Alex Klyubin | fce60d3 | 2017-01-05 12:27:10 -0800 | [diff] [blame] | 1 | ### |
| 2 | ### Untrusted apps. |
| 3 | ### |
Jeff Vander Stoep | 1f7ae8e | 2020-01-20 10:14:48 +0100 | [diff] [blame] | 4 | ### This file defines the rules for untrusted apps running with |
Yuyang Huang | cfdea5f | 2023-01-18 16:52:43 +0900 | [diff] [blame] | 5 | ### targetSdkVersion >= 34. |
Jeff Vander Stoep | 1f7ae8e | 2020-01-20 10:14:48 +0100 | [diff] [blame] | 6 | ### |
| 7 | ### See public/untrusted_app.te for more information about which apps are |
| 8 | ### placed in this selinux domain. |
Alex Klyubin | fce60d3 | 2017-01-05 12:27:10 -0800 | [diff] [blame] | 9 | ### |
| 10 | |
Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 11 | typeattribute untrusted_app coredomain; |
| 12 | |
dcashman | 3e8dbf0 | 2016-12-08 11:23:34 -0800 | [diff] [blame] | 13 | app_domain(untrusted_app) |
Jeff Vander Stoep | bacb6d7 | 2017-02-13 13:33:27 -0800 | [diff] [blame] | 14 | untrusted_app_domain(untrusted_app) |
Alex Klyubin | fce60d3 | 2017-01-05 12:27:10 -0800 | [diff] [blame] | 15 | net_domain(untrusted_app) |
| 16 | bluetooth_domain(untrusted_app) |
Shiwangi Shah | ce2b6da | 2022-05-05 14:03:47 +0000 | [diff] [blame] | 17 | |
| 18 | # Allow webview to access fd shared by sdksandbox for experiments data |
| 19 | # TODO(b/229249719): Will not be supported in Android U |
| 20 | allow untrusted_app sdk_sandbox_data_file:fd use; |
| 21 | allow untrusted_app sdk_sandbox_data_file:file write; |
| 22 | |
Yuyang Huang | cfdea5f | 2023-01-18 16:52:43 +0900 | [diff] [blame] | 23 | neverallow untrusted_app sdk_sandbox_data_file:file { open create }; |