1### 2### Untrusted_app_25 3### 4### This file defines the rules for untrusted apps running with 5### targetSdkVersion <= 25. 6### 7### Apps are labeled based on mac_permissions.xml (maps signer and 8### optionally package name to seinfo value) and seapp_contexts (maps UID 9### and optionally seinfo value to domain for process and type for data 10### directory). The untrusted_app domain is the default assignment in 11### seapp_contexts for any app with UID between APP_AID (10000) 12### and AID_ISOLATED_START (99000) if the app has no specific seinfo 13### value as determined from mac_permissions.xml. In current AOSP, this 14### domain is assigned to all non-system apps as well as to any system apps 15### that are not signed by the platform key. To move 16### a system app into a specific domain, add a signer entry for it to 17### mac_permissions.xml and assign it one of the pre-existing seinfo values 18### or define and use a new seinfo value in both mac_permissions.xml and 19### seapp_contexts. 20### 21 22typeattribute untrusted_app_25 coredomain; 23 24app_domain(untrusted_app_25) 25untrusted_app_domain(untrusted_app_25) 26net_domain(untrusted_app_25) 27bluetooth_domain(untrusted_app_25) 28 29# b/34115651 - net.dns* properties read 30# This will go away in a future Android release 31get_prop(untrusted_app_25, net_dns_prop) 32 33# b/35917228 - /proc/misc access 34# This will go away in a future Android release 35allow untrusted_app_25 proc_misc:file r_file_perms; 36 37# Access to /proc/tty/drivers, to allow apps to determine if they 38# are running in an emulated environment. 39# b/33214085 b/33814662 b/33791054 b/33211769 40# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java 41# This will go away in a future Android release 42allow untrusted_app_25 proc_tty_drivers:file r_file_perms; 43