platform_system_sepolicy/idmap.te

# idmap, when executed by installd
type idmap, domain;
type idmap_exec, exec_type, file_type;

# Use open file to /data/resource-cache file inherited from installd.
allow idmap installd:fd use;
allow idmap resourcecache_data_file:file { getattr read write };

# Open and read from target and overlay apk files passed by argument.
allow idmap apk_data_file:file r_file_perms;