1 # idmap, when executed by installd 2 type idmap, domain; 3 type idmap_exec, exec_type, file_type; 4 5 # Use open file to /data/resource-cache file inherited from installd. 6 allow idmap installd:fd use; 7 allow idmap resourcecache_data_file:file { getattr read write }; 8 9 # Ignore reading /proc/<pid>/maps after a fork. 10 dontaudit idmap installd:file read; 11 12 # Open and read from target and overlay apk files passed by argument. 13 allow idmap apk_data_file:file r_file_perms; 14 allow idmap apk_data_file:dir search; 15 16 # Allow apps access to /vendor/app 17 r_dir_file(idmap, vendor_app_file) 18 19 # Allow apps access to /vendor/overlay 20 r_dir_file(idmap, vendor_overlay_file) 21
