1# Input selectors: 2# isSystemServer (boolean) 3# user (string) 4# seinfo (string) 5# name (string) 6# isSystemServer=true can only be used once. 7# An unspecified boolean defaults to false. 8# An unspecified string selector will match any value. 9# A user string selector that ends in * will perform a prefix match. 10# seinfo= is only used when looking up app process security contexts. 11# All specified input selectors in an entry must match (i.e. logical AND). 12# Matching is case-insensitive. 13# Precedence rules: 14# (1) isSystemServer=true before isSystemServer=false. 15# (2) Specified user= string before unspecified user= string. 16# (3) Fixed user= string before user= prefix (i.e. ending in *). 17# (4) Longer user= prefix before shorter user= prefix. 18# (5) Specified seinfo= string before unspecified seinfo= string. 19# (6) Specified name= string before unspecified name= string. 20# 21# Outputs: 22# domain (string) 23# type (string) 24# levelFromUid (boolean) 25# level (string) 26# Only entries that specify domain= will be used for app process labeling. 27# Only entries that specify type= will be used for app directory labeling. 28# levelfromUid is only supported for app UIDs presently. 29# level may be used to specify a fixed level for any UID. 30# 31isSystemServer=true domain=system 32user=system domain=system_app type=system_data_file 33user=nfc domain=nfc type=nfc_data_file 34user=radio domain=radio type=radio_data_file 35user=app_* domain=untrusted_app type=app_data_file levelFromUid=true 36user=app_* seinfo=systemApp domain=trusted_app levelFromUid=true 37user=app_* seinfo=systemApp name=com.android.browser domain=browser_app levelFromUid=true 38