1# idmap, when executed by installd 2type idmap, domain; 3type idmap_exec, exec_type, file_type; 4 5# Use open file to /data/resource-cache file inherited from installd. 6allow idmap installd:fd use; 7allow idmap resourcecache_data_file:file { getattr read write }; 8 9# Open and read from target and overlay apk files passed by argument. 10allow idmap apk_data_file:file r_file_perms; 11allow idmap apk_data_file:dir search; 12 13# Allow apps access to /vendor/app 14r_dir_file(idmap, vendor_app_file) 15 16# Allow apps access to /vendor/overlay 17r_dir_file(idmap, vendor_overlay_file) 18