xref: /aosp_15_r20/system/sepolicy/public/ephemeral_app.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1*e4a36f41SAndroid Build Coastguard Worker###
2*e4a36f41SAndroid Build Coastguard Worker### Ephemeral apps.
3*e4a36f41SAndroid Build Coastguard Worker###
4*e4a36f41SAndroid Build Coastguard Worker### This file defines the security policy for apps with the ephemeral
5*e4a36f41SAndroid Build Coastguard Worker### feature.
6*e4a36f41SAndroid Build Coastguard Worker###
7*e4a36f41SAndroid Build Coastguard Worker### The ephemeral_app domain is a reduced permissions sandbox allowing
8*e4a36f41SAndroid Build Coastguard Worker### ephemeral applications to be safely installed and run. Non ephemeral
9*e4a36f41SAndroid Build Coastguard Worker### applications may also opt-in to ephemeral to take advantage of the
10*e4a36f41SAndroid Build Coastguard Worker### additional security features.
11*e4a36f41SAndroid Build Coastguard Worker###
12*e4a36f41SAndroid Build Coastguard Worker### PackageManager flags an app as ephemeral at install time.
13*e4a36f41SAndroid Build Coastguard Worker
14*e4a36f41SAndroid Build Coastguard Workertype ephemeral_app, domain;
15*e4a36f41SAndroid Build Coastguard Worker
16*e4a36f41SAndroid Build Coastguard Worker# system/sepolicy/public is for vendor-facing type and attribute definitions.
17*e4a36f41SAndroid Build Coastguard Worker# DO NOT ADD allow, neverallow, or dontaudit statements here.
18*e4a36f41SAndroid Build Coastguard Worker# Instead, add such policy rules to system/sepolicy/private/*.te.
19