1allow hal_memtrack debugfs_kgsl:dir search; 2allow hal_memtrack debugfs_kgsl:file { open read getattr }; 3 4# Memtrack reads proc/<pid>/cmdline to check if process is surfaceflinger. 5# Grant access if that's the case; don't log denials for other processes. 6allow hal_memtrack surfaceflinger:file read; 7dontaudit hal_memtrack { domain -surfaceflinger}:file read; 8