[SEPolicy] Configure policy for gpu service.
Historically GPU service lives in SurfaceFlinger as a convenient hack.
Howerver, SurfaceFlinger doesn't need to know about anything specific about GPU
capability, and shouldn't know about anything about GPU. This patch moves GPU
service out of SurfaceFlinger.
GPU service is a service that accesses to GPU driver, queries GPU capabilities
and reports back. Currently we use this information in CTS and some benchmarks.
BUG: 118347356
Test: Build, flash and boot, use `adb shell cmd gpu vkjson` to verify
Change-Id: I007989e0f3f73b5caf80277979986820dd127c32
diff --git a/private/system_server.te b/private/system_server.te
index a96b82b..1edea50 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -173,6 +173,8 @@
# Communicate over a socket created by surfaceflinger.
allow system_server surfaceflinger:unix_stream_socket { read write setopt };
+allow system_server gpuservice:unix_stream_socket { read write setopt };
+
# Communicate over a socket created by webview_zygote.
allow system_server webview_zygote:unix_stream_socket { read write connectto setopt };
@@ -254,6 +256,7 @@
audioserver
cameraserver
drmserver
+ gpuservice
inputflinger
mediadrmserver
mediaextractor
@@ -651,6 +654,7 @@
allow system_server fingerprintd_service:service_manager find;
allow system_server hal_fingerprint_service:service_manager find;
allow system_server gatekeeper_service:service_manager find;
+allow system_server gpu_service:service_manager find;
allow system_server incident_service:service_manager find;
allow system_server installd_service:service_manager find;
allow system_server keystore_service:service_manager find;