Add autoplay_app domain Initial check in of empty autoplay_app.te policy file. Create isAutoPlayApp input selector. Give this selector high precedence - only below isSystemServer. Add neverallow rule disallowing an app context with isAutoPlayApp=true from running in a domain other than autoplay_app. Change-Id: I1d06669d2f1acf953e50867dfa2b264ccaee29a4

commit: 400d3ac1408d34ca6ed19d7c5da65331e00edc8c [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Fri Oct 30 12:43:19 2015 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Mon Nov 09 13:43:55 2015 -0800
tree: eb7eb0617575bedef3a245fb65c6095dc89ce1e2
parent: d20a46ef175079d210da8320d8c8ce32cbe8207f [diff]
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 5a03b7f..d5853ae 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c

@@ -204,6 +204,7 @@
 key_map rules[] = {
                 /*Inputs*/
                 { .name = "isSystemServer", .type = dt_bool,   .dir = dir_in,  .data = NULL },
+                { .name = "isAutoPlayApp",  .type = dt_bool,   .dir = dir_in,  .data = NULL },
                 { .name = "isOwner",        .type = dt_bool,   .dir = dir_in,  .data = NULL },
                 { .name = "user",           .type = dt_string, .dir = dir_in,  .data = NULL },
                 { .name = "seinfo",         .type = dt_string, .dir = dir_in,  .data = NULL },
commit	400d3ac1408d34ca6ed19d7c5da65331e00edc8c	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Fri Oct 30 12:43:19 2015 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Mon Nov 09 13:43:55 2015 -0800
tree	eb7eb0617575bedef3a245fb65c6095dc89ce1e2
parent	d20a46ef175079d210da8320d8c8ce32cbe8207f [diff]