| Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 1 | typeattribute profman coredomain; |
| Jiakai Zhang | c871c1c | 2022-07-19 21:29:31 +0100 | [diff] [blame] | 2 | |
| 3 | # Allow profman to read APKs and profile files next to them by FDs passed from |
| 4 | # other programs. In addition, allow profman to acquire flocks on those files. |
| 5 | allow profman { |
| 6 | system_file |
| 7 | apk_data_file |
| 8 | vendor_app_file |
| 9 | }:file { getattr read map lock }; |
| 10 | |
| 11 | # Allow profman to use file descriptors passed from privileged programs. |
| 12 | allow profman { artd installd }:fd use; |
| Jiakai Zhang | 8ff6c55 | 2023-10-12 13:48:00 +0000 | [diff] [blame^] | 13 | |
| 14 | # Allow profman to read from memfd created by artd. |
| 15 | # profman needs to read the embedded profile that artd extracts from an APK, |
| 16 | # which is passed by a memfd. |
| 17 | allow profman artd_tmpfs:file { getattr read map lock }; |