| Peiyong Lin | 7924dc6 | 2018-11-01 13:47:51 -0700 | [diff] [blame] | 1 | # gpu service |
| 2 | type gpuservice, domain, coredomain; |
| 3 | type gpuservice_exec, system_file_type, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(gpuservice) |
| 6 | |
| 7 | binder_call(gpuservice, adbd) |
| 8 | binder_call(gpuservice, shell) |
| 9 | binder_use(gpuservice) |
| 10 | |
| 11 | # Access the GPU. |
| 12 | allow gpuservice gpu_device:chr_file rw_file_perms; |
| 13 | |
| 14 | # GPU service will need to load GPU driver, for example Vulkan driver in order |
| 15 | # to get the capability of the driver. |
| 16 | allow gpuservice same_process_hal_file:file { open read getattr execute map }; |
| 17 | allow gpuservice ion_device:chr_file r_file_perms; |
| 18 | get_prop(gpuservice, hwservicemanager_prop) |
| 19 | hwbinder_use(gpuservice) |
| 20 | |
| 21 | # Access /dev/graphics/fb0. |
| 22 | allow gpuservice graphics_device:dir search; |
| 23 | allow gpuservice graphics_device:chr_file rw_file_perms; |
| 24 | |
| 25 | # Use socket supplied by adbd, for cmd gpu vkjson etc. |
| 26 | allow gpuservice adbd:unix_stream_socket { read write getattr }; |
| 27 | |
| 28 | add_service(gpuservice, gpu_service) |
| 29 | |
| 30 | # Only uncomment below line when in development |
| 31 | # userdebug_or_eng(`permissive gpuservice;') |