1type debugfs_kgsl, debugfs_type, fs_type; 2 3allow domain debugfs_kgsl:dir search; 4 5allow hal_memtrack debugfs_kgsl:dir search; 6allow hal_memtrack debugfs_kgsl:file { open read getattr }; 7 8# Memtrack reads proc/<pid>/cmdline to check if process is surfaceflinger. 9# Grant access if that's the case; don't log denials for other processes. 10allow hal_memtrack surfaceflinger:file read; 11dontaudit hal_memtrack { domain -surfaceflinger}:file read; 12