commit ea2941b84b51f7921c9f8a57858c7eabaebe4e56
author Suren Baghdasaryan <surenb@google.com> Thu May 27 18:22:41 2021 -0700
committer Suren Baghdasaryan <surenb@google.com> Fri Jun 11 20:59:53 2021 +0000
tree 543c7379e42b39a21d50764b230fe5701a4a5bdb
parent 03b80a12e4a6b287d4f21576b30a61fe1b293c08

sepolicy: Allow lmkd to access bpf map to read GPU allocation statistics

Lmkd needs read access to /sys/fs/bpf/map_gpu_mem_gpu_mem_total_map BPF
map to obtain information on GPU memory allocations.

Bug: 189366037
Test: lmkd_unit_test
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I59ded4bc5ec97861e50b4fd1fdd6efb23990b79c

private/lmkd.te

diff --git a/private/lmkd.te b/private/lmkd.te
index fef3a89..ec9a93e 100644
--- a/private/lmkd.te
+++ b/private/lmkd.te
@@ -8,4 +8,8 @@
 # Set lmkd.* properties.
 set_prop(lmkd, lmkd_prop)
 
+allow lmkd fs_bpf:dir search;
+allow lmkd fs_bpf:file read;
+allow lmkd bpfloader:bpf map_read;
+
 neverallow { domain -init -lmkd -vendor_init } lmkd_prop:property_service set;