6d8fa69548
This is a trivial change to seapp_contexts to force a relabel of /data/data directories by PMS/installd by yielding a different hash value for comparison against /data/system/seapp_hash. This change does not alter any actual app process or data directory labeling decisions. The seapp_contexts entries are sorted upon loading by libselinux to match the precedence rules described in the comment header, so ordering in this file should not matter. This should not be merged before the code changes with the same Change-Id. Change-Id: Ie440cba2c96f0907458086348197e1506d31c1b6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
49 lines
2.1 KiB
Plaintext
49 lines
2.1 KiB
Plaintext
# Input selectors:
|
|
# isSystemServer (boolean)
|
|
# user (string)
|
|
# seinfo (string)
|
|
# name (string)
|
|
# path (string)
|
|
# sebool (string)
|
|
# isSystemServer=true can only be used once.
|
|
# An unspecified isSystemServer defaults to false.
|
|
# An unspecified string selector will match any value.
|
|
# A user string selector that ends in * will perform a prefix match.
|
|
# user=_app will match any regular app UID.
|
|
# user=_isolated will match any isolated service UID.
|
|
# All specified input selectors in an entry must match (i.e. logical AND).
|
|
# Matching is case-insensitive.
|
|
# Precedence rules:
|
|
# (1) isSystemServer=true before isSystemServer=false.
|
|
# (2) Specified user= string before unspecified user= string.
|
|
# (3) Fixed user= string before user= prefix (i.e. ending in *).
|
|
# (4) Longer user= prefix before shorter user= prefix.
|
|
# (5) Specified seinfo= string before unspecified seinfo= string.
|
|
# (6) Specified name= string before unspecified name= string.
|
|
# (7) Specified path= string before unspecified path= string.
|
|
# (8) Specified sebool= string before unspecified sebool= string.
|
|
#
|
|
# Outputs:
|
|
# domain (string)
|
|
# type (string)
|
|
# levelFrom (string; one of none, all, app, or user)
|
|
# level (string)
|
|
# Only entries that specify domain= will be used for app process labeling.
|
|
# Only entries that specify type= will be used for app directory labeling.
|
|
# levelFrom=user is only supported for _app or _isolated UIDs.
|
|
# levelFrom=app or levelFrom=all is only supported for _app UIDs.
|
|
# level may be used to specify a fixed level for any UID.
|
|
#
|
|
isSystemServer=true domain=system_server
|
|
user=system domain=system_app type=system_data_file
|
|
user=bluetooth domain=bluetooth type=bluetooth_data_file
|
|
user=nfc domain=nfc type=nfc_data_file
|
|
user=radio domain=radio type=radio_data_file
|
|
user=shell domain=shell type=shell_data_file
|
|
user=_app domain=untrusted_app type=app_data_file
|
|
user=_app seinfo=platform domain=platform_app type=app_data_file
|
|
user=_app seinfo=shared domain=shared_app type=app_data_file
|
|
user=_app seinfo=media domain=media_app type=app_data_file
|
|
user=_app seinfo=release domain=release_app type=app_data_file
|
|
user=_isolated domain=isolated_app
|