Correct documentation in untrusted_app_all
Rules defined in utrusted_app_all do not apply to all untrusted apps,
update the comments to reflect that.
Test: builds
Change-Id: I6f064bd93c13d8341128d941be34fdfaa0bec5da
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 73aa79e..bf95936 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -2,7 +2,8 @@
### Untrusted_app_all.
###
### This file defines the rules shared by all untrusted app domains except
-### ephemeral apps.
+### apps which target the v2 security sandbox (ephemeral_app for instant apps,
+### untrusted_v2_app for fully installed v2 apps).
### Apps are labeled based on mac_permissions.xml (maps signer and
### optionally package name to seinfo value) and seapp_contexts (maps UID
### and optionally seinfo value to domain for process and type for data
@@ -17,6 +18,8 @@
### or define and use a new seinfo value in both mac_permissions.xml and
### seapp_contexts.
###
+### Note that rules that should apply to all untrusted apps must be in app.te or also
+### added to untrusted_v2_app.te and ephemeral_app.te.
# Legacy text relocations
allow untrusted_app_all apk_data_file:file execmod;