1# Domain to run Surround View App (com.android.surroundview) 2# Defined outside `userdebug_or_eng` to ensure domain exists for seapp_contexts reference. 3type surroundview_app, domain; 4app_domain(surroundview_app) 5 6userdebug_or_eng(` 7 # Allow use of EVS service 8 hal_client_domain(surroundview_app, hal_evs) 9 hal_client_domain(surroundview_app, hal_vehicle) 10 11 # Allow "find" permission on certain system services, surfaced as required by SELinux logs. 12 # As far as understood, the reference app does not use some of these (e.g. autofill_service), 13 # but the app will not run without them. 14 allow surroundview_app { 15 activity_service 16 audio_service 17 autofill_service 18 content_capture_service 19 game_service 20 gpu_service 21 hint_service 22 surfaceflinger_service 23 }:service_manager find; 24 25 # Allow R+W /data subdirectory. 26 allow surroundview_app system_app_data_file:dir { getattr search }; 27 allow surroundview_app system_app_data_file:file { open }; 28 allow surroundview_app system_data_file:dir search; 29 allow surroundview_app user_profile_root_file:dir search; 30') 31