Clarify comments on 3rd party app attributes.
Certain classes of 3rd party apps aren't untrusted_app_domain, but
some comments surrounding this are either outdated or wrong.
Bug: 168753404
Test: N/A
Change-Id: I019c16e26a3778536132f22c37fbea5ae7781af4
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 4acc0e8..bc90450 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -2,7 +2,8 @@
### Untrusted_app_all.
###
### This file defines the rules shared by all untrusted app domains except
-### ephemeral_app for instant apps.
+### ephemeral_app for instant apps and isolated_app (which has a reduced
+### permission set).
### Apps are labeled based on mac_permissions.xml (maps signer and
### optionally package name to seinfo value) and seapp_contexts (maps UID
### and optionally seinfo value to domain for process and type for data
diff --git a/public/attributes b/public/attributes
index 75b0c25..3582a09 100644
--- a/public/attributes
+++ b/public/attributes
@@ -184,7 +184,7 @@
# All domains used for apps.
attribute appdomain;
-# All third party apps.
+# All third party apps (except isolated_app and ephemeral_app)
attribute untrusted_app_all;
# All domains used for apps with network access.