private/seapp_contexts - LeafOS-Project/android_system_sepolicy - Gitiles

 # The entries in this file define how security contexts for apps are determined.
 # Each entry lists input selectors, used to match the app, and outputs which are
 # used to determine the security contexts for matching apps.
 #
 # Input selectors:
 #       isSystemServer (boolean)
 #       isEphemeralApp (boolean)
 #       user (string)
 #       seinfo (string)
 #       name (string)
 #       isPrivApp (boolean)
 #       minTargetSdkVersion (unsigned integer)
 #       fromRunAs (boolean)
 #       isIsolatedComputeApp (boolean)
 #       isSdkSandboxNext (boolean)
 #       isSdkSandboxAudit (boolean)
 #
 # All specified input selectors in an entry must match (i.e. logical AND).
 # An unspecified string or boolean selector with no default will match any
 # value.
 # A user, or name string selector that ends in * will perform a prefix
 # match.
 # String matching is case-insensitive.
 # See external/selinux/libselinux/src/android/android_platform.c,
 # seapp_context_lookup().
 #
 # isSystemServer=true only matches the system server.
 # An unspecified isSystemServer defaults to false.
 # isEphemeralApp=true will match apps marked by PackageManager as Ephemeral
 # user=_app will match any regular app process.
 # user=_isolated will match any isolated service process.
 # user=_sdksandbox will match sdk sandbox process for an app.
 # Other values of user are matched against the name associated with the process
 # UID.
 # seinfo= matches aginst the seinfo tag for the app, determined from
 # mac_permissions.xml files.
 # The ':' character is reserved and may not be used in seinfo.
 # name= matches against the package name of the app.
 # isPrivApp=true will only match for applications preinstalled in
 #       /system/priv-app.
 # minTargetSdkVersion will match applications with a targetSdkVersion
 #       greater than or equal to the specified value. If unspecified,
 #       it has a default value of 0.
 # fromRunAs=true means the process being labeled is started by run-as. Default
 # is false.
 # isIsolatedComputeApp=true means the process re-uses an isolated Uid but not
 # restricted to run in an isolated_app domain. Processes match this selector will
 # be mapped to isolated_compute_app by default. It is expected to be used together
 # with user=_isolated. This selector should not be used unless it is intended
 # to provide isolated processes with relaxed security restrictions.
 # An unspecified isIsolatedComputeApp defaults to false.
 #
 # The sdk_sandbox_next and sdk_sandbox_audit domains are special domains for the
 # SDK sandbox process. sdk_sandbox_next defines the set of restrictions proposed
 # for the upcoming dessert release. sdk_sandbox_audit uses the same restrictions
 # as the current dessert release, with additional auditing rules for the accesses
 # we are considering forbidding in the upcoming release.
 #
 # The sdk_sandbox_next and sdk_sandbox_audit domains are special domains for the
 # SDK sandbox process. sdk_sandbox_next defines the set of restrictions proposed
 # for the upcoming dessert release. sdk_sandbox_audit uses the same restrictions
 # as the current dessert release, with additional auditing rules for the accesses
 # we are considering forbidding in the upcoming release.
 #
 # isSdkSandboxNext=true means sdk sandbox processes will get
 # sdk_sandbox_next sepolicy applied to them.
 # An unspecified isSdkSandboxNext defaults to false.
 #
 # isSdkSandboxAudit=true means sdk sandbox processes will get
 # sdk_sandbox_audit sepolicy applied to them.
 # An unspecified isSdkSandboxAudit defaults to false.
 #
 # isSdkSandboxAudit=true means sdk sandbox processes will get
 # sdk_sandbox_audit sepolicy applied to them.
 # An unspecified isSdkSandboxAudit defaults to false.
 #
 # Precedence: entries are compared using the following rules, in the order shown
 # (see external/selinux/libselinux/src/android/android_platform.c,
 # seapp_context_cmp()).
 #       (1) isSystemServer=true before isSystemServer=false.
 #       (2) Specified isEphemeralApp= before unspecified isEphemeralApp=
 #             boolean.
 #       (3) Specified user= string before unspecified user= string;
 #             more specific user= string before less specific user= string.
 #       (4) Specified seinfo= string before unspecified seinfo= string.
 #       (5) Specified name= string before unspecified name= string;
 #             more specific name= string before less specific name= string.
 #       (6) Specified isPrivApp= before unspecified isPrivApp= boolean.
 #       (7) Higher value of minTargetSdkVersion= before lower value of
 #              minTargetSdkVersion= integer. Note that minTargetSdkVersion=
 #              defaults to 0 if unspecified.
 #       (8) fromRunAs=true before fromRunAs=false.
 #       (9) Platform seapp_contexts files (system, system_ext, product) before
 #              vendor seapp_contexts files (vendor, odm).
 # (A fixed selector is more specific than a prefix, i.e. ending in *, and a
 # longer prefix is more specific than a shorter prefix.)
 # Apps are checked against entries in precedence order until the first match,
 # regardless of their order in this file.
 #
 # Duplicate entries, i.e. with identical input selectors, are not allowed.
 #
 # Outputs:
 #       domain (string)
 #       type (string)
 #       levelFrom (string; one of none, all, app, or user)
 #       level (string)
 #
 # domain= determines the label to be used for the app process; entries
 # without domain= are ignored for this purpose.
 # type= specifies the label to be used for the app data directory; entries
 # without type= are ignored for this purpose. The label specified must
 # have the app_data_file_type attribute.
 # levelFrom and level are used to determine the level (sensitivity + categories)
 # for MLS/MCS.
 # levelFrom=none omits the level.
 # levelFrom=app determines the level from the process UID.
 # levelFrom=user determines the level from the user ID.
 # levelFrom=all determines the level from both UID and user ID.
 #
 # levelFrom=user is only supported for _app or _isolated UIDs.
 # levelFrom=app or levelFrom=all is only supported for _app UIDs.
 # level may be used to specify a fixed level for any UID.
 #
 # For backwards compatibility levelFromUid=true is equivalent to levelFrom=app
 # and levelFromUid=false is equivalent to levelFrom=none.
 #
 #
 # Neverallow Assertions
 # Additional compile time assertion checks for the rules in this file can be
 # added as well. The assertion
 # rules are lines beginning with the keyword neverallow. Full support for PCRE
 # regular expressions exists on all input and output selectors. Neverallow
 # rules are never output to the built seapp_contexts file. Like all keywords,
 # neverallows are case-insensitive. A neverallow is asserted when all key value
 # inputs are matched on a key value rule line.
 #

