1 # Only allow gpu ioctl commands that have been demonstrated to be necessary.
2 allowxperm { appdomain -isolated_app } gpu_device:chr_file
3 ioctl { gpu_ioctls unpriv_tty_ioctls };
4
5 allow appdomain sysfs_soc:dir search;
6 allow appdomain sysfs_soc:file r_file_perms;
7