sepolicy: allow app to access gpuservice Previously we have allowed many kinds of app processes to access gpuservice. However, upon sharing files through bluetooth, bluetooth process starts an activity to handle this task. At the meanwhile, any processes with an activity launched shall access gpuservice for stats purpose. This change amends the rules so that we don't miss anything. Bug: 153472854 Test: use bluetooth to share a photo and check logcat Change-Id: I3d620b703d3afe92ac1f61cfb2a2f343352ddd4d

commit: f3adf2eaaf5cf1a2aa228dac924c470270e081d6 [log] [tgz]
author: Yiwei Zhang <zzyiwei@google.com> Tue Apr 14 20:39:39 2020 -0700
committer: Yiwei Zhang <zzyiwei@google.com> Wed Apr 15 05:36:23 2020 -0700
tree: 85faff9a39510fc9b4d35c9ad09e47f99b0acdff
parent: 951106b990092743fb178cefb1e97ce1668b2878 [diff]
diff --git a/public/app.te b/public/app.te
index e5b9fd6..433bb7d 100644
--- a/public/app.te
+++ b/public/app.te

@@ -219,6 +219,8 @@
 binder_call(appdomain, appdomain)
 # Perform binder IPC to ephemeral apps.
 binder_call(appdomain, ephemeral_app)
+# Perform binder IPC to gpuservice.
+binder_call({ appdomain -isolated_app }, gpuservice)
 
 # Talk with graphics composer fences
 allow appdomain hal_graphics_composer:fd use;
commit	f3adf2eaaf5cf1a2aa228dac924c470270e081d6	[log] [tgz]
author	Yiwei Zhang <zzyiwei@google.com>	Tue Apr 14 20:39:39 2020 -0700
committer	Yiwei Zhang <zzyiwei@google.com>	Wed Apr 15 05:36:23 2020 -0700
tree	85faff9a39510fc9b4d35c9ad09e47f99b0acdff
parent	951106b990092743fb178cefb1e97ce1668b2878 [diff]