 # only the system server can be assigned the system_server domains
 neverallow isSystemServer=false domain=system_server
 neverallow isSystemServer=false domain=system_server_startup
 neverallow isSystemServer="" domain=system_server
 neverallow isSystemServer="" domain=system_server_startup

 # system domains should never be assigned outside of system uid
 neverallow user=((?!system).)* domain=system_app
 neverallow user=((?!system).)* type=system_app_data_file

 # any non priv-app with a non-known uid with a specified name should have a specified
 # seinfo
 neverallow user=_app isPrivApp=false name=.* seinfo=""
 neverallow user=_app isPrivApp=false name=.* seinfo=default

 # neverallow shared relro to any other domain
 # and neverallow any other uid into shared_relro
 neverallow user=shared_relro domain=((?!shared_relro).)*
 neverallow user=((?!shared_relro).)* domain=shared_relro

 # neverallow non-isolated uids into isolated_app domain
 # and vice versa
 neverallow user=_isolated isIsolatedComputeApp=false domain=((?!isolated_app).)*
 neverallow user=((?!_isolated).)* domain=isolated_app

 # neverallow isolatedComputeApp into domains other than isolated_compute_app
 neverallow user=_isolated isIsolatedComputeApp=true domain=((?!isolated_compute_app).)*

 # uid shell should always be in shell domain, however non-shell
 # uid's can be in shell domain
 neverallow user=shell domain=((?!shell).)*

 # only the package named com.android.shell can run in the shell domain
 neverallow domain=shell name=((?!com\.android\.shell).)*
 neverallow user=shell name=((?!com\.android\.shell).)*

