServer=true domain=system_server
 user=system seinfo=platform domain=system_app type=system_app_data_file
 user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
@@ -88,5 +94,6 @@
 user=shell seinfo=platform domain=shell type=shell_data_file
 user=_isolated domain=isolated_app levelFrom=user
 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
+user=_app isAutoPlayApp=true domain=autoplay_app type=autoplay_data_file levelFrom=all
 user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
 user=_app domain=untrusted_app type=app_data_file levelFrom=user