blob: d0f9b2417d540ef4ed20dcb4c09cbd691db2874e [file] [log] [blame]
Alex Klyubinfce60d32017-01-05 12:27:10 -08001###
2### Untrusted apps.
3###
Jeff Vander Stoep1f7ae8e2020-01-20 10:14:48 +01004### This file defines the rules for untrusted apps running with
Yuyang Huangcfdea5f2023-01-18 16:52:43 +09005### targetSdkVersion >= 34.
Jeff Vander Stoep1f7ae8e2020-01-20 10:14:48 +01006###
7### See public/untrusted_app.te for more information about which apps are
8### placed in this selinux domain.
Alex Klyubinfce60d32017-01-05 12:27:10 -08009###
10
Alex Klyubinf5446eb2017-03-23 14:27:32 -070011typeattribute untrusted_app coredomain;
12
dcashman3e8dbf02016-12-08 11:23:34 -080013app_domain(untrusted_app)
Jeff Vander Stoepbacb6d72017-02-13 13:33:27 -080014untrusted_app_domain(untrusted_app)
Alex Klyubinfce60d32017-01-05 12:27:10 -080015net_domain(untrusted_app)
16bluetooth_domain(untrusted_app)
Shiwangi Shahce2b6da2022-05-05 14:03:47 +000017
18# Allow webview to access fd shared by sdksandbox for experiments data
19# TODO(b/229249719): Will not be supported in Android U
20allow untrusted_app sdk_sandbox_data_file:fd use;
21allow untrusted_app sdk_sandbox_data_file:file write;
22
Yuyang Huangcfdea5f2023-01-18 16:52:43 +090023neverallow untrusted_app sdk_sandbox_data_file:file { open create };