1 allow hal_memtrack debugfs_kgsl:dir search; 2 allow hal_memtrack debugfs_kgsl:file { open read getattr }; 3 4 # Memtrack reads proc/<pid>/cmdline to check if process is surfaceflinger. 5 # Grant access if that's the case; don't log denials for other processes. 6 allow hal_memtrack surfaceflinger:file read; 7 dontaudit hal_memtrack { domain -surfaceflinger}:file read; 8
