1# Input selectors: 2# isSystemServer (boolean) 3# isEphemeralApp (boolean) 4# isV2App (boolean) 5# isOwner (boolean) 6# user (string) 7# seinfo (string) 8# name (string) 9# path (string) 10# isPrivApp (boolean) 11# minTargetSdkVersion (unsigned integer) 12# isSystemServer=true can only be used once. 13# An unspecified isSystemServer defaults to false. 14# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral 15# isV2App=true will match apps in the v2 app sandbox. 16# isOwner=true will only match for the owner/primary user. 17# isOwner=false will only match for secondary users. 18# If unspecified, the entry can match either case. 19# An unspecified string selector will match any value. 20# A user string selector that ends in * will perform a prefix match. 21# user=_app will match any regular app UID. 22# user=_isolated will match any isolated service UID. 23# isPrivApp=true will only match for applications preinstalled in 24# /system/priv-app. 25# minTargetSdkVersion will match applications with a targetSdkVersion 26# greater than or equal to the specified value. If unspecified, 27# it has a default value of 0. 28# All specified input selectors in an entry must match (i.e. logical AND). 29# Matching is case-insensitive. 30# 31# Precedence rules (see external/selinux/libselinux/src/android/android.c seapp_context_cmp()): 32# (1) isSystemServer=true before isSystemServer=false. 33# (2) Specified isEphemeralApp= before unspecified isEphemeralApp= boolean. 34# (3) Specified isV2App= before unspecified isV2App= boolean. 35# (4) Specified isOwner= before unspecified isOwner= boolean. 36# (5) Specified user= string before unspecified user= string. 37# (6) Fixed user= string before user= prefix (i.e. ending in *). 38# (7) Longer user= prefix before shorter user= prefix. 39# (8) Specified seinfo= string before unspecified seinfo= string. 40# ':' character is reserved and may not be used. 41# (9) Specified name= string before unspecified name= string. 42# (10) Specified path= string before unspecified path= string. 43# (11) Specified isPrivApp= before unspecified isPrivApp= boolean. 44# (12) Higher value of minTargetSdkVersion= before lower value of minTargetSdkVersion= 45# integer. Note that minTargetSdkVersion= defaults to 0 if unspecified. 46# 47# Outputs: 48# domain (string) 49# type (string) 50# levelFrom (string; one of none, all, app, or user) 51# level (string) 52# Only entries that specify domain= will be used for app process labeling. 53# Only entries that specify type= will be used for app directory labeling. 54# levelFrom=user is only supported for _app or _isolated UIDs. 55# levelFrom=app or levelFrom=all is only supported for _app UIDs. 56# level may be used to specify a fixed level for any UID. 57# 58# 59# Neverallow Assertions 60# Additional compile time assertion checks can be added as well. The assertion 61# rules are lines beginning with the keyword neverallow. Full support for PCRE 62# regular expressions exists on all input and output selectors. Neverallow 63# rules are never output to the built seapp_contexts file. Like all keywords, 64# neverallows are case-insensitive. A neverallow is asserted when all key value 65# inputs are matched on a key value rule line. 66# 67 68# only the system server can be in system_server domain 69neverallow isSystemServer=false domain=system_server 70neverallow isSystemServer="" domain=system_server 71 72# system domains should never be assigned outside of system uid 73neverallow user=((?!system).)* domain=system_app 74neverallow user=((?!system).)* type=system_app_data_file 75 76# anything with a non-known uid with a specified name should have a specified seinfo 77neverallow user=_app name=.* seinfo="" 78neverallow user=_app name=.* seinfo=default 79 80# neverallow shared relro to any other domain 81# and neverallow any other uid into shared_relro 82neverallow user=shared_relro domain=((?!shared_relro).)* 83neverallow user=((?!shared_relro).)* domain=shared_relro 84 85# neverallow non-isolated uids into isolated_app domain 86# and vice versa 87neverallow user=_isolated domain=((?!isolated_app).)* 88neverallow user=((?!_isolated).)* domain=isolated_app 89 90# uid shell should always be in shell domain, however non-shell 91# uid's can be in shell domain 92neverallow user=shell domain=((?!shell).)* 93 94# only the package named com.android.shell can run in the shell domain 95neverallow domain=shell name=((?!com\.android\.shell).)* 96neverallow user=shell name=((?!com\.android\.shell).)* 97 98# Ephemeral Apps must run in the ephemeral_app domain 99neverallow isEphemeralApp=true domain=((?!ephemeral_app).)* 100 101isSystemServer=true domain=system_server 102user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all 103user=system seinfo=platform domain=system_app type=system_app_data_file 104user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file 105user=nfc seinfo=platform domain=nfc type=nfc_data_file 106user=secure_element seinfo=platform domain=secure_element levelFrom=all 107user=radio seinfo=platform domain=radio type=radio_data_file 108user=shared_relro domain=shared_relro 109user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file 110user=webview_zygote seinfo=webview_zygote domain=webview_zygote 111user=_isolated domain=isolated_app levelFrom=all 112user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user 113user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user 114user=_app isV2App=true isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all 115user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user 116user=_app minTargetSdkVersion=28 domain=untrusted_app type=app_data_file levelFrom=all 117user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user 118user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user 119