vndbinder_use(hal_drm_default);
allow hal_drm_default vndbinder_device:chr_file { ioctl open read write };
hal_server_domain(hal_drm_default, hal_drm)

allow hal_drm_default self:process execmem;
allow hal_drm_default system_file:dir { open read };
allow hal_drm_default mediadrm_vendor_data_file:dir { add_name create write getattr search };
allow hal_drm_default mediadrm_vendor_data_file:file { create read open write lock};
allow hal_drm_default storage_device:chr_file { ioctl open read write };

rw_rockchip_graphic_device(hal_drm_default)