Correct documentation in untrusted_app_all

Rules defined in utrusted_app_all do not apply to all untrusted apps, update the comments to reflect that. Test: builds Change-Id: I6f064bd93c13d8341128d941be34fdfaa0bec5da

Correct documentation in untrusted_app_all
Rules defined in utrusted_app_all do not apply to all untrusted apps, update the comments to reflect that. Test: builds Change-Id: I6f064bd93c13d8341128d941be34fdfaa0bec5da
eda4b88d · Chad Brubaker · 53b2c809 · eda4b88d
Commit eda4b88d authored 8 years ago by Chad Brubaker
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -2,7 +2,8 @@
 ### Untrusted_app_all.
 ###
 ### This file defines the rules shared by all untrusted app domains except
-### ephemeral apps.
+### apps which target the v2 security sandbox (ephemeral_app for instant apps,
+### untrusted_v2_app for fully installed v2 apps).
 ### Apps are labeled based on mac_permissions.xml (maps signer and
 ### optionally package name to seinfo value) and seapp_contexts (maps UID
 ### and optionally seinfo value to domain for process and type for data
@@ -17,6 +18,8 @@
 ### or define and use a new seinfo value in both mac_permissions.xml and
 ### seapp_contexts.
 ###
+### Note that rules that should apply to all untrusted apps must be in app.te or also
+### added to untrusted_v2_app.te and ephemeral_app.te.
 # Legacy text relocations
 allow untrusted_app_all apk_data_file:file execmod;