sepolicy/surfaceflinger.te - device/lge/mako - Git at Google

 # Grant GPU access to SurfaceFlinger
 allow surfaceflinger gpu_device:chr_file rw_file_perms;

 allow surfaceflinger sysfs:file rw_file_perms;

 # Read from /data/local/tmp
 allow surfaceflinger shell_data_file:dir search;
 allow surfaceflinger shell_data_file:file { open getattr read };
 allow surfaceflinger shell_data_file:lnk_file read;
	# Grant GPU access to SurfaceFlinger
	allow surfaceflinger gpu_device:chr_file rw_file_perms;

	allow surfaceflinger sysfs:file rw_file_perms;

	# Read from /data/local/tmp
	allow surfaceflinger shell_data_file:dir search;
	allow surfaceflinger shell_data_file:file { open getattr read };
	allow surfaceflinger shell_data_file:lnk_file read;