profile lxc-waydroid flags=(attach_disconnected, complain, mediate_deleted) {
  #include <local/lxc-waydroid>
  /** ix,
  /system/bin/app_process Pix -> lxc-waydroid//&android_app,
  /system/bin/app_process32 Pix -> lxc-waydroid//&android_app,
  /system/bin/app_process64 Pix -> lxc-waydroid//&android_app,
  /system/bin/adbd Pix -> lxc-waydroid//&adbd,
  /dev** rw,
  network,
  unix,
  owner /proc** rw,
  / r,
  /** r,
  /acct** rwkl,
  /acct rwkl,
  /storage** rwkl,
  /data** rwkl,
  /proc** rw,
  /sys** rw,
  /dev** rw,
  /tmp** rw,
  /var** rw,
  /run** rw,
  /mnt** rw,
  /apex** rwk,
  /sbin** rw,
  /linkerconfig** rwk,
  /system** k,
  mount,
  umount,

  capability sys_nice,
  capability wake_alarm,
  capability setpcap,
  capability setgid,
  capability setuid,
  capability sys_ptrace,
  capability sys_admin,
  capability wake_alarm,
  capability block_suspend,
  capability sys_time,
  capability net_admin,
  capability net_raw,
  capability net_bind_service,
  capability kill,
  capability dac_override,
  capability dac_read_search,
  capability fsetid,
  capability mknod,
  capability syslog,
  capability chown,
  capability sys_resource,
  capability fowner,
  capability sys_module,
  capability ipc_lock,
  capability sys_chroot,

  ptrace (read,readby,trace,tracedby) peer=lxc-waydroid,
  ptrace (read,readby,trace,tracedby) peer=android_app//&lxc-waydroid,
  ptrace (read,readby,trace,tracedby) peer=adbd//&lxc-waydroid,

  signal (send,receive) peer=lxc-waydroid,
  signal (send,receive) peer=android_app//&lxc-waydroid,
  signal (send) peer=adbd//&lxc-waydroid,
  signal (receive),
  
}

