PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d9514b860e
android_system_sepolicy/private/gpuservice.te
Jeffrey Huang b481e320a1 GpuService binder call StatsManagerService 
This binder call is needed because we want to migrate
libstatspull to use StatsManagerService instead of Statsd

The binder call to statsd can be removed after the migration.

Test: m -j
Bug: 148641240
Change-Id: Id1387a2cbe74ba8d84f4973c6e4d17c5e0b88009
2020-02-06 11:54:33 -08:00

49 lines
1.6 KiB
Plaintext
Raw Blame History

# gpuservice - server for gpu stats and other gpu related services
typeattribute gpuservice coredomain;
type gpuservice_exec, system_file_type, exec_type, file_type;
init_daemon_domain(gpuservice)
binder_call(gpuservice, adbd)
binder_call(gpuservice, shell)
binder_call(gpuservice, system_server)
binder_use(gpuservice)
# Access the GPU.
allow gpuservice gpu_device:chr_file rw_file_perms;
# GPU service will need to load GPU driver, for example Vulkan driver in order
# to get the capability of the driver.
allow gpuservice same_process_hal_file:file { open read getattr execute map };
allow gpuservice ion_device:chr_file r_file_perms;
get_prop(gpuservice, hwservicemanager_prop)
hwbinder_use(gpuservice)
# Access /dev/graphics/fb0.
allow gpuservice graphics_device:dir search;
allow gpuservice graphics_device:chr_file rw_file_perms;
# Needed for dumpsys pipes.
allow gpuservice shell:fifo_file write;
# Use socket supplied by adbd, for cmd gpu vkjson etc.
allow gpuservice adbd:unix_stream_socket { read write getattr };
# Needed for interactive shell
allow gpuservice devpts:chr_file { read write getattr };
# Needed for dumpstate to dumpsys gpu.
allow gpuservice dumpstate:fd use;
allow gpuservice dumpstate:fifo_file write;
# Needed for stats callback registration to statsd.
allow gpuservice stats_service:service_manager find;
allow gpuservice statsmanager_service:service_manager find;
# TODO(b/146461633): remove this once native pullers talk to StatsManagerService
binder_call(gpuservice, statsd);
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
# userdebug_or_eng(`permissive gpuservice;')
Reference in New Issue View Git Blame Copy Permalink