private/mlstrustedsubject.te - platform/system/sepolicy - Git at Google

 # MLS override can't be used to access private app data.

 # Apps should not normally be mlstrustedsubject, but if they must be
 # they cannot use this to access app private data files; their own app
 # data files must use a different label.

 neverallow {
   mlstrustedsubject
   -installd
   -iorap_prefetcherd
   -iorap_inode2filename
 } { app_data_file privapp_data_file }:file ~{ read write map getattr ioctl lock append };

 neverallow {
   mlstrustedsubject
   -installd
   -iorap_prefetcherd
   -iorap_inode2filename
 } { app_data_file privapp_data_file }:dir ~{ read getattr search };

 neverallow {
   mlstrustedsubject
   -installd
   -iorap_prefetcherd
   -iorap_inode2filename
   -system_server
   -adbd
   -runas
   -zygote
 } { app_data_file privapp_data_file }:dir { read getattr search };
	# MLS override can't be used to access private app data.

	# Apps should not normally be mlstrustedsubject, but if they must be
	# they cannot use this to access app private data files; their own app
	# data files must use a different label.

	neverallow {
	mlstrustedsubject
	-installd
	-iorap_prefetcherd
	-iorap_inode2filename
	} { app_data_file privapp_data_file }:file ~{ read write map getattr ioctl lock append };

	neverallow {
	mlstrustedsubject
	-installd
	-iorap_prefetcherd
	-iorap_inode2filename
	} { app_data_file privapp_data_file }:dir ~{ read getattr search };

	neverallow {
	mlstrustedsubject
	-installd
	-iorap_prefetcherd
	-iorap_inode2filename
	-system_server
	-adbd
	-runas
	-zygote
	} { app_data_file privapp_data_file }:dir { read getattr search };