allow surfaceflinger sysfs:file write;
allow surfaceflinger self:unix_stream_socket ioctl;
allow surfaceflinger htserver_service:service_manager find;
allow surfaceflinger activity_service:service_manager find;
allow surfaceflinger awinit:binder call;
allow surfaceflinger self:capability { net_admin dac_override };
allow surfaceflinger vendor_file:file { execute getattr open read };