#####################################
# gpu_access(client_domain)
# Allow client_domain to communicate with the GPU
define(`gpu_access', `
allow $1 dri_device:dir { open read search };
allow $1 sysfs_gpu:dir search;
allow $1 gpu_device:chr_file { getattr ioctl map open read write };
allow $1 graphics_device:chr_file { getattr };
allow $1 sysfs_gpu:file { getattr open read };
')