From 73bdbd9811dc2950c05bcc18f200326c4e5d6714 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Tue, 1 Sep 2015 10:29:11 -0400
Subject: [PATCH] auditallow gpu_device execute access

This permission appears to be unnecessary on some (most?) devices such
as the Nexus 5. It should be moved to the device policy if it's truly
required by the driver.

Change-Id: I531dc82ba9030b805db2b596e145be2afb324492
---
 app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app.te b/app.te
index 583495eab..9431fd1df 100644
--- a/app.te
+++ b/app.te
@@ -108,6 +108,7 @@ allow appdomain qtaguid_device:chr_file r_file_perms;
 # Grant GPU access to all processes started by Zygote.
 # They need that to render the standard UI.
 allow { appdomain -isolated_app } gpu_device:chr_file { rw_file_perms execute };
+auditallow { appdomain -isolated_app } gpu_device:chr_file execute;
 
 # Use the Binder.
 binder_use(appdomain)
-- 
GitLab