Snap for 9280350 from 0c06f971e0 to udc-release

Change-Id: I8eca944524f420515a5f995f063d2f9eed67a94f
2022-11-11 02:07:40 +00:00 · 2022-11-11 02:07:40 +00:00 · 29ab24e6e5
commit 29ab24e6e5
parent 43cd6abcfe 0c06f971e0
20 changed files with 307 additions and 0 deletions
--- a/edgetpu/edgetpu.mk
+++ b/edgetpu/edgetpu.mk
@ -0,0 +1,23 @@
+# TPU logging service
+PRODUCT_PACKAGES += \
+	android.hardware.edgetpu.logging@service-edgetpu-logging
+# TPU NN AIDL HAL
+PRODUCT_PACKAGES += \
+	android.hardware.neuralnetworks@service-darwinn-aidl
+# TPU application service
+PRODUCT_PACKAGES += \
+	vendor.google.edgetpu_app_service@1.0-service
+# TPU vendor service
+PRODUCT_PACKAGES += \
+	vendor.google.edgetpu_vendor_service@1.0-service
+# TPU HAL client library
+PRODUCT_PACKAGES += \
+	libedgetpu_client.google
+# TPU metrics logger library
+PRODUCT_PACKAGES += \
+	libmetrics_logger
+# TPU TFlite Delegate
+PRODUCT_PACKAGES += \
+        libedgetpu_util
+
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/edgetpu/sepolicy
--- a/edgetpu/sepolicy/device.te
+++ b/edgetpu/sepolicy/device.te
@ -0,0 +1,2 @@
+# EdgeTPU device (DarwiNN)
+type edgetpu_device, dev_type, mlstrustedobject;
--- a/edgetpu/sepolicy/edgetpu_app_service.te
+++ b/edgetpu/sepolicy/edgetpu_app_service.te
@ -0,0 +1,38 @@
+# EdgeTPU app server process which runs the EdgeTPU binder service.
+type edgetpu_app_server, coredomain, domain;
+type edgetpu_app_server_exec, exec_type, system_file_type, file_type;
+init_daemon_domain(edgetpu_app_server)
+
+# The server will use binder calls.
+binder_use(edgetpu_app_server);
+
+# The server will serve a binder service.
+binder_service(edgetpu_app_server);
+
+# EdgeTPU server to register the service to service_manager.
+add_service(edgetpu_app_server, edgetpu_app_service);
+
+# EdgeTPU service needs to access /dev/abrolhos.
+allow edgetpu_app_server edgetpu_device:chr_file rw_file_perms;
+allow edgetpu_app_server sysfs_edgetpu:dir r_dir_perms;
+allow edgetpu_app_server sysfs_edgetpu:file rw_file_perms;
+
+# Applications are not allowed to open the EdgeTPU device directly.
+neverallow appdomain edgetpu_device:chr_file { open };
+
+# Allow EdgeTPU service to access the Package Manager service.
+allow edgetpu_app_server package_native_service:service_manager find;
+binder_call(edgetpu_app_server, system_server);
+
+# Allow EdgeTPU service to read EdgeTPU service related system properties.
+get_prop(edgetpu_app_server, vendor_edgetpu_service_prop);
+
+# Allow EdgeTPU service to generate Perfetto traces.
+perfetto_producer(edgetpu_app_server);
+
+# Allow EdgeTPU service to connect to the EdgeTPU vendor version of the service.
