1# rules removed from the domain attribute 2 3# Read files already opened under /data. 4allow domain_deprecated system_data_file:file { getattr read }; 5allow domain_deprecated system_data_file:lnk_file r_file_perms; 6 7# Read apk files under /data/app. 8allow domain_deprecated apk_data_file:dir { getattr search }; 9allow domain_deprecated apk_data_file:file r_file_perms; 10allow domain_deprecated apk_data_file:lnk_file r_file_perms; 11 12# Read access to pseudo filesystems. 13r_dir_file(domain_deprecated, proc) 14r_dir_file(domain_deprecated, sysfs) 15