1 # rules removed from the domain attribute 2 3 # Read files already opened under /data. 4 allow domain_deprecated system_data_file:file { getattr read }; 5 allow domain_deprecated system_data_file:lnk_file r_file_perms; 6 7 # Read apk files under /data/app. 8 allow domain_deprecated apk_data_file:dir { getattr search }; 9 allow domain_deprecated apk_data_file:file r_file_perms; 10 allow domain_deprecated apk_data_file:lnk_file r_file_perms; 11 12 # Read access to pseudo filesystems. 13 r_dir_file(domain_deprecated, proc) 14 r_dir_file(domain_deprecated, sysfs) 15
