type debugfs_kgsl, debugfs_type, fs_type;

allow domain debugfs_kgsl:dir search;

allow hal_memtrack debugfs_kgsl:dir search;
allow hal_memtrack debugfs_kgsl:file { open read getattr };

# Memtrack reads proc/<pid>/cmdline to check if process is surfaceflinger.
# Grant access if that's the case; don't log denials for other processes.
allow hal_memtrack surfaceflinger:file read;
dontaudit hal_memtrack { domain -surfaceflinger}:file read;