1 # idmap, when executed by installd 2 type idmap, domain; 3 type idmap_exec, exec_type, file_type; 4 5 # Use open file to /data/resource-cache file inherited from installd. 6 allow idmap installd:fd use; 7 allow idmap resourcecache_data_file:file { getattr read write }; 8 9 # Open and read from target and overlay apk files passed by argument. 10 allow idmap apk_data_file:file r_file_perms; 11 allow idmap apk_data_file:dir search; 12 13 # Allow apps access to /vendor/app 14 r_dir_file(idmap, vendor_app_file) 15 16 # Allow apps access to /vendor/overlay 17 r_dir_file(idmap, vendor_overlay_file) 18
