Add privapp flag to libselinux
Run privileged apps in their own domain. Search seinfo string for
":privapp" specifier.
Motivation:
Untrusted_app is overprivileged due to the inclusion of privileged
apps like gmscore, play store and finsky. Moving these and other
privileged apps to their own domain reduces the permissions required
by untrusted_app.
A separate priv_app domain also protects priv-apps by further
isolating them from third party apps.
Bug: 22033466
Change-Id: I6e85ae13cbd130415600ecc25ef8ac053a19d0d8
1 file changed