allow mediaserver sysfs_soc:dir search;
allow mediaserver sysfs_soc:file r_file_perms;
# Only allow gpu ioctl commands that have been demonstrated to be necessary.
allowxperm mediaserver gpu_device:chr_file
  ioctl { gpu_ioctls unpriv_tty_ioctls };