1 allow mediaserver perfd:unix_stream_socket connectto; 2 allow mediaserver perfd_data_file:dir search; 3 allow mediaserver perfd_data_file:sock_file write; 4 allow mediaserver sysfs_soc:dir search; 5 allow mediaserver sysfs_soc:file r_file_perms; 6 # Only allow gpu ioctl commands that have been demonstrated to be necessary. 7 allowxperm mediaserver gpu_device:chr_file 8 ioctl { gpu_ioctls unpriv_tty_ioctls }; 9
