Stephen Smalley committed 525a224

Switch app_* and isolated to _app and _isolated in seapp_contexts.

The app_* syntax was a legacy of the original approach of looking up
the username returned by getpwuid() and the original username encoding
scheme by bionic. With the recent changes to move away from this approach,
there is no reason to retain that syntax. Instead, just use _app to match
app UIDs and _isolated to match isolated service UIDs. The underscore
prefix is to signify that these are not real usernames and to avoid
conflicts with any system usernames.

Requires a corresponding change to sepolicy.

Change-Id: I21f9f88415b653c1bf6332fc100d91d969c9da64
Signed-off-by: Stephen Smalley <>

  • Participants
  • Parent commits d23b9e0

Comments (0)

Files changed (1)

File src/android.c

 		if (!username)
 			goto err;
 	} else if (appid < AID_ISOLATED_START) {
-		username = "app_";
+		username = "_app";
 		appid -= AID_APP;
 	} else {
-		username = "isolated";
+		username = "_isolated";