| typeattribute profman coredomain; | |
| # Allow profman to read APKs and profile files next to them by FDs passed from | |
| # other programs. In addition, allow profman to acquire flocks on those files. | |
| allow profman { | |
| system_file | |
| apk_data_file | |
| vendor_app_file | |
| }:file { getattr read map lock }; | |
| # Allow profman to use file descriptors passed from privileged programs. | |
| allow profman { artd installd }:fd use; |