From 132ad09bcedd5fecc9729b23743a53db75d91f92 Mon Sep 17 00:00:00 2001
From: timmyli <timmyli@google.com>
Date: Wed, 6 Nov 2024 08:03:47 +0000
Subject: [PATCH] Add more access for GCA to edgetpu

Bug: 361092857
Test: manual test to check permissions
Flag: EXEMPT add permissions

11-06 03:01:49.736   719   719 W binder:719_3: type=1400 audit(0.0:710): avc:  denied  { read write } for  path="/dev/edgetpu-soc" dev="tmpfs" ino=1542 scontext=u:r:google_camera_app:s0:c155,c256,c512,c768 tcontext=u:object_r:edgetpu_device:s0 tclass=chr_file permissive=0

Change-Id: I2ef4ac39645179fe2a2ec1d7aeac928a43a01a61
---
 gcam_app/sepolicy/vendor/google_camera_app.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gcam_app/sepolicy/vendor/google_camera_app.te b/gcam_app/sepolicy/vendor/google_camera_app.te
index 3f5a0ec..76f0811 100644
--- a/gcam_app/sepolicy/vendor/google_camera_app.te
+++ b/gcam_app/sepolicy/vendor/google_camera_app.te
@@ -6,7 +6,7 @@ get_prop(google_camera_app, vendor_gxp_prop)
 
 # Allows GCA to find and access the EdgeTPU.
 allow google_camera_app edgetpu_app_service:service_manager find;
-allow google_camera_app edgetpu_device:chr_file { ioctl };
+allow google_camera_app edgetpu_device:chr_file rw_file_perms;
 
 # Allows GCA to access the hw_jpeg /dev/video12.
 #allow google_camera_app hw_jpg_device:chr_file rw_file_perms;