allow hal_memtrack debugfs_kgsl:dir search;
allow hal_memtrack debugfs_kgsl:file { open read getattr };

# Memtrack reads proc/<pid>/cmdline to check if process is surfaceflinger.
# Grant access if that's the case; don't log denials for other processes.
allow hal_memtrack surfaceflinger:file read;
dontaudit hal_memtrack { domain -surfaceflinger}:file read;