Add gpu_device access to isolated_compute_app
Currently all apps except `isolated_app_all` already have this access. Since `isolated_compute_app` is a special case of `isolated_app` with relaxed security restrictions to allow hardware acceleration use cases - it is safe to extend the same access as rest of the apps(system/sepolicy/private/app.te;l=389-394), to `isolated_compute_app`.
Test: tested with latest build, gpu inference works without any permission denials.
Bug: 368056520
Change-Id: I5b512cff0d2e68efc03fdc626970b29546ed9f7b
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index bc3ed3d..2791c53 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -186,6 +186,7 @@
# access given from technical_debt.cil
"codec2_config_prop" : ["file"],
"device_config_nnapi_native_prop":["file"],
+ "gpu_device": ["dir"],
"hal_allocator_default":["binder", "fd"],
"hal_codec2": ["binder", "fd"],
"hal_codec2_hwservice":["hwservice_manager"],
@@ -210,6 +211,7 @@
"media_variant_prop":["file"],
"nnapi_ext_deny_product_prop":["file"],
"servicemanager":["fd"],
+ "sysfs_gpu": ["file"],
"toolbox_exec": ["file"],
# extra types being granted to isolated_compute_app
"isolated_compute_allowed":["service_manager", "chr_file"],