Split system_app from system. system_app is for apps that run in the system UID, e.g. Settings. system is for the system_server. Split them into separate files and note their purpose in the comment header of each file. Change-Id: I19369abc728ba2159fd50ae6b230828857e19f10 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 8840fa7f85e60fc4abd3cedf7cbfc2cd98a4d473 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Wed Sep 11 11:37:46 2013 -0400
committer: Nick Kralevich <nnk@google.com> Fri Sep 13 15:09:11 2013 -0700
tree: 2ff098a716a809545c9a7061c1b0b25a0ad663d8
parent: a62d5c667984435fd9ba3bf1eb11d4fdaa3849c1 [diff] [blame]
diff --git a/system_app.te b/system_app.te
new file mode 100644
index 0000000..61a18db
--- /dev/null
+++ b/system_app.te

@@ -0,0 +1,9 @@
+#
+# Apps that run with the system UID, e.g. com.android.system.ui,
+# com.android.settings.  These are not as privileged as the system
+# server.
+#
+type system_app, domain;
+permissive system_app;
+app_domain(system_app)
+unconfined_domain(system_app)
commit	8840fa7f85e60fc4abd3cedf7cbfc2cd98a4d473	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed Sep 11 11:37:46 2013 -0400
committer	Nick Kralevich <nnk@google.com>	Fri Sep 13 15:09:11 2013 -0700
tree	2ff098a716a809545c9a7061c1b0b25a0ad663d8
parent	a62d5c667984435fd9ba3bf1eb11d4fdaa3849c1 [diff] [blame]