I am a junior AOSP developer, I have myservice application with type of coredomain,

type myservice, domain, coredomain, mlstrustedsubject;

I need to open functionfs objects, but adding allow myservice functionfs:file { read write }; faces neverallowed error!

I added /dev/usb-ffs/mygadeht(/.*)? u:object_r:functionfs_file:s0 to file_contexts file and rule allow myservice functionfs_file:file { open read write }; to myservice.te file.

But still opening functionfs object like /dev/usb-ffs/mygadeht/ep0 fails. It works in permissive mode!

Android version is 12.