Added SELinux rules for vendor.darwinn.runtime. properties.

This allows DarwiNN runtime components to access related system properties, including the ones that control host DMA-BUF allocation. Bug: 297432189 Test: verified camera to work on local device Change-Id: I4b3f566417445a2a0ef6eae64d9b0ed7d20ff26c
2023-09-26 20:42:30 +00:00 · 2023-09-26 20:42:30 +00:00 · 7232d53128
commit 7232d53128
parent a0d41f482e
7 changed files with 22 additions and 6 deletions
--- a/edgetpu/sepolicy/appdomain.te
+++