allow ephemeral_app self:process { ptrace };
rw_rockchip_graphic_device(ephemeral_app)