1# idmap, when executed by installd 2type idmap, domain; 3type idmap_exec, system_file_type, exec_type, file_type; 4 5# Allow read + write access to /data/resource-cache 6allow idmap resourcecache_data_file:file create_file_perms; 7allow idmap resourcecache_data_file:dir rw_dir_perms; 8 9# Open and read from target and overlay apk files passed by argument. 10allow idmap apk_data_file:file r_file_perms; 11allow idmap apk_data_file:dir search; 12 13# Allow /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files 14allow idmap { apk_tmp_file apk_private_tmp_file }:file r_file_perms; 15allow idmap { apk_tmp_file apk_private_tmp_file }:dir search; 16 17# Allow apps access to /vendor/app 18r_dir_file(idmap, vendor_app_file) 19 20# Allow apps access to /vendor/overlay 21r_dir_file(idmap, vendor_overlay_file) 22 23# Allow the idmap2d binary to register as a service and communicate via AIDL 24binder_use(idmap) 25binder_service(idmap) 26add_service(idmap, idmap_service) 27