Merge "Restrict ioctl access for appdomain to gpu_device" into main
This commit is contained in:
Liz Prucka
Android (Google) Code Review
commit
d20b253d18
3 changed files with 166 additions and 0 deletions
10
vendor/gpu.te
vendored
Normal file
10
vendor/gpu.te
vendored
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# Policy to enable only production gpu ioctls.
|
||||
is_flag_enabled(RELEASE_PIXEL_MALI_SEPOLICY_ENABLED, `
|
||||
# Allow gpu ioctls used in production.
|
||||
allowxperm appdomain gpu_device:chr_file ioctl { unpriv_gpu_ioctls instrumentation_gpu_ioctls };
|
||||
# Audit gpu ioctl commands which have been deprecated,
|
||||
# or are intended for development of the GPU.
|
||||
auditallow appdomain gpu_device:chr_file ioctl;
|
||||
allowxperm appdomain gpu_device:chr_file ioctl { debug_gpu_ioctls deprecated_gpu_ioctls };
|
||||
auditallowxperm appdomain gpu_device:chr_file ioctl { debug_gpu_ioctls deprecated_gpu_ioctls };
|
||||
')
|
||||
73
vendor/ioctl_defines
vendored
Normal file
73
vendor/ioctl_defines
vendored
Normal file
|
|
@ -0,0 +1,73 @@
|
|||
define(`KBASE_IOCTL_VERSION_CHECK_JM', `0x8000')
|
||||
define(`KBASE_IOCTL_SET_FLAGS', `0x8001')
|
||||
define(`KBASE_IOCTL_JOB_SUBMIT', `0x8002')
|
||||
define(`KBASE_IOCTL_GET_GPUPROPS', `0x8003')
|
||||
define(`KBASE_IOCTL_POST_TERM', `0x8004')
|
||||
define(`KBASE_IOCTL_MEM_ALLOC', `0x8005')
|
||||
define(`KBASE_IOCTL_MEM_QUERY', `0x8006')
|
||||
define(`KBASE_IOCTL_MEM_FREE', `0x8007')
|
||||
define(`KBASE_IOCTL_HWCNT_READER_SETUP', `0x8008')
|
||||
define(`KBASE_IOCTL_DISJOINT_QUERY', `0x800c')
|
||||
define(`KBASE_IOCTL_GET_DDK_VERSION', `0x800d')
|
||||
define(`KBASE_IOCTL_MEM_JIT_INIT', `0x800e')
|
||||
define(`KBASE_IOCTL_MEM_SYNC', `0x800f')
|
||||
define(`KBASE_IOCTL_MEM_FIND_CPU_OFFSET', `0x8010')
|
||||
define(`KBASE_IOCTL_GET_CONTEXT_ID', `0x8011')
|
||||
define(`KBASE_IOCTL_TLSTREAM_ACQUIRE', `0x8012')
|
||||
define(`KBASE_IOCTL_TLSTREAM_FLUSH', `0x8013')
|
||||
define(`KBASE_IOCTL_MEM_COMMIT', `0x8014')
|
||||
define(`KBASE_IOCTL_MEM_ALIAS', `0x8015')
|
||||
define(`KBASE_IOCTL_MEM_IMPORT', `0x8016')
|
||||
define(`KBASE_IOCTL_MEM_FLAGS_CHANGE', `0x8017')
|
||||
define(`KBASE_IOCTL_STREAM_CREATE', `0x8018')
|
||||
define(`KBASE_IOCTL_FENCE_VALIDATE', `0x8019')
|
||||
define(`KBASE_IOCTL_MEM_PROFILE_ADD', `0x801b')
|
||||
define(`KBASE_IOCTL_SOFT_EVENT_UPDATE', `0x801c')
|
||||
define(`KBASE_IOCTL_STICKY_RESOURCE_MAP', `0x801d')
|
||||
define(`KBASE_IOCTL_STICKY_RESOURCE_UNMAP', `0x801e')
|
||||
define(`KBASE_IOCTL_MEM_FIND_GPU_START_AND_OFFSET', `0x801f')
|
||||
define(`KBASE_IOCTL_HWCNT_SET', `0x8020')
|
||||
define(`KBASE_IOCTL_CINSTR_GWT_START', `0x8021')
|
||||
define(`KBASE_IOCTL_CINSTR_GWT_STOP', `0x8022')
