# Extra permissions needed for translated processes:
# - Access to exagear.* system properties.
# - RWX mappings for the ExaGear JIT compiler.
# - Access to memfd in /proc/self/fd/*.
define(`exagear_translated', `
  allow $1 self:process execmem;
  allow $1 $2:file { open read write getattr map };
  get_prop($1, exagear_prop);
  allow $1 tango32_device:chr_file rw_file_perms;
')
