allow mediacodec perfd:unix_stream_socket connectto; | |
allow mediacodec perfd_data_file:dir search; | |
allow mediacodec perfd_data_file:sock_file write; | |
allow mediacodec system_file:dir r_dir_perms; | |
allow mediacodec sysfs_soc:dir search; | |
allow mediacodec sysfs_soc:file r_file_perms; | |
# Only allow gpu ioctl commands that have been demonstrated to be necessary. | |
allowxperm mediacodec gpu_device:chr_file | |
ioctl { gpu_ioctls unpriv_tty_ioctls }; |