gpu: add SELinux policies for GPU probe.

Adds SELinux policies for gpu_probe service. These allow us to upload events to Perfetto. gpu_probe is an untrusted producer in Perfetto model, in same manner as traced_probes. Bug: 267669418 Test: see events produced when designating perfetto config. Change-Id: Id122870b14000288fc3c26aa3c49348a8f7322df
2023-03-22 22:03:49 +00:00 · 2023-03-22 22:03:49 +00:00 · 148a9232e1
commit 148a9232e1
parent 1d0f49363e
3 changed files with 12 additions and 0 deletions
--- a/gpu/gpu.mk
+++ b/gpu/gpu.mk
@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gpu/sepolicy
+
+PRODUCT_PACKAGES += gpu_probe
--- a/gpu/sepolicy/file_contexts
+++ b/gpu/sepolicy/file_contexts
@ -0,0 +1 @@
+/vendor/bin/gpu_probe           u:object_r:gpu_probe_exec:s0
--- a/gpu/sepolicy/gpu_probe.te
+++ b/gpu/sepolicy/gpu_probe.te
@ -0,0 +1,8 @@
+# gpu_probe
+type gpu_probe_exec, exec_type, vendor_file_type, file_type;
+type gpu_probe, domain;
+
+init_daemon_domain(gpu_probe)
+allow gpu_probe gpu_device:chr_file rw_file_perms;
+
+perfetto_producer(gpu_probe)
				`@ -0,0 +1 @@`
				`/vendor/bin/gpu_probe u:object_r:gpu_probe_exec:s0`