1# gpuservice - server for gpu stats and other gpu related services 2typeattribute gpuservice coredomain; 3type gpuservice_exec, system_file_type, exec_type, file_type; 4 5init_daemon_domain(gpuservice) 6 7binder_call(gpuservice, adbd) 8binder_call(gpuservice, shell) 9binder_call(gpuservice, system_server) 10binder_use(gpuservice) 11 12# Access the GPU. 13allow gpuservice gpu_device:chr_file rw_file_perms; 14 15# GPU service will need to load GPU driver, for example Vulkan driver in order 16# to get the capability of the driver. 17allow gpuservice same_process_hal_file:file { open read getattr execute map }; 18allow gpuservice ion_device:chr_file r_file_perms; 19get_prop(gpuservice, hwservicemanager_prop) 20hwbinder_use(gpuservice) 21 22# Access /dev/graphics/fb0. 23allow gpuservice graphics_device:dir search; 24allow gpuservice graphics_device:chr_file rw_file_perms; 25 26# Needed for dumpsys pipes. 27allow gpuservice shell:fifo_file write; 28 29# Needed for perfetto producer. 30perfetto_producer(gpuservice) 31 32# Use socket supplied by adbd, for cmd gpu vkjson etc. 33allow gpuservice adbd:unix_stream_socket { read write getattr }; 34 35# Needed for interactive shell 36allow gpuservice devpts:chr_file { read write getattr }; 37 38# Needed for dumpstate to dumpsys gpu. 39allow gpuservice dumpstate:fd use; 40allow gpuservice dumpstate:fifo_file write; 41 42# Needed for stats callback registration to statsd. 43allow gpuservice stats_service:service_manager find; 44allow gpuservice statsmanager_service:service_manager find; 45# TODO(b/146461633): remove this once native pullers talk to StatsManagerService 46binder_call(gpuservice, statsd); 47 48# Needed for reading tracepoint ids in order to attach bpf programs. 49allow gpuservice debugfs_tracing:file r_file_perms; 50allow gpuservice self:perf_event { cpu kernel open write }; 51neverallow gpuservice self:perf_event ~{ cpu kernel open write }; 52 53# Needed for interact with bpf fs. 54allow gpuservice fs_bpf:dir search; 55allow gpuservice fs_bpf:file read; 56 57# Needed for enable the bpf program and read the map. 58allow gpuservice bpfloader:bpf { map_read prog_run }; 59 60# Needed for getting a prop to ensure bpf programs loaded. 61get_prop(gpuservice, bpf_progs_loaded_prop) 62 63add_service(gpuservice, gpu_service) 64 65# Only uncomment below line when in development 66# userdebug_or_eng(`permissive gpuservice;') 67