|
||||
define(`KBASE_IOCTL_CINSTR_GWT_DUMP', `0x8023')
|
||||
define(`KBASE_IOCTL_CS_QUEUE_REGISTER', `0x8024')
|
||||
define(`KBASE_IOCTL_CS_QUEUE_KICK', `0x8025')
|
||||
define(`KBASE_IOCTL_MEM_EXEC_INIT', `0x8026')
|
||||
define(`KBASE_IOCTL_CS_QUEUE_BIND', `0x8027')
|
||||
define(`KBASE_IOCTL_CS_QUEUE_REGISTER_EX', `0x8028')
|
||||
define(`KBASE_IOCTL_CS_QUEUE_TERMINATE', `0x8029')
|
||||
define(`KBASE_IOCTL_CS_QUEUE_GROUP_CREATE_1_6', `0x802a')
|
||||
define(`KBASE_IOCTL_CS_QUEUE_GROUP_TERMINATE', `0x802b')
|
||||
define(`KBASE_IOCTL_CS_EVENT_SIGNAL', `0x802c')
|
||||
define(`KBASE_IOCTL_KCPU_QUEUE_CREATE', `0x802d')
|
||||
define(`KBASE_IOCTL_KCPU_QUEUE_DELETE', `0x802e')
|
||||
define(`KBASE_IOCTL_KCPU_QUEUE_ENQUEUE', `0x802f')
|
||||
define(`KBASE_IOCTL_CS_TILER_HEAP_INIT', `0x8030')
|
||||
define(`KBASE_IOCTL_CS_TILER_HEAP_TERM', `0x8031')
|
||||
define(`KBASE_IOCTL_GET_CPU_GPU_TIMEINFO', `0x8032')
|
||||
define(`KBASE_IOCTL_CS_GET_GLB_IFACE', `0x8033')
|
||||
define(`KBASE_IOCTL_VERSION_CHECK_CSF', `0x8034')
|
||||
define(`KBASE_IOCTL_CS_CPU_QUEUE_DUMP', `0x8035')
|
||||
define(`KBASE_IOCTL_CONTEXT_PRIORITY_CHECK', `0x8036')
|
||||
define(`KBASE_IOCTL_SET_LIMITED_CORE_COUNT', `0x8037')
|
||||
define(`KBASE_IOCTL_KINSTR_PRFCNT_ENUM_INFO', `0x8038')
|
||||
define(`KBASE_IOCTL_KINSTR_PRFCNT_SETUP', `0x8039')
|
||||
define(`KBASE_IOCTL_CS_QUEUE_GROUP_CREATE', `0x803a')
|
||||
define(`KBASE_IOCTL_MEM_ALLOC_EX', `0x803b')
|
||||
define(`KBASE_IOCTL_READ_USER_PAGE', `0x803c')
|
||||
define(`KBASE_IOCTL_QUEUE_GROUP_CLEAR_FAULTS', `0x803d')
|
||||
define(`KBASE_IOCTL_APC_REQUEST', `0x8042')
|
||||
define(`KBASE_IOCTL_BUFFER_LIVENESS_UPDATE', `0x8043')
|
||||
define(`KBASE_HWCNT_READER_GET_HWVER', `0xBE00')
|
||||
define(`KBASE_HWCNT_READER_GET_BUFFER_SIZE', `0xBE01')
|
||||
define(`KBASE_HWCNT_READER_DUMP', `0xBE10')
|
||||
define(`KBASE_HWCNT_READER_CLEAR', `0xBE11')
|
||||
define(`KBASE_HWCNT_READER_GET_BUFFER', `0xBE20')
|
||||
define(`KBASE_HWCNT_READER_PUT_BUFFER', `0xBE21')
|
||||
define(`KBASE_HWCNT_READER_SET_INTERVAL', `0xBE30')
|
||||
define(`KBASE_HWCNT_READER_ENABLE_EVENT', `0xBE40')
|
||||
define(`KBASE_HWCNT_READER_DISABLE_EVENT', `0xBE41')
|
||||
define(`KBASE_HWCNT_READER_GET_API_VERSION', `0xBEFF')
|
||||
define(`KBASE_IOCTL_KINSTR_PRFCNT_CMD', `0xBF00')
|
||||
define(`KBASE_IOCTL_KINSTR_PRFCNT_GET_SAMPLE', `0xBF01')
|
||||
define(`KBASE_IOCTL_KINSTR_PRFCNT_PUT_SAMPLE', `0xBF10')
|
||||
83
vendor/ioctl_macros
vendored
Normal file
83
vendor/ioctl_macros
vendored
Normal file
|
|
@ -0,0 +1,83 @@
|
|||
define(`unpriv_gpu_ioctls', `{
|
||||
KBASE_IOCTL_VERSION_CHECK_JM
|
||||
KBASE_IOCTL_SET_FLAGS
|
||||
KBASE_IOCTL_JOB_SUBMIT
|
||||
KBASE_IOCTL_GET_GPUPROPS
