1 files changed, 4 insertions, 0 deletions

diff --git a/sepolicy/hal_memtrack.te b/sepolicy/hal_memtrack.te
new file mode 100644
index 0000000..51bd527
--- /dev/null
+++ b/sepolicy/hal_memtrack.te
@@ -0,0 +1,4 @@
+# Memtrack reads proc/<pid>/cmdline to check if process is surfaceflinger.
+# Grant access if that's the case; don't log denials for other processes.
+allow hal_memtrack surfaceflinger:file read;
+dontaudit hal_memtrack { domain -surfaceflinger}:file read;