commit 4635b26fbc82668f525d59fd0c95b8ac38e1cf66
author Nick Kralevich <nnk@google.com> Tue Sep 23 12:56:31 2014 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Sep 23 12:56:31 2014 +0000
tree f303f1d12e6152cb925b93746836a03309593ed9
parent b54f92bbf49c94ae9246b0e6b5b900100aada869
parent a833763ba04147e840fd054b613f759395bada35

Merge "Enable per-user isolation for normal apps."

app.te

diff --git a/app.te b/app.te
index 1fb53e6..2a6b270 100644
--- a/app.te
+++ b/app.te
@@ -316,8 +316,8 @@
     { create write setattr relabelfrom relabelto append unlink link rename };
 
 # Access to factory files.
-neverallow appdomain
-    efs_file:dir_file_class_set { read write };
+neverallow appdomain efs_file:dir_file_class_set write;
+neverallow { appdomain -shell } efs_file:dir_file_class_set read;
 
 # Write to various pseudo file systems.
 neverallow { appdomain -bluetooth -nfc }

su.te

diff --git a/su.te b/su.te
index 73ca514..6870684 100644
--- a/su.te
+++ b/su.te
@@ -5,7 +5,7 @@
   # Domain used for su processes, as well as for adbd and adb shell
   # after performing an adb root command.  The domain definition is
   # wrapped to ensure that it does not exist at all on -user builds.
-  type su, domain;
+  type su, domain, mlstrustedsubject;
   domain_auto_trans(shell, su_exec, su)
 
   # Allow dumpstate to call su on userdebug / eng builds to collect