1# MLS override can't be used to access private app data.
2
3# Apps should not normally be mlstrustedsubject, but if they must be
4# they cannot use this to access app private data files; their own app
5# data files must use a different label.
6
7neverallow {
8  mlstrustedsubject
9  -installd
10  -iorap_prefetcherd
11  -iorap_inode2filename
12} { app_data_file privapp_data_file }:file ~{ read write map getattr ioctl lock append };
13
14neverallow {
15  mlstrustedsubject
16  -installd
17  -iorap_prefetcherd
18  -iorap_inode2filename
19} { app_data_file privapp_data_file }:dir ~{ read getattr search };
20
21neverallow {
22  mlstrustedsubject
23  -installd
24  -iorap_prefetcherd
25  -iorap_inode2filename
26  -system_server
27  -adbd
28  -runas
29  -zygote
30} { app_data_file privapp_data_file }:dir { read getattr search };
31