Add additional sepolicy rules for gpuservice
Allow gpuservice to access read/write BPF maps. Bug: b/213577594 Change-Id: I487754c008a53819715a6bfc5da10182d87de413
This commit is contained in:
parent
2832f957e7
commit
4c834adc0a
@ -262,6 +262,7 @@ genfscon tracefs /events/power/clock_disable/ u:objec
|
||||
genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/power/gpu_work_period/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
|
||||
genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
|
||||
@ -326,6 +327,7 @@ genfscon debugfs /tracing/events/power/clock_disable/
|
||||
genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/power/gpu_work_period/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/power/suspend_resume/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0
|
||||
|
@ -51,11 +51,12 @@ allow gpuservice self:perf_event { cpu kernel open write };
|
||||
neverallow gpuservice self:perf_event ~{ cpu kernel open write };
|
||||
|
||||
# Needed for interact with bpf fs.
|
||||
# Write is needed to open read/write bpf maps.
|
||||
allow gpuservice fs_bpf:dir search;
|
||||
allow gpuservice fs_bpf:file read;
|
||||
allow gpuservice fs_bpf:file { read write };
|
||||
|
||||
# Needed for enable the bpf program and read the map.
|
||||
allow gpuservice bpfloader:bpf { map_read prog_run };
|
||||
# Needed for enabling bpf programs and accessing bpf maps (read-only and read/write).
|
||||
allow gpuservice bpfloader:bpf { map_read map_write prog_run };
|
||||
|
||||
# Needed for getting a prop to ensure bpf programs loaded.
|
||||
get_prop(gpuservice, bpf_progs_loaded_prop)
|
||||
|
Loading…
Reference in New Issue
Block a user