Merge "DO NOT MERGE: Allow idmap1 to read vmdl*.tmp APK install files" into qt-dev

commit: 019037a810f5ebb4ce8316eae3eef071af03a03e [log] [tgz]
author: Winson Chiu <chiuwinson@google.com> Thu Apr 25 15:56:18 2019 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Thu Apr 25 15:56:18 2019 +0000
tree: 965a226535379040e8c36932138ad18f06a497be
parent: aa568e1c79aa8509b0c1a33dbba1872ffd874c0b [diff]
parent: 4b33d68d35107699fd34577382a05dc7b6e4c5cc [diff]
diff --git a/public/idmap.te b/public/idmap.te
index d76558a..92c649c 100644
--- a/public/idmap.te
+++ b/public/idmap.te

@@ -2,7 +2,7 @@
 type idmap, domain;
 type idmap_exec, system_file_type, exec_type, file_type;
 
-# STOPSHIP remove /system/bin/idmap and the link between idmap and installd (b/118711077)
+# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077)
 # Use open file to /data/resource-cache file inherited from installd.
 allow idmap installd:fd use;
 allow idmap resourcecache_data_file:file create_file_perms;
@@ -15,6 +15,10 @@
 allow idmap apk_data_file:file r_file_perms;
 allow idmap apk_data_file:dir search;
 
+# Allow /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files
+allow idmap { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
+allow idmap { apk_tmp_file apk_private_tmp_file }:dir search;
+
 # Allow apps access to /vendor/app
 r_dir_file(idmap, vendor_app_file)
commit	019037a810f5ebb4ce8316eae3eef071af03a03e	[log] [tgz]
author	Winson Chiu <chiuwinson@google.com>	Thu Apr 25 15:56:18 2019 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Thu Apr 25 15:56:18 2019 +0000
tree	965a226535379040e8c36932138ad18f06a497be
parent	aa568e1c79aa8509b0c1a33dbba1872ffd874c0b [diff]
parent	4b33d68d35107699fd34577382a05dc7b6e4c5cc [diff]