#####################################
# gpu_access(client_domain)
# Allow client_domain to communicate with the GPU
define(`gpu_access', `
allow $1 gpu_device:dir { open read search getattr };
allow $1 gpu_device:chr_file { open read getattr ioctl map write };
allow $1 sysfs_gpu:file { getattr open read };
')