1# Domain to run ExperimentalCarService (com.android.experimentalcar)
2type experimentalcarservice_app, domain, coredomain, mlstrustedsubject;
3app_domain(experimentalcarservice_app);
4
5allow experimentalcarservice_app wifi_service:service_manager find;
6
7# Allow access certain to system services.
8# Keep alphabetically sorted.
9allow experimentalcarservice_app {
10    accessibility_service
11    activity_service
12    activity_task_service
13    audio_service
14    audioserver_service
15    autofill_service
16    bluetooth_manager_service
17    carservice_service
18    connectivity_service
19    content_service
20    deviceidle_service
21    display_service
22    graphicsstats_service
23    input_method_service
24    input_service
25    location_service
26    lock_settings_service
27    media_session_service
28    network_management_service
29    netstats_service
30    power_service
31    procfsinspector_service
32    sensorservice_service
33    surfaceflinger_service
34    telecom_service
35    tethering_service
36    uimode_service
37    voiceinteraction_service
38}:service_manager find;
39
40# Read and write /data/data subdirectory.
41allow experimentalcarservice_app system_app_data_file:dir create_dir_perms;
42allow experimentalcarservice_app system_app_data_file:{ file lnk_file } create_file_perms;
43# R/W /data/system/car
44allow experimentalcarservice_app system_car_data_file:dir create_dir_perms;
45allow experimentalcarservice_app system_car_data_file:{ file lnk_file } create_file_perms;
46
47net_domain(experimentalcarservice_app)
48
49allow experimentalcarservice_app cgroup:file rw_file_perms;
50
51# Allow finding game_service and content_capture_service
52allow experimentalcarservice_app content_capture_service:service_manager find;
53allow experimentalcarservice_app game_service:service_manager find;
54