Clarify meaning of untrusted_app and app domain assignment logic.
The current inline documentation is not entirely accurate and caused user confusion, e.g. see: https://groups.google.com/d/msg/android-security-discuss/javBrPT8ius/C4EVEFUu4ZoJ Try to clarify the meaning of untrusted_app, how app domains are assigned, and how to move other system apps out of untrusted_app into a different domain. Change-Id: I98d344dd078fe9e2738b68636adaabda1f4b3c3a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
b73d321ad0
commit
d823f83e54
@ -1,9 +1,20 @@
|
||||
###
|
||||
### Untrusted apps.
|
||||
###
|
||||
### This file defines the rules for untrusted apps. An "untrusted
|
||||
### app" is an APP with UID between APP_AID (10000)
|
||||
### and AID_ISOLATED_START (99000).
|
||||
### This file defines the rules for untrusted apps.
|
||||
### Apps are labeled based on mac_permissions.xml (maps signer and
|
||||
### optionally package name to seinfo value) and seapp_contexts (maps UID
|
||||
### and optionally seinfo value to domain for process and type for data
|
||||
### directory). The untrusted_app domain is the default assignment in
|
||||
### seapp_contexts for any app with UID between APP_AID (10000)
|
||||
### and AID_ISOLATED_START (99000) if the app has no specific seinfo
|
||||
### value as determined from mac_permissions.xml. In current AOSP, this
|
||||
### domain is assigned to all non-system apps as well as to any system apps
|
||||
### that are not signed by one of the four platform keys. To move
|
||||
### a system app into a specific domain, add a signer entry for it to
|
||||
### mac_permissions.xml and assign it one of the pre-existing seinfo values
|
||||
### or define and use a new seinfo value in both mac_permissions.xml and
|
||||
### seapp_contexts.
|
||||
###
|
||||
### untrusted_app includes all the appdomain rules, plus the
|
||||
### additional following rules:
|
||||
|
Loading…
Reference in New Issue
Block a user