|
||||
KBASE_IOCTL_POST_TERM
|
||||
KBASE_IOCTL_MEM_ALLOC
|
||||
KBASE_IOCTL_MEM_QUERY
|
||||
KBASE_IOCTL_MEM_FREE
|
||||
KBASE_IOCTL_DISJOINT_QUERY
|
||||
KBASE_IOCTL_GET_DDK_VERSION
|
||||
KBASE_IOCTL_MEM_JIT_INIT
|
||||
KBASE_IOCTL_MEM_SYNC
|
||||
KBASE_IOCTL_MEM_FIND_CPU_OFFSET
|
||||
KBASE_IOCTL_GET_CONTEXT_ID
|
||||
KBASE_IOCTL_MEM_COMMIT
|
||||
KBASE_IOCTL_MEM_ALIAS
|
||||
KBASE_IOCTL_MEM_IMPORT
|
||||
KBASE_IOCTL_MEM_FLAGS_CHANGE
|
||||
KBASE_IOCTL_STREAM_CREATE
|
||||
KBASE_IOCTL_FENCE_VALIDATE
|
||||
KBASE_IOCTL_MEM_PROFILE_ADD
|
||||
KBASE_IOCTL_SOFT_EVENT_UPDATE
|
||||
KBASE_IOCTL_STICKY_RESOURCE_MAP
|
||||
KBASE_IOCTL_STICKY_RESOURCE_UNMAP
|
||||
KBASE_IOCTL_MEM_FIND_GPU_START_AND_OFFSET
|
||||
KBASE_IOCTL_CS_QUEUE_REGISTER
|
||||
KBASE_IOCTL_CS_QUEUE_KICK
|
||||
KBASE_IOCTL_MEM_EXEC_INIT
|
||||
KBASE_IOCTL_CS_QUEUE_BIND
|
||||
KBASE_IOCTL_CS_QUEUE_REGISTER_EX
|
||||
KBASE_IOCTL_CS_QUEUE_TERMINATE
|
||||
KBASE_IOCTL_CS_QUEUE_GROUP_TERMINATE
|
||||
KBASE_IOCTL_CS_EVENT_SIGNAL
|
||||
KBASE_IOCTL_KCPU_QUEUE_CREATE
|
||||
KBASE_IOCTL_KCPU_QUEUE_DELETE
|
||||
KBASE_IOCTL_KCPU_QUEUE_ENQUEUE
|
||||
KBASE_IOCTL_CS_TILER_HEAP_INIT
|
||||
KBASE_IOCTL_CS_TILER_HEAP_TERM
|
||||
KBASE_IOCTL_GET_CPU_GPU_TIMEINFO
|
||||
KBASE_IOCTL_CS_GET_GLB_IFACE
|
||||
KBASE_IOCTL_VERSION_CHECK_CSF
|
||||
KBASE_IOCTL_CS_CPU_QUEUE_DUMP
|
||||
KBASE_IOCTL_CONTEXT_PRIORITY_CHECK
|
||||
KBASE_IOCTL_SET_LIMITED_CORE_COUNT
|
||||
KBASE_IOCTL_CS_QUEUE_GROUP_CREATE
|
||||
KBASE_IOCTL_MEM_ALLOC_EX
|
||||
KBASE_IOCTL_READ_USER_PAGE
|
||||
KBASE_IOCTL_QUEUE_GROUP_CLEAR_FAULTS
|
||||
KBASE_IOCTL_APC_REQUEST
|
||||
KBASE_IOCTL_BUFFER_LIVENESS_UPDATE
|
||||
}')
|
||||
|
||||
define(`instrumentation_gpu_ioctls', `{
|
||||
KBASE_IOCTL_KINSTR_PRFCNT_ENUM_INFO
|
||||
KBASE_IOCTL_KINSTR_PRFCNT_SETUP
|
||||
KBASE_IOCTL_TLSTREAM_ACQUIRE
|
||||
KBASE_IOCTL_TLSTREAM_FLUSH
|
||||
KBASE_IOCTL_KINSTR_PRFCNT_CMD
|
||||
KBASE_IOCTL_KINSTR_PRFCNT_GET_SAMPLE
|
||||
KBASE_IOCTL_KINSTR_PRFCNT_PUT_SAMPLE
|
||||
}')
|
||||
|
||||
define(`debug_gpu_ioctls', `{
|
||||
KBASE_IOCTL_HWCNT_SET
|
||||
KBASE_IOCTL_CINSTR_GWT_START
|
||||
KBASE_IOCTL_CINSTR_GWT_STOP
|
||||
KBASE_IOCTL_CINSTR_GWT_DUMP
|
||||
}')
|
||||
|
||||
define(`deprecated_gpu_ioctls', `{
|
||||
KBASE_HWCNT_READER_GET_HWVER
|
||||
KBASE_HWCNT_READER_GET_BUFFER_SIZE
|
||||
KBASE_HWCNT_READER_DUMP
|
||||
KBASE_HWCNT_READER_CLEAR
|
||||
KBASE_HWCNT_READER_GET_BUFFER
|
||||
KBASE_HWCNT_READER_PUT_BUFFER
|
||||
KBASE_HWCNT_READER_SET_INTERVAL
|
||||
KBASE_HWCNT_READER_ENABLE_EVENT
|
||||
KBASE_HWCNT_READER_DISABLE_EVENT
|
||||
KBASE_HWCNT_READER_GET_API_VERSION
|
||||
KBASE_IOCTL_CS_QUEUE_GROUP_CREATE_1_6
|
||||
}')
|
||||
Loading…
Add table
Add a link
Reference in a new issue