1*e4a36f41SAndroid Build Coastguard Worker# gpuservice - server for gpu stats and other gpu related services 2*e4a36f41SAndroid Build Coastguard Workertypeattribute gpuservice coredomain; 3*e4a36f41SAndroid Build Coastguard Workertypeattribute gpuservice bpfdomain; 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Workertype gpuservice_exec, system_file_type, exec_type, file_type; 6*e4a36f41SAndroid Build Coastguard Worker 7*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(gpuservice) 8*e4a36f41SAndroid Build Coastguard Worker 9*e4a36f41SAndroid Build Coastguard Workerbinder_call(gpuservice, adbd) 10*e4a36f41SAndroid Build Coastguard Workerbinder_call(gpuservice, shell) 11*e4a36f41SAndroid Build Coastguard Workerbinder_call(gpuservice, system_server) 12*e4a36f41SAndroid Build Coastguard Workerbinder_use(gpuservice) 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# Access the GPU. 15*e4a36f41SAndroid Build Coastguard Workerallow gpuservice gpu_device:chr_file rw_file_perms; 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Worker# GPU service will need to load GPU driver, for example Vulkan driver in order 18*e4a36f41SAndroid Build Coastguard Worker# to get the capability of the driver. 19*e4a36f41SAndroid Build Coastguard Workerallow gpuservice same_process_hal_file:file { open read getattr execute map }; 20*e4a36f41SAndroid Build Coastguard Workerallow gpuservice ion_device:chr_file r_file_perms; 21*e4a36f41SAndroid Build Coastguard Workerget_prop(gpuservice, hwservicemanager_prop) 22*e4a36f41SAndroid Build Coastguard Workerhwbinder_use(gpuservice) 23*e4a36f41SAndroid Build Coastguard Worker 24*e4a36f41SAndroid Build Coastguard Worker# Access /dev/graphics/fb0. 25*e4a36f41SAndroid Build Coastguard Workerallow gpuservice graphics_device:dir search; 26*e4a36f41SAndroid Build Coastguard Workerallow gpuservice graphics_device:chr_file rw_file_perms; 27*e4a36f41SAndroid Build Coastguard Worker 28*e4a36f41SAndroid Build Coastguard Worker# Needed for dumpsys pipes. 29*e4a36f41SAndroid Build Coastguard Workerallow gpuservice shell:fifo_file write; 30*e4a36f41SAndroid Build Coastguard Worker 31*e4a36f41SAndroid Build Coastguard Worker# Needed for perfetto producer. 32*e4a36f41SAndroid Build Coastguard Workerperfetto_producer(gpuservice) 33*e4a36f41SAndroid Build Coastguard Worker 34*e4a36f41SAndroid Build Coastguard Worker# Use socket supplied by adbd, for cmd gpu vkjson etc. 35*e4a36f41SAndroid Build Coastguard Workerallow gpuservice adbd:unix_stream_socket { read write getattr }; 36*e4a36f41SAndroid Build Coastguard Worker 37*e4a36f41SAndroid Build Coastguard Worker# Needed for interactive shell 38*e4a36f41SAndroid Build Coastguard Workerallow gpuservice devpts:chr_file { read write getattr }; 39*e4a36f41SAndroid Build Coastguard Worker 40*e4a36f41SAndroid Build Coastguard Worker# Needed for dumpstate to dumpsys gpu. 41*e4a36f41SAndroid Build Coastguard Workerallow gpuservice dumpstate:fd use; 42*e4a36f41SAndroid Build Coastguard Workerallow gpuservice dumpstate:fifo_file write; 43*e4a36f41SAndroid Build Coastguard Worker 44*e4a36f41SAndroid Build Coastguard Worker# Needed for stats callback registration to statsd. 45*e4a36f41SAndroid Build Coastguard Workerallow gpuservice stats_service:service_manager find; 46*e4a36f41SAndroid Build Coastguard Workerallow gpuservice statsmanager_service:service_manager find; 47*e4a36f41SAndroid Build Coastguard Worker# TODO(b/146461633): remove this once native pullers talk to StatsManagerService 48*e4a36f41SAndroid Build Coastguard Workerbinder_call(gpuservice, statsd); 49*e4a36f41SAndroid Build Coastguard Worker 50*e4a36f41SAndroid Build Coastguard Worker# Needed for reading tracepoint ids in order to attach bpf programs. 51*e4a36f41SAndroid Build Coastguard Workerallow gpuservice debugfs_tracing:file r_file_perms; 52*e4a36f41SAndroid Build Coastguard Workerallow gpuservice self:perf_event { cpu kernel open write }; 53*e4a36f41SAndroid Build Coastguard Workerneverallow gpuservice self:perf_event ~{ cpu kernel open write }; 54*e4a36f41SAndroid Build Coastguard Worker 55*e4a36f41SAndroid Build Coastguard Worker# Needed for interact with bpf fs. 56*e4a36f41SAndroid Build Coastguard Worker# Write is needed to open read/write bpf maps. 57*e4a36f41SAndroid Build Coastguard Workerallow gpuservice fs_bpf:file { read write }; 58*e4a36f41SAndroid Build Coastguard Worker 59*e4a36f41SAndroid Build Coastguard Worker# Needed for enabling bpf programs and accessing bpf maps (read-only and read/write). 60*e4a36f41SAndroid Build Coastguard Workerallow gpuservice bpfloader:bpf { map_read map_write prog_run }; 61*e4a36f41SAndroid Build Coastguard Worker 62*e4a36f41SAndroid Build Coastguard Workeradd_service(gpuservice, gpu_service) 63*e4a36f41SAndroid Build Coastguard Worker 64*e4a36f41SAndroid Build Coastguard Worker# Needed for enabling write access to persist.graphics.egl from developer option switch UI, through gpuservice. 65*e4a36f41SAndroid Build Coastguard Workerset_prop(gpuservice, graphics_config_writable_prop) 66*e4a36f41SAndroid Build Coastguard Worker 67*e4a36f41SAndroid Build Coastguard Workerneverallow { domain -init -vendor_init -gpuservice } graphics_config_writable_prop:property_service set; 68*e4a36f41SAndroid Build Coastguard Worker 69*e4a36f41SAndroid Build Coastguard Worker# Needed for querying permission 70*e4a36f41SAndroid Build Coastguard Workerallow gpuservice permission_service:service_manager find; 71*e4a36f41SAndroid Build Coastguard Worker 72*e4a36f41SAndroid Build Coastguard Worker# Only uncomment below line when in development 73*e4a36f41SAndroid Build Coastguard Worker# userdebug_or_eng(`permissive gpuservice;') 74