allow kernel hw_block_device:blk_file rw_file_perms;
allow kernel vfat:file open;
allow kernel self:socket create;
allow kernel unlabeled:file { open read };