| Alex Klyubin | f5446eb | 2017-03-23 14:27:32 -0700 | [diff] [blame] | 1 | typeattribute idmap coredomain; |
| MÃ¥rten Kongstad | f62362d | 2018-06-15 08:08:19 +0200 | [diff] [blame] | 2 | |
| 3 | init_daemon_domain(idmap) |
| Inseob Kim | 75806ef | 2024-03-27 17:18:41 +0900 | [diff] [blame] | 4 | |
| 5 | # Allow read + write access to /data/resource-cache |
| 6 | allow idmap resourcecache_data_file:file create_file_perms; |
| 7 | allow idmap resourcecache_data_file:dir rw_dir_perms; |
| 8 | |
| 9 | # Open and read from target and overlay apk files passed by argument. |
| 10 | allow idmap apk_data_file:file r_file_perms; |
| 11 | allow idmap apk_data_file:dir search; |
| 12 | |
| 13 | # Allow /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files |
| 14 | allow idmap { apk_tmp_file apk_private_tmp_file }:file r_file_perms; |
| 15 | allow idmap { apk_tmp_file apk_private_tmp_file }:dir search; |
| 16 | |
| 17 | # Allow apps access to /vendor/app |
| 18 | r_dir_file(idmap, vendor_app_file) |
| 19 | |
| 20 | # Allow apps access to /vendor/overlay |
| 21 | r_dir_file(idmap, vendor_overlay_file) |
| 22 | |
| 23 | # Allow the idmap2d binary to register as a service and communicate via AIDL |
| 24 | binder_use(idmap) |
| 25 | binder_service(idmap) |
| 26 | add_service(idmap, idmap_service) |