 # Ephemeral Apps must run in the ephemeral_app domain
 neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*

 isSystemServer=true domain=system_server_startup

 # sdksandbox must run in an sdksandbox domain
 neverallow user=_sdksandbox domain=((?!sdk_sandbox).)*

 user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
 user=system seinfo=platform domain=system_app type=system_app_data_file
 user=system seinfo=platform isPrivApp=true name=com.android.DeviceAsWebcam domain=device_as_webcam type=system_app_data_file levelFrom=all
 user=bluetooth seinfo=bluetooth domain=bluetooth type=bluetooth_data_file
 user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
 # NFC stack signed with platform cert needed for maintaining backwards comptibility for -next release config.
 user=nfc seinfo=platform domain=nfc type=nfc_data_file
 user=nfc seinfo=nfc domain=nfc type=nfc_data_file
 user=secure_element seinfo=platform domain=secure_element levelFrom=all
 user=radio seinfo=platform domain=radio type=radio_data_file
 user=shared_relro domain=shared_relro levelFrom=all
 user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file
 user=webview_zygote seinfo=webview_zygote domain=webview_zygote
 user=_isolated domain=isolated_app levelFrom=user
 user=_isolated isIsolatedComputeApp=true domain=isolated_compute_app levelFrom=user
 user=_sdksandbox domain=sdk_sandbox_34 type=sdk_sandbox_data_file levelFrom=all
 user=_sdksandbox isSdkSandboxNext=true domain=sdk_sandbox_next type=sdk_sandbox_data_file levelFrom=all
 user=_sdksandbox isSdkSandboxAudit=true domain=sdk_sandbox_audit type=sdk_sandbox_data_file levelFrom=all
 user=_app seinfo=app_zygote domain=app_zygote levelFrom=user
 user=_app seinfo=media domain=mediaprovider type=app_data_file levelFrom=user
 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
 user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
 user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
 user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
 user=_app seinfo=media isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
 user=_app seinfo=media isPrivApp=true name=com.android.providers.media.module:* domain=mediaprovider_app type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.google.android.providers.media.module:* domain=mediaprovider_app type=privapp_data_file levelFrom=all
 user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.android.rkpdapp domain=rkpdapp type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.google.android.rkpdapp domain=rkpdapp type=privapp_data_file levelFrom=all
 user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user
 user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
 user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
 user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user
 user=_app minTargetSdkVersion=34 domain=untrusted_app type=app_data_file levelFrom=all
 user=_app minTargetSdkVersion=32 domain=untrusted_app_32 type=app_data_file levelFrom=all
 user=_app minTargetSdkVersion=30 domain=untrusted_app_30 type=app_data_file levelFrom=all
 user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all
 user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
 user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
 user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
 user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all
 user=_app fromRunAs=true domain=runas_app levelFrom=user
	# The entries in this file define how security contexts for apps are determined.
	# Each entry lists input selectors, used to match the app, and outputs which are
	# used to determine the security contexts for matching apps.
	#
	# Input selectors:
	# isSystemServer (boolean)
	# isEphemeralApp (boolean)
	# user (string)
	# seinfo (string)
	# name (string)
	# isPrivApp (boolean)
	# minTargetSdkVersion (unsigned integer)
	# fromRunAs (boolean)
	# isIsolatedComputeApp (boolean)
	# isSdkSandboxNext (boolean)
	# isSdkSandboxAudit (boolean)
	#
	# All specified input selectors in an entry must match (i.e. logical AND).
	# An unspecified string or boolean selector with no default will match any
	# value.
	# A user, or name string selector that ends in * will perform a prefix
	# match.
	# String matching is case-insensitive.
	# See external/selinux/libselinux/src/android/android_platform.c,
	# seapp_context_lookup().
	#
	# isSystemServer=true only matches the system server.
	# An unspecified isSystemServer defaults to false.
	# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral
	# user=_app will match any regular app process.
	# user=_isolated will match any isolated service process.
	# user=_sdksandbox will match sdk sandbox process for an app.
	# Other values of user are matched against the name associated with the process
	# UID.
	# seinfo= matches aginst the seinfo tag for the app, determined from
	# mac_permissions.xml files.
	# The ':' character is reserved and may not be used in seinfo.
	# name= matches against the package name of the app.
