# PQ
allow untrusted_app pq_service:service_manager find;

# thermal
allow untrusted_app thermal_sysfs:file r_file_perms;