Merge "Game Driver: sepolicy update for plumbing GpuStats into GpuService" am: 64c8df4a54 am: 30287cfbf1
am: 77758a0cee
Change-Id: Ic0778ac8300ba6d0d86a6ca79cf2323ddc70ad08
This commit is contained in:
Yiwei Zhang
android-build-merger
commit
a625aa7007
8 changed files with 24 additions and 2 deletions
|
|
@ -49,6 +49,7 @@
|
|||
fwk_bufferhub_hwservice
|
||||
fwk_camera_hwservice
|
||||
fwk_stats_hwservice
|
||||
gpuservice
|
||||
gsi_data_file
|
||||
gsi_metadata_file
|
||||
gsi_service
|
||||
|
|
|
|||
|
|
@ -45,6 +45,10 @@ allow ephemeral_app mediadrmserver_service:service_manager find;
|
|||
allow ephemeral_app drmserver_service:service_manager find;
|
||||
allow ephemeral_app radio_service:service_manager find;
|
||||
allow ephemeral_app ephemeral_app_api_service:service_manager find;
|
||||
allow ephemeral_app gpu_service:service_manager find;
|
||||
|
||||
# Allow ephemeral apps to interact with gpuservice
|
||||
binder_call(ephemeral_app, gpuservice)
|
||||
|
||||
# Write app-specific trace data to the Perfetto traced damon. This requires
|
||||
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# gpu service
|
||||
type gpuservice, domain, coredomain;
|
||||
# gpuservice - server for gpu stats and other gpu related services
|
||||
typeattribute gpuservice coredomain;
|
||||
type gpuservice_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(gpuservice)
|
||||
|
|
|
|||
|
|
@ -67,6 +67,10 @@ allow platform_app timezone_service:service_manager find;
|
|||
allow platform_app app_api_service:service_manager find;
|
||||
allow platform_app system_api_service:service_manager find;
|
||||
allow platform_app vr_manager_service:service_manager find;
|
||||
allow platform_app gpu_service:service_manager find;
|
||||
|
||||
# Allow platform apps to interact with gpuservice
|
||||
binder_call(platform_app, gpuservice)
|
||||
|
||||
# Access to /data/preloads
|
||||
allow platform_app preloads_data_file:file r_file_perms;
|
||||
|
|
|
|||
|
|
@ -47,6 +47,10 @@ allow priv_app radio_service:service_manager find;
|
|||
allow priv_app recovery_service:service_manager find;
|
||||
allow priv_app stats_service:service_manager find;
|
||||
allow priv_app system_api_service:service_manager find;
|
||||
allow priv_app gpu_service:service_manager find;
|
||||
|
||||
# Allow privileged apps to interact with gpuservice
|
||||
binder_call(priv_app, gpuservice)
|
||||
|
||||
# Write to /cache.
|
||||
allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms;
|
||||
|
|
|
|||
|
|
@ -66,6 +66,9 @@ binder_call(system_app, statsd)
|
|||
# Allow system apps to interact with incidentd
|
||||
binder_call(system_app, incidentd)
|
||||
|
||||
# Allow system apps to interact with gpuservice
|
||||
binder_call(system_app, gpuservice)
|
||||
|
||||
allow system_app servicemanager:service_manager list;
|
||||
# TODO: scope this down? Too broad?
|
||||
allow system_app {
|
||||
|
|
|
|||
|
|
@ -98,6 +98,10 @@ allow untrusted_app_all nfc_service:service_manager find;
|
|||
allow untrusted_app_all radio_service:service_manager find;
|
||||
allow untrusted_app_all app_api_service:service_manager find;
|
||||
allow untrusted_app_all vr_manager_service:service_manager find;
|
||||
allow untrusted_app_all gpu_service:service_manager find;
|
||||
|
||||
# Allow untrusted apps to interact with gpuservice
|
||||
binder_call(untrusted_app_all, gpuservice)
|
||||
|
||||
# Allow GMS core to access perfprofd output, which is stored
|
||||
# in /data/misc/perfprofd/. GMS core will need to list all
|
||||
|
|
|
|||
2
public/gpuservice.te
Normal file
2
public/gpuservice.te
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
# gpuservice - server for gpu stats and other gpu related services
|
||||
type gpuservice, domain;
|
||||
Loading…
Reference in a new issue