Background: I have customized an AOSP distribution and created a custom OTA updater service to integrate with it. But whenever I call the updater service, the following error message is generated:

E/SELinux: avc: denied { find } for service=android.os.UpdateEngineService pid=22801 uid=10024 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:update_engine_service:s0 tclass=service_manager permissive=0

Diagnosis: Based on the error message, our app is being built as a platform_app. As a result, we are not being allowed to access the path '/data/' on the system.

Possible solution: There might be two approaches towards the solution:

1. Build the app as a system_app

OR,

2. Build the app as a plaform_app and change SELinux config so that the app is granted necessary access to '/data/' on the system.

Main question: Am I heading towards the right direction with the understanding and possible solutions stated here? If not, what am I missing and what should be done in order to fix this issue?