1 # Only allow gpu ioctl commands that have been demonstrated to be necessary. 2 allowxperm { appdomain -isolated_app } gpu_device:chr_file 3 ioctl { gpu_ioctls unpriv_tty_ioctls }; 4 5 allow appdomain sysfs_soc:dir search; 6 allow appdomain sysfs_soc:file r_file_perms; 7
