# Description: Can play video
# Usage: common
# android-based access. Remove once move away from binder (LP: #1197134)
/dev/binder rw,
/dev/ashmem rw,

# gstreamer - should these be application specific?
owner @{HOME}/.gstreamer*/registry.*.bin*       r,
owner @{HOME}/.cache/gstreamer*/registry.*.bin* r,
deny @{HOME}/.gstreamer*/registry.*.bin*        w,
deny @{HOME}/.cache/gstreamer*/registry.*.bin*  w,
deny @{HOME}/.gstreamer*/                       w,
deny @{HOME}/.cache/gstreamer*/                 w,
# gstreamer writes JIT compiled code in the form of orcexec.* files. Various
# locations are tried so silence the ones we won't permit anyway
deny /tmp/orcexec* w,
deny /{,var/}run/user/*/orcexec* w,

# Hardware-specific accesses
#include "/usr/share/apparmor/hardware/video.d"
