# Grant GPU access to SurfaceFlinger allow surfaceflinger gpu_device:chr_file rw_file_perms; allow surfaceflinger sysfs:file rw_file_perms; # Read from /data/local/tmp allow surfaceflinger shell_data_file:dir search; allow surfaceflinger shell_data_file:file { open getattr read }; allow surfaceflinger shell_data_file:lnk_file read;