1# MLS override can't be used to access private app data. 2 3# Apps should not normally be mlstrustedsubject, but if they must be 4# they cannot use this to access app private data files; their own app 5# data files must use a different label. 6 7neverallow { 8 mlstrustedsubject 9 -installd 10 -iorap_prefetcherd 11 -iorap_inode2filename 12} { app_data_file privapp_data_file }:file ~{ read write map getattr ioctl lock append }; 13 14neverallow { 15 mlstrustedsubject 16 -installd 17 -iorap_prefetcherd 18 -iorap_inode2filename 19} { app_data_file privapp_data_file }:dir ~{ read getattr search }; 20 21neverallow { 22 mlstrustedsubject 23 -installd 24 -iorap_prefetcherd 25 -iorap_inode2filename 26 -system_server 27 -adbd 28 -runas 29 -zygote 30} { app_data_file privapp_data_file }:dir { read getattr search }; 31