1# idmap, when executed by installd 2type idmap, domain; 3type idmap_exec, exec_type, file_type; 4 5# Use open file to /data/resource-cache file inherited from installd. 6allow idmap installd:fd use; 7allow idmap resourcecache_data_file:file { getattr read write }; 8 9# Ignore reading /proc/<pid>/maps after a fork. 10dontaudit idmap installd:file read; 11 12# Open and read from target and overlay apk files passed by argument. 13allow idmap apk_data_file:file r_file_perms; 14allow idmap apk_data_file:dir search; 15 16# Allow apps access to /vendor/app 17r_dir_file(idmap, vendor_app_file) 18 19# Allow apps access to /vendor/overlay 20r_dir_file(idmap, vendor_overlay_file) 21