+allow edgetpu_app_server edgetpu_vendor_service:service_manager find;
+binder_call(edgetpu_app_server, edgetpu_vendor_server);
+
+# Allow EdgeTPU service to log to stats service. (metrics)
+allow edgetpu_app_server fwk_stats_service:service_manager find;
--- a/edgetpu/sepolicy/edgetpu_logging.te
+++ b/edgetpu/sepolicy/edgetpu_logging.te
@ -0,0 +1,15 @@
+type edgetpu_logging, domain;
+type edgetpu_logging_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(edgetpu_logging)
+
+# The logging service accesses /dev/<edgetpu device>
+allow edgetpu_logging edgetpu_device:chr_file rw_file_perms;
+
+# Allows the logging service to access /sys/class/edgetpu
+allow edgetpu_logging sysfs_edgetpu:dir search;
+allow edgetpu_logging sysfs_edgetpu:file rw_file_perms;
+
+# Allow TPU logging service to log to stats service. (metrics)
+allow edgetpu_logging fwk_stats_service:service_manager find;
+binder_call(edgetpu_logging, system_server);
+binder_use(edgetpu_logging)
--- a/edgetpu/sepolicy/edgetpu_vendor_server.te
+++ b/edgetpu/sepolicy/edgetpu_vendor_server.te
@ -0,0 +1,31 @@
+# EdgeTPU vendor service.
+type edgetpu_vendor_server, domain;
+type edgetpu_vendor_server_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(edgetpu_vendor_server)
+
+# The vendor service will use binder calls.
+binder_use(edgetpu_vendor_server);
+
+# The vendor service will serve a binder service.
+binder_service(edgetpu_vendor_server);
+
+# EdgeTPU vendor service to register the service to service_manager.
+add_service(edgetpu_vendor_server, edgetpu_vendor_service);
+
+# Allow communications between other vendor services.
+allow edgetpu_vendor_server vndbinder_device:chr_file { read write open ioctl map };
+
+# Allow EdgeTPU vendor service to access its data files.
+allow edgetpu_vendor_server edgetpu_vendor_service_data_file:file create_file_perms;
+allow edgetpu_vendor_server edgetpu_vendor_service_data_file:dir create_dir_perms;
+
+# Allow EdgeTPU vendor service to access Android shared memory allocated
+# by the camera hal for on-device compilation.
+allow edgetpu_vendor_server hal_camera_default:fd use;
+
+# Allow EdgeTPU vendor service to read the kernel version.
+# This is done inside the InitGoogle.
+allow edgetpu_vendor_server proc_version:file r_file_perms;
+
+# Allow EdgeTPU vendor service to read the overcommit_memory info.
+allow edgetpu_vendor_server proc_overcommit_memory:file r_file_perms;
--- a/edgetpu/sepolicy/file.te
+++ b/edgetpu/sepolicy/file.te
@ -0,0 +1,8 @@
+# EdgeTPU sysfs
+type sysfs_edgetpu, sysfs_type, fs_type;
+
+# EdgeTPU hal data file
+type hal_neuralnetworks_darwinn_data_file, file_type, data_file_type;
+
+# EdgeTPU vendor service data file
+type edgetpu_vendor_service_data_file, file_type, data_file_type;
--- a/edgetpu/sepolicy/file_contexts
+++ b/edgetpu/sepolicy/file_contexts
@ -0,0 +1,24 @@
+# EdgeTPU logging service
+/vendor/bin/hw/android\.hardware\.edgetpu\.logging@service-edgetpu-logging u:object_r:edgetpu_logging_exec:s0
+
+# NeuralNetworks file contexts
+/vendor/bin/hw/android\.hardware\.neuralnetworks@service-darwinn-aidl      u:object_r:hal_neuralnetworks_darwinn_exec:s0
+
+# EdgeTPU service binaries and libraries
+/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service        u:object_r:edgetpu_app_server_exec:s0
+
+# EdgeTPU vendor service
+/vendor/bin/hw/vendor\.google\.edgetpu_vendor_service@1\.0-service         u:object_r:edgetpu_vendor_server_exec:s0
+
+# EdgeTPU metrics logging service.
+/vendor/lib64/libedgetpu_client\.google\.so                                u:object_r:same_process_hal_file:s0
+/vendor/lib64/libmetrics_logger\.so                                        u:object_r:same_process_hal_file:s0
+/vendor/lib64/libedgetpu_util\.so                                          u:object_r:same_process_hal_file:s0
+# EdgeTPU runtime libraries
+/vendor/lib64/com\.google\.edgetpu_app_service-V[1-2]-ndk\.so              u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so           u:object_r:same_process_hal_file:s0
+
+# EdgeTPU data files
+/data/vendor/hal_neuralnetworks_darwinn(/.*)?                              u:object_r:hal_neuralnetworks_darwinn_data_file:s0
+/data/vendor/edgetpu(/.*)?                                                 u:object_r:edgetpu_vendor_service_data_file:s0
+
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@ -0,0 +1,53 @@
+type hal_neuralnetworks_darwinn, domain;
+hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks)
+
+type hal_neuralnetworks_darwinn_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_neuralnetworks_darwinn)
+
+# The TPU HAL looks for TPU instance in /dev/abrolhos
+allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms;
+
+# Allow DawriNN service to use a client-provided fd residing in /vendor/etc/.
+allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms;
+
+# Allow DarwiNN service to access data files.
+allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:file create_file_perms;
+allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir_perms;
+
+# Allow DarwiNN service to access unix sockets for IPC.
+allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:sock_file { create unlink rw_file_perms };
+
+# Register to hwbinder service.
+# add_hwservice() is granted by hal_server_domain + hal_neuralnetworks.te
+hwbinder_use(hal_neuralnetworks_darwinn)
+get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop)
+
+# Allow TPU HAL to read the kernel version.
+# This is done inside the InitGoogle.
+allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;
+
+# Allow TPU NNAPI HAL to log to stats service. (metrics)
+allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find;
+binder_call(hal_neuralnetworks_darwinn, system_server);
+binder_use(hal_neuralnetworks_darwinn)
+
+# Allow TPU NNAPI HAL to request power hints from the Power Service
+hal_client_domain(hal_neuralnetworks_darwinn, hal_power)
+
+# TPU NNAPI to register the service to service_manager.
+add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service);
+
+# Allow TPU NNAPI HAL to read the overcommit_memory info.
+allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms;
+
+# Allows the logging service to access /sys/class/edgetpu
+allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms;
+allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms;
+
+# Allows the NNAPI HAL to access the edgetpu_app_service
+allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find;
+binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server);
+
+# Allow NNAPI HAL to send trace packets to Perfetto with SELinux enabled
+# under userdebug builds.
+userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)')
--- a/edgetpu/sepolicy/priv_app.te
+++ b/edgetpu/sepolicy/priv_app.te
@ -0,0 +1,10 @@
+# Allows privileged applications to discover the EdgeTPU service.
+allow priv_app edgetpu_app_service:service_manager find;
+
+# Allows privileged applications to discover the NNAPI TPU service.
+allow priv_app edgetpu_nnapi_service:service_manager find;
+
+# Allows privileged applications to access the EdgeTPU device, except open,
+# which is guarded by the EdgeTPU service.
+allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };
+
--- a/edgetpu/sepolicy/property.te
+++ b/edgetpu/sepolicy/property.te
@ -0,0 +1,4 @@
+# EdgeTPU service requires system public properties
+# since it lives under /system_ext/.
+system_public_prop(vendor_edgetpu_service_prop)
+
--- a/edgetpu/sepolicy/property_contexts
+++ b/edgetpu/sepolicy/property_contexts
@ -0,0 +1,3 @@
+# for EdgeTPU
+vendor.edgetpu.service.                         u:object_r:vendor_edgetpu_service_prop:s0
+
--- a/edgetpu/sepolicy/service.te
+++ b/edgetpu/sepolicy/service.te
@ -0,0 +1,5 @@
+type edgetpu_nnapi_service, app_api_service, service_manager_type;
+type edgetpu_vendor_service, service_manager_type, hal_service_type;
+
+# EdgeTPU binder service type declaration.
+type edgetpu_app_service, service_manager_type;
--- a/edgetpu/sepolicy/service_contexts
+++ b/edgetpu/sepolicy/service_contexts
@ -0,0 +1,7 @@
+
+com.google.edgetpu.IEdgeTpuVendorService/default           u:object_r:edgetpu_vendor_service:s0
+# TPU NNAPI Service
+android.hardware.neuralnetworks.IDevice/google-edgetpu	   u:object_r:edgetpu_nnapi_service:s0
+
+# EdgeTPU service
+com.google.edgetpu.IEdgeTpuAppService/default              u:object_r:edgetpu_app_service:s0
--- a/edgetpu/sepolicy/untrusted_app_all.te
+++ b/edgetpu/sepolicy/untrusted_app_all.te
@ -0,0 +1,7 @@
+# Allows applications to discover the EdgeTPU service.
+allow untrusted_app_all edgetpu_app_service:service_manager find;
+
+# Allows applications to access the EdgeTPU device, except open, which is guarded
+# by the EdgeTPU service.
+allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };
+
--- a/sensors/Android.bp
+++ b/sensors/Android.bp
@ -0,0 +1,20 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_binary {
+    name: "dump_sensors",
+    srcs: ["dump_sensors.cpp"],
+    cflags: [
+        "-Wall",
+        "-Wextra",
+        "-Werror",
+    ],
+    shared_libs: [
+    	"libbase",
+	"libdumpstateutil",
+	"libdump",
+    ],
+    vendor: true,
+    relative_install_path: "dump",
+}
--- a/sensors/dump_sensors.cpp
+++ b/sensors/dump_sensors.cpp
@ -0,0 +1,38 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdio.h>
+#include <string>
+#include <android-base/properties.h>
+#include <dump/pixel_dump.h>
+#include "DumpstateUtil.h"
+
+int main() {
+    setbuf(stdout, NULL);
+
+    runCommand("USF statistics", "/vendor/bin/usf_stats get --all");
+    if (!::android::os::dumpstate::PropertiesHelper::IsUserBuild()) {
+        // Not a user build, if this is also not a production device dump the USF registry.
+        std::string hwRev = ::android::base::GetProperty("ro.boot.hardware.revision", "");
+        if (hwRev.find("PROTO") != std::string::npos ||
+            hwRev.find("EVT") != std::string::npos ||
+            hwRev.find("DVT") != std::string::npos ||
+            hwRev.find("PVT") != std::string::npos) {
+            runCommand("USF Registry", "/vendor/bin/usf_reg_edit save -");
+            dumpFileContent("USF Last Stat Buffer", "/data/vendor/sensors/debug/stats.history");
+        }
+    }
+    return 0;
+}
--- a/sensors/sensors.mk
+++ b/sensors/sensors.mk
@ -0,0 +1,3 @@
+$(call inherit-product-if-exists, vendor/google/sensors/usf/android/usf_efw_product.mk)
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/sensors/sepolicy
+
--- a/sensors/sepolicy/dump_sensors.te
+++ b/sensors/sepolicy/dump_sensors.te
@ -0,0 +1,11 @@
+pixel_bugreport(dump_sensors)
+allow dump_sensors aoc_device:chr_file rw_file_perms;
+allow dump_sensors device:dir r_dir_perms;
+allow dump_sensors vendor_shell_exec:file execute_no_trans;
+allow dump_sensors vendor_usf_stats:file execute_no_trans;
+
+userdebug_or_eng(`
+  allow dump_sensors vendor_usf_reg_edit:file execute_no_trans;
+  allow dump_sensors sensor_debug_data_file:dir r_dir_perms;
+  allow dump_sensors sensor_debug_data_file:file r_file_perms;
+')
--- a/sensors/sepolicy/file.te
+++ b/sensors/sepolicy/file.te
@ -0,0 +1,2 @@
+type vendor_usf_stats, vendor_file_type, file_type;
+type vendor_usf_reg_edit, vendor_file_type, file_type;
--- a/sensors/sepolicy/file_contexts
+++ b/sensors/sepolicy/file_contexts
@ -0,0 +1,3 @@
+/vendor/bin/dump/dump_sensors      u:object_r:dump_sensors_exec:s0
+/vendor/bin/usf_stats              u:object_r:vendor_usf_stats:s0
+/vendor/bin/usf_reg_edit           u:object_r:vendor_usf_reg_edit:s0