In the app data file, there is lib direction: lib -> /data/app-lib/com.android.providers.settings. For example if a process has domain A_domain. There is a requirement that allow A_domian open lib and create file inside it.
To implement the requirement , we need two part of policy. One part is : allow A_domian system_app_data_file :lnk_file {open, read,getattr} another part is: allow A_domian system_data_file: file create_file_perms allow A_domian system_data_file: dir {write, add_name} requirement------------- I want to open link and create file inside it. policy----------------------I should have allow rule to open and read link. ------------------------------And I also should have allow rules to open and write dir which the link pointed to. two part policy is needed to implement the requirement Is that right? I am looking forward to your answer. Thanks advance.