| Yiwei Zhang | 544d6b3 | 2019-02-07 15:00:55 -0800 | [diff] [blame] | 1 | # gpuservice - server for gpu stats and other gpu related services |
| 2 | typeattribute gpuservice coredomain; |
| Peiyong Lin | 7924dc6 | 2018-11-01 13:47:51 -0700 | [diff] [blame] | 3 | type gpuservice_exec, system_file_type, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(gpuservice) |
| 6 | |
| 7 | binder_call(gpuservice, adbd) |
| 8 | binder_call(gpuservice, shell) |
| Jeffrey Huang | b481e32 | 2020-02-06 11:54:33 -0800 | [diff] [blame] | 9 | binder_call(gpuservice, system_server) |
| Peiyong Lin | 7924dc6 | 2018-11-01 13:47:51 -0700 | [diff] [blame] | 10 | binder_use(gpuservice) |
| 11 | |
| 12 | # Access the GPU. |
| 13 | allow gpuservice gpu_device:chr_file rw_file_perms; |
| 14 | |
| 15 | # GPU service will need to load GPU driver, for example Vulkan driver in order |
| 16 | # to get the capability of the driver. |
| 17 | allow gpuservice same_process_hal_file:file { open read getattr execute map }; |
| 18 | allow gpuservice ion_device:chr_file r_file_perms; |
| 19 | get_prop(gpuservice, hwservicemanager_prop) |
| 20 | hwbinder_use(gpuservice) |
| 21 | |
| 22 | # Access /dev/graphics/fb0. |
| 23 | allow gpuservice graphics_device:dir search; |
| 24 | allow gpuservice graphics_device:chr_file rw_file_perms; |
| 25 | |
| Yiwei Zhang | ff0f79c | 2018-11-27 15:21:43 -0800 | [diff] [blame] | 26 | # Needed for dumpsys pipes. |
| 27 | allow gpuservice shell:fifo_file write; |
| 28 | |
| Adithya Srinivasan | 82911e9 | 2020-06-19 11:02:28 -0700 | [diff] [blame] | 29 | # Needed for perfetto producer. |
| 30 | perfetto_producer(gpuservice) |
| 31 | |
| Peiyong Lin | 7924dc6 | 2018-11-01 13:47:51 -0700 | [diff] [blame] | 32 | # Use socket supplied by adbd, for cmd gpu vkjson etc. |
| 33 | allow gpuservice adbd:unix_stream_socket { read write getattr }; |
| 34 | |
| Yiwei Zhang | 6e8191e | 2019-01-23 14:28:56 -0800 | [diff] [blame] | 35 | # Needed for interactive shell |
| 36 | allow gpuservice devpts:chr_file { read write getattr }; |
| 37 | |
| Yiwei Zhang | 0051c93 | 2019-05-09 23:15:49 -0700 | [diff] [blame] | 38 | # Needed for dumpstate to dumpsys gpu. |
| 39 | allow gpuservice dumpstate:fd use; |
| 40 | allow gpuservice dumpstate:fifo_file write; |
| 41 | |
| Yiwei Zhang | dbbe3bd | 2020-02-04 15:55:59 -0800 | [diff] [blame] | 42 | # Needed for stats callback registration to statsd. |
| 43 | allow gpuservice stats_service:service_manager find; |
| Jeffrey Huang | b481e32 | 2020-02-06 11:54:33 -0800 | [diff] [blame] | 44 | allow gpuservice statsmanager_service:service_manager find; |
| 45 | # TODO(b/146461633): remove this once native pullers talk to StatsManagerService |
| Yiwei Zhang | dbbe3bd | 2020-02-04 15:55:59 -0800 | [diff] [blame] | 46 | binder_call(gpuservice, statsd); |
| 47 | |
| Yiwei Zhang | 4b63ce9 | 2020-02-18 22:58:26 -0800 | [diff] [blame] | 48 | # Needed for reading tracepoint ids in order to attach bpf programs. |
| 49 | allow gpuservice debugfs_tracing:file r_file_perms; |
| 50 | allow gpuservice self:perf_event { cpu kernel open write }; |
| 51 | neverallow gpuservice self:perf_event ~{ cpu kernel open write }; |
| 52 | |
| 53 | # Needed for interact with bpf fs. |
| 54 | allow gpuservice fs_bpf:dir search; |
| 55 | allow gpuservice fs_bpf:file read; |
| 56 | |
| 57 | # Needed for enable the bpf program and read the map. |
| 58 | allow gpuservice bpfloader:bpf { map_read prog_run }; |
| 59 | |
| 60 | # Needed for getting a prop to ensure bpf programs loaded. |
| 61 | get_prop(gpuservice, bpf_progs_loaded_prop) |
| 62 | |
| Peiyong Lin | 7924dc6 | 2018-11-01 13:47:51 -0700 | [diff] [blame] | 63 | add_service(gpuservice, gpu_service) |
| 64 | |
| 65 | # Only uncomment below line when in development |
| 66 | # userdebug_or_eng(`permissive gpuservice;') |