From 8e965d36a2547b0462251483757fcd43ca0d907c Mon Sep 17 00:00:00 2001 From: Yu-Chi Cheng Date: Thu, 16 Mar 2023 14:10:10 -0700 Subject: [PATCH] Added the hetero runtime system property SELinux rules. Currently, there is a hetero runtime property that darwinn and other hetero runtime project will use: the trace level (vendor.google.silicon.max_trace_level). This change allows edgetpu services and clients to be able to see that property in order to change the trace level. Bug: 272292650 Test: verified it to build but not tested on device yet since selinux has not been enforced yet. Change-Id: Id6d345b92d2e710b41ca58907ad443fc2667054a --- edgetpu/sepolicy/appdomain.te | 3 +++ edgetpu/sepolicy/edgetpu_dba_service.te | 2 ++ edgetpu/sepolicy/hal_camera_default.te | 3 +++ edgetpu/sepolicy/hal_neuralnetworks_darwinn.te | 2 ++ edgetpu/sepolicy/property.te | 3 +++ edgetpu/sepolicy/property_contexts | 3 +++ 6 files changed, 16 insertions(+) diff --git a/edgetpu/sepolicy/appdomain.te b/edgetpu/sepolicy/appdomain.te index 37cb1db..804a202 100644 --- a/edgetpu/sepolicy/appdomain.te +++ b/edgetpu/sepolicy/appdomain.te @@ -1,2 +1,5 @@ # Allow apps to read tflite Darwinn delegate properties get_prop(appdomain, vendor_tflite_delegate_prop) + +# Allow apps to read hetero runtime properties +get_prop(appdomain, vendor_hetero_runtime_prop) diff --git a/edgetpu/sepolicy/edgetpu_dba_service.te b/edgetpu/sepolicy/edgetpu_dba_service.te index dca4ac4..ce1f200 100644 --- a/edgetpu/sepolicy/edgetpu_dba_service.te +++ b/edgetpu/sepolicy/edgetpu_dba_service.te @@ -39,3 +39,5 @@ userdebug_or_eng(`perfetto_producer(edgetpu_dba_server)') # Allow EdgeTPU DBA service to read tflite Darwinn delegate properties get_prop(edgetpu_dba_server, vendor_tflite_delegate_prop) +# Allow EdgeTPU DBA service to read hetero runtime properties +get_prop(edgetpu_dba_server, vendor_hetero_runtime_prop) diff --git a/edgetpu/sepolicy/hal_camera_default.te b/edgetpu/sepolicy/hal_camera_default.te index a8ea541..3c09f2f 100644 --- a/edgetpu/sepolicy/hal_camera_default.te +++ b/edgetpu/sepolicy/hal_camera_default.te @@ -1,2 +1,5 @@ # Allow camera HAL to read tflite Darwinn delegate properties get_prop(hal_camera_default, vendor_tflite_delegate_prop) + +# Allow camera HAL to read hetero runtime properties +get_prop(hal_camera_default, vendor_hetero_runtime_prop) diff --git a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te index 02e485c..7d50bfc 100644 --- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te +++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te @@ -54,3 +54,5 @@ userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)') # Allow NNAPI HAL to read tflite DarwiNN delegate properties get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop) +# Allow NNAPI HAL to read hetero runtime properties +get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop) diff --git a/edgetpu/sepolicy/property.te b/edgetpu/sepolicy/property.te index 254d059..1ed9a59 100644 --- a/edgetpu/sepolicy/property.te +++ b/edgetpu/sepolicy/property.te @@ -5,3 +5,6 @@ system_public_prop(vendor_edgetpu_service_prop) # Tflite Darwinn delegate properties are written once by vendor_init, # and then read by apps, camera hal, and some Darwinn vendor services. system_vendor_config_prop(vendor_tflite_delegate_prop) + +# Hetero runtime properties, including tracing levels. +system_vendor_config_prop(vendor_hetero_runtime_prop) diff --git a/edgetpu/sepolicy/property_contexts b/edgetpu/sepolicy/property_contexts index 56c2bf6..c21eb13 100644 --- a/edgetpu/sepolicy/property_contexts +++ b/edgetpu/sepolicy/property_contexts @@ -3,3 +3,6 @@ vendor.edgetpu.service. u:object_r:vendor_edgetpu_servic # for DarwinnDelegate vendor.edgetpu.tflite_delegate. u:object_r:vendor_tflite_delegate_prop:s0 + +# for hetero runtime +vendor.google.silicon. u:object_r:vendor_hetero_runtime_prop:s0