allow priv_app device:dir { open read };
allow priv_app fuseblk:dir { add_name open read search read write };
allow priv_app fuseblk:file { create getattr open read write };