allow mediaserver perfd:unix_stream_socket connectto;
allow mediaserver perfd_data_file:dir search;
allow mediaserver perfd_data_file:sock_file write;
allow mediaserver sysfs_soc:dir search;
allow mediaserver sysfs_soc:file r_file_perms;
# Only allow gpu ioctl commands that have been demonstrated to be necessary.
allowxperm mediaserver gpu_device:chr_file
  ioctl { gpu_ioctls unpriv_tty_ioctls };