9075699a28
The change makes 'vendor_overlay_file' accessible only to few platform domains like idmap, system_server, zygote and appdomain. The overlay files contains RROs (runtime resource overlays) Bug: 36681210 Test: Boot sailfish (treble device) from wiped flashall Test: Connect to wifi and launch chrome to load few websites. Test: Launch camera and record + playback video Change-Id: I3596ca89ad51d0e7d78c75121f22ea71209ee332 Signed-off-by: Sandeep Patil <sspatil@google.com>
18 lines
563 B
Plaintext
18 lines
563 B
Plaintext
# idmap, when executed by installd
|
|
type idmap, domain;
|
|
type idmap_exec, exec_type, file_type;
|
|
|
|
# Use open file to /data/resource-cache file inherited from installd.
|
|
allow idmap installd:fd use;
|
|
allow idmap resourcecache_data_file:file { getattr read write };
|
|
|
|
# Open and read from target and overlay apk files passed by argument.
|
|
allow idmap apk_data_file:file r_file_perms;
|
|
allow idmap apk_data_file:dir search;
|
|
|
|
# Allow apps access to /vendor/app
|
|
r_dir_file(idmap, vendor_app_file)
|
|
|
|
# Allow apps access to /vendor/overlay
|
|
r_dir_file(idmap, vendor_overlay_file)
|