gpu: add SELinux policies for GPU probe. Adds SELinux policies for gpu_probe service. These allow us to upload events to Perfetto. gpu_probe is an untrusted producer in Perfetto model, in same manner as traced_probes. Bug: 267669418 Test: see events produced when designating perfetto config. Change-Id: Id122870b14000288fc3c26aa3c49348a8f7322df

commit: 148a9232e146baf50fc4e23540b0d5f6a12f2c69 [log] [tgz]
author: Kevin DuBois <kevindubois@google.com> Wed Mar 22 22:03:49 2023 +0000
committer: Kevin DuBois <kevindubois@google.com> Fri Mar 24 21:02:20 2023 +0000
tree: ab45ea30a9347b7fb4672a6ec5389431961cd66b
parent: 1d0f49363e0873b7d436cab9178b54e91fbb5ef8 [diff]
diff --git a/gpu/sepolicy/file_contexts b/gpu/sepolicy/file_contexts
new file mode 100644
index 0000000..3752908
--- /dev/null
+++ b/gpu/sepolicy/file_contexts

@@ -0,0 +1 @@
+/vendor/bin/gpu_probe           u:object_r:gpu_probe_exec:s0

diff --git a/gpu/sepolicy/gpu_probe.te b/gpu/sepolicy/gpu_probe.te
new file mode 100644
index 0000000..d8ffb78
--- /dev/null
+++ b/gpu/sepolicy/gpu_probe.te

@@ -0,0 +1,8 @@
+# gpu_probe
+type gpu_probe_exec, exec_type, vendor_file_type, file_type;
+type gpu_probe, domain;
+
+init_daemon_domain(gpu_probe)
+allow gpu_probe gpu_device:chr_file rw_file_perms;
+
+perfetto_producer(gpu_probe)
commit	148a9232e146baf50fc4e23540b0d5f6a12f2c69	[log] [tgz]
author	Kevin DuBois <kevindubois@google.com>	Wed Mar 22 22:03:49 2023 +0000
committer	Kevin DuBois <kevindubois@google.com>	Fri Mar 24 21:02:20 2023 +0000
tree	ab45ea30a9347b7fb4672a6ec5389431961cd66b
parent	1d0f49363e0873b7d436cab9178b54e91fbb5ef8 [diff]