Add fifo_file read access to enable gpuservice within device cts am: 4105da26f9 Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2966382 Change-Id: I71db3ebeccff51145f667a2315cc536df058d345 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: db14b179d249fdbcb828e4b766e556a9e42fe8e5 [log] [tgz]
author: Trevor David Black <vantablack@google.com> Fri Feb 16 05:32:10 2024 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Fri Feb 16 05:32:10 2024 +0000
tree: 2aaa2998df9ab5d31729799fe32ac00f6ca86480
parent: f5b07ca2a3178ac2acced93b88ccefbf4666b5f7 [diff]
parent: 4105da26f9cf3ea9b30e9351088a0ce2a378fde0 [diff]
diff --git a/private/gpuservice.te b/private/gpuservice.te
index 297a876..5638543 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te

@@ -25,15 +25,14 @@
 allow gpuservice graphics_device:dir search;
 allow gpuservice graphics_device:chr_file rw_file_perms;
 
-# Needed for dumpsys pipes.
-allow gpuservice shell:fifo_file write;
+# Allow shell access
+allow gpuservice adbd:fd use;
+allow gpuservice adbd:unix_stream_socket { getattr read write };
+allow gpuservice shell:fifo_file { getattr read write };
 
 # Needed for perfetto producer.
 perfetto_producer(gpuservice)
 
-# Use socket supplied by adbd, for cmd gpu vkjson etc.
-allow gpuservice adbd:unix_stream_socket { read write getattr };
-
 # Needed for interactive shell
 allow gpuservice devpts:chr_file { read write getattr };
commit	db14b179d249fdbcb828e4b766e556a9e42fe8e5	[log] [tgz]
author	Trevor David Black <vantablack@google.com>	Fri Feb 16 05:32:10 2024 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Fri Feb 16 05:32:10 2024 +0000
tree	2aaa2998df9ab5d31729799fe32ac00f6ca86480
parent	f5b07ca2a3178ac2acced93b88ccefbf4666b5f7 [diff]
parent	4105da26f9cf3ea9b30e9351088a0ce2a378fde0 [diff]