allow zygote cgroup:file { rw_file_perms setattr };
allow zygote self:capability { sys_resource };
allow zygote surfaceflinger_service:service_manager { find };
allow zygote autofill_service:service_manager { find };
allow zygote audio_service:service_manager { find };
allow zygote media_session_service:service_manager { find };
allow zygote hal_graphics_composer_default:fd use;
allow zygote surfaceflinger:fd use;

allow zygote self:netlink_route_socket { create bind getopt connect };

binder_call(zygote, servicemanager)
binder_call(zygote, system_server)
binder_call(zygote, hwservicemanager)
binder_call(zygote, audioserver)
binder_call(zygote, surfaceflinger)
binder_call(zygote, netd)
get_prop(zygote, test_harness_prop)


allow zygote activity_task_service:service_manager find;
allow zygote audio_service:service_manager find;
allow zygote autofill_service:service_manager find;
allow zygote batteryproperties_service:service_manager find;
allow zygote companion_device_service:service_manager find;
allow zygote deviceidle_service:service_manager find;
#allow zygote dynamic_system_service:service_manager find;
#allow zygote emergency_data_file:dir search;
allow zygote gpu_service:service_manager find;
allow zygote gpuservice:binder call;
#allow zygote hal_bluetooth_hwservice:hwservice_manager find;
allow zygote hal_graphics_allocator_default:fd use;
allow zygote hwservicemanager_prop:file { getattr map open read };
allow zygote location_service:service_manager find;
allow zygote media_session_service:service_manager find;
allow zygote misc_user_data_file:dir search;
allow zygote netd:binder call;
allow zygote netpolicy_service:service_manager find;
allow zygote platform_compat_service:service_manager find;
allow zygote priv_app:binder call;
allow zygote radio_service:service_manager { find };
allow zygote registry_service:service_manager find;
allow zygote role_service:service_manager find;
allow zygote self:binder { call transfer };
allow zygote self:netlink_route_socket { bind connect create getopt };
allow zygote surfaceflinger:binder call;
allow zygote system_config_service:service_manager find;
allow zygote system_data_file:dir { add_name write };
allow zygote telecom_service:service_manager find;
allow zygote test_harness_prop:file { getattr map open read };
allow zygote timedetector_service:service_manager find;
allow zygote timezonedetector_service:service_manager find;
allow zygote trust_service:service_manager find;
allow zygote uimode_service:service_manager find;
allow zygote untrusted_app_27:binder call;
allow zygote user_profile_data_file:file getattr;
allow zygote wallpaper_service:service_manager find;
allow zygote wifi_service:service_manager find;
allow zygote activity_service:service_manager find;

rw_rockchip_graphic_device(zygote)