	# isPrivApp=true will only match for applications preinstalled in
	# /system/priv-app.
	# minTargetSdkVersion will match applications with a targetSdkVersion
	# greater than or equal to the specified value. If unspecified,
	# it has a default value of 0.
	# fromRunAs=true means the process being labeled is started by run-as. Default
	# is false.
	# isIsolatedComputeApp=true means the process re-uses an isolated Uid but not
	# restricted to run in an isolated_app domain. Processes match this selector will
	# be mapped to isolated_compute_app by default. It is expected to be used together
	# with user=_isolated. This selector should not be used unless it is intended
	# to provide isolated processes with relaxed security restrictions.
	# An unspecified isIsolatedComputeApp defaults to false.
	#
	# The sdk_sandbox_next and sdk_sandbox_audit domains are special domains for the
	# SDK sandbox process. sdk_sandbox_next defines the set of restrictions proposed
	# for the upcoming dessert release. sdk_sandbox_audit uses the same restrictions
	# as the current dessert release, with additional auditing rules for the accesses
	# we are considering forbidding in the upcoming release.
	#
	# The sdk_sandbox_next and sdk_sandbox_audit domains are special domains for the
	# SDK sandbox process. sdk_sandbox_next defines the set of restrictions proposed
	# for the upcoming dessert release. sdk_sandbox_audit uses the same restrictions
	# as the current dessert release, with additional auditing rules for the accesses
	# we are considering forbidding in the upcoming release.
	#
	# isSdkSandboxNext=true means sdk sandbox processes will get
	# sdk_sandbox_next sepolicy applied to them.
	# An unspecified isSdkSandboxNext defaults to false.
	#
	# isSdkSandboxAudit=true means sdk sandbox processes will get
	# sdk_sandbox_audit sepolicy applied to them.
	# An unspecified isSdkSandboxAudit defaults to false.
	#
	# isSdkSandboxAudit=true means sdk sandbox processes will get
	# sdk_sandbox_audit sepolicy applied to them.
	# An unspecified isSdkSandboxAudit defaults to false.
	#
	# Precedence: entries are compared using the following rules, in the order shown
	# (see external/selinux/libselinux/src/android/android_platform.c,
	# seapp_context_cmp()).
	# (1) isSystemServer=true before isSystemServer=false.
	# (2) Specified isEphemeralApp= before unspecified isEphemeralApp=
	# boolean.
	# (3) Specified user= string before unspecified user= string;
	# more specific user= string before less specific user= string.
	# (4) Specified seinfo= string before unspecified seinfo= string.
	# (5) Specified name= string before unspecified name= string;
	# more specific name= string before less specific name= string.
	# (6) Specified isPrivApp= before unspecified isPrivApp= boolean.
	# (7) Higher value of minTargetSdkVersion= before lower value of
	# minTargetSdkVersion= integer. Note that minTargetSdkVersion=
	# defaults to 0 if unspecified.
	# (8) fromRunAs=true before fromRunAs=false.
	# (9) Platform seapp_contexts files (system, system_ext, product) before
	# vendor seapp_contexts files (vendor, odm).
	# (A fixed selector is more specific than a prefix, i.e. ending in *, and a
	# longer prefix is more specific than a shorter prefix.)
	# Apps are checked against entries in precedence order until the first match,
	# regardless of their order in this file.
	#
	# Duplicate entries, i.e. with identical input selectors, are not allowed.
	#
	# Outputs:
	# domain (string)
	# type (string)
	# levelFrom (string; one of none, all, app, or user)
	# level (string)
	#
	# domain= determines the label to be used for the app process; entries
	# without domain= are ignored for this purpose.
	# type= specifies the label to be used for the app data directory; entries
	# without type= are ignored for this purpose. The label specified must
	# have the app_data_file_type attribute.
	# levelFrom and level are used to determine the level (sensitivity + categories)
	# for MLS/MCS.
	# levelFrom=none omits the level.
	# levelFrom=app determines the level from the process UID.
	# levelFrom=user determines the level from the user ID.
	# levelFrom=all determines the level from both UID and user ID.
	#
	# levelFrom=user is only supported for _app or _isolated UIDs.
	# levelFrom=app or levelFrom=all is only supported for _app UIDs.
	# level may be used to specify a fixed level for any UID.
	#
	# For backwards compatibility levelFromUid=true is equivalent to levelFrom=app
	# and levelFromUid=false is equivalent to levelFrom=none.
	#
	#
	# Neverallow Assertions
	# Additional compile time assertion checks for the rules in this file can be
	# added as well. The assertion
	# rules are lines beginning with the keyword neverallow. Full support for PCRE
	# regular expressions exists on all input and output selectors. Neverallow
	# rules are never output to the built seapp_contexts file. Like all keywords,
	# neverallows are case-insensitive. A neverallow is asserted when all key value
	# inputs are matched on a key value rule line.
	#

	# only the system server can be assigned the system_server domains
	neverallow isSystemServer=false domain=system_server
	neverallow isSystemServer=false domain=system_server_startup
	neverallow isSystemServer="" domain=system_server
	neverallow isSystemServer="" domain=system_server_startup

	# system domains should never be assigned outside of system uid
	neverallow user=((?!system).)* domain=system_app
	neverallow user=((?!system).)* type=system_app_data_file

	# any non priv-app with a non-known uid with a specified name should have a specified
	# seinfo
	neverallow user=_app isPrivApp=false name=.* seinfo=""
	neverallow user=_app isPrivApp=false name=.* seinfo=default

	# neverallow shared relro to any other domain
	# and neverallow any other uid into shared_relro
	neverallow user=shared_relro domain=((?!shared_relro).)*
	neverallow user=((?!shared_relro).)* domain=shared_relro

	# neverallow non-isolated uids into isolated_app domain
	# and vice versa
	neverallow user=_isolated isIsolatedComputeApp=false domain=((?!isolated_app).)*
	neverallow user=((?!_isolated).)* domain=isolated_app

	# neverallow isolatedComputeApp into domains other than isolated_compute_app
	neverallow user=_isolated isIsolatedComputeApp=true domain=((?!isolated_compute_app).)*

	# uid shell should always be in shell domain, however non-shell
	# uid's can be in shell domain
	neverallow user=shell domain=((?!shell).)*

	# only the package named com.android.shell can run in the shell domain
	neverallow domain=shell name=((?!com\.android\.shell).)*
	neverallow user=shell name=((?!com\.android\.shell).)*

	# Ephemeral Apps must run in the ephemeral_app domain
	neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*

	isSystemServer=true domain=system_server_startup

	# sdksandbox must run in an sdksandbox domain
	neverallow user=_sdksandbox domain=((?!sdk_sandbox).)*

	user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
	user=system seinfo=platform domain=system_app type=system_app_data_file
	user=system seinfo=platform isPrivApp=true name=com.android.DeviceAsWebcam domain=device_as_webcam type=system_app_data_file levelFrom=all
	user=bluetooth seinfo=bluetooth domain=bluetooth type=bluetooth_data_file
	user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
	# NFC stack signed with platform cert needed for maintaining backwards comptibility for -next release config.
	user=nfc seinfo=platform domain=nfc type=nfc_data_file
	user=nfc seinfo=nfc domain=nfc type=nfc_data_file
	user=secure_element seinfo=platform domain=secure_element levelFrom=all
	user=radio seinfo=platform domain=radio type=radio_data_file
	user=shared_relro domain=shared_relro levelFrom=all
	user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file
	user=webview_zygote seinfo=webview_zygote domain=webview_zygote
	user=_isolated domain=isolated_app levelFrom=user
	user=_isolated isIsolatedComputeApp=true domain=isolated_compute_app levelFrom=user
	user=_sdksandbox domain=sdk_sandbox_34 type=sdk_sandbox_data_file levelFrom=all
	user=_sdksandbox isSdkSandboxNext=true domain=sdk_sandbox_next type=sdk_sandbox_data_file levelFrom=all
	user=_sdksandbox isSdkSandboxAudit=true domain=sdk_sandbox_audit type=sdk_sandbox_data_file levelFrom=all
	user=_app seinfo=app_zygote domain=app_zygote levelFrom=user
	user=_app seinfo=media domain=mediaprovider type=app_data_file levelFrom=user
	user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
	user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all
	user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user
	user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
	user=_app seinfo=media isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
	user=_app seinfo=media isPrivApp=true name=com.android.providers.media.module:* domain=mediaprovider_app type=privapp_data_file levelFrom=all
	user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
	user=_app isPrivApp=true name=com.google.android.providers.media.module:* domain=mediaprovider_app type=privapp_data_file levelFrom=all
	user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
	user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
	user=_app isPrivApp=true name=com.android.rkpdapp domain=rkpdapp type=privapp_data_file levelFrom=all
	user=_app isPrivApp=true name=com.google.android.rkpdapp domain=rkpdapp type=privapp_data_file levelFrom=all
	user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user
	user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
	user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
	user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user
	user=_app minTargetSdkVersion=34 domain=untrusted_app type=app_data_file levelFrom=all
	user=_app minTargetSdkVersion=32 domain=untrusted_app_32 type=app_data_file levelFrom=all
	user=_app minTargetSdkVersion=30 domain=untrusted_app_30 type=app_data_file levelFrom=all
	user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all
	user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
	user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
	user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
	user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all
	user=_app fromRunAs=true domain=runas_app levelFrom=user