Connect Gxp runtime to TPU authentication service

- Add selinux policies to allow edgetpu_app_service to access gxp
   device.

Bug: 316262348
Test: Disable selinux policies for GCA, then verify if GCA is able to
access device through edgetpu app service.

Change-Id: I83429755b1406289c8714d9499c1f14c1ec76a30

edgetpu/sepolicy/file_contexts

@@ -15,7 +15,7 @@
 /vendor/lib64/libmetrics_logger\.so                                        u:object_r:same_process_hal_file:s0
 /vendor/lib64/libedgetpu_util\.so                                          u:object_r:same_process_hal_file:s0
 # EdgeTPU runtime libraries
-/vendor/lib64/com\.google\.edgetpu_app_service-V[1-2]-ndk\.so              u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V[1-3]-ndk\.so              u:object_r:same_process_hal_file:s0
 /vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so           u:object_r:same_process_hal_file:s0
 
 # EdgeTPU data files

gxp/sepolicy/appdomain.te

@@ -0,0 +1,2 @@
+# Allow apps to read gxp properties
+get_prop(appdomain, vendor_gxp_prop)

gxp/sepolicy/edgetpu_app_service.te

@@ -0,0 +1,6 @@
+# Allow Edgetpu App Service to access the GXP device and read GXP properties.
+allow edgetpu_app_server gxp_device:chr_file rw_file_perms;
+get_prop(edgetpu_app_server, vendor_gxp_prop)
+
+# Allows Edgetpu App Service to search for GXP firmware file.
+allow edgetpu_app_server vendor_fw_file:dir search;

gxp/sepolicy/priv_app.te

@@ -0,0 +1,3 @@
+# Allows privileged applications to access the GXP device, except open,
+# which is guarded by the EdgeTPU service.
+allow priv_app gxp_device:chr_file { getattr read write ioctl map };

gxp/sepolicy/untrusted_app_all.te

@@ -0,0 +1,3 @@
+# Allows applications to access the GXP device, except open,
+# which is guarded by the EdgeTPU service.
+allow untrusted_app_all gxp_device:chr_file { getattr read write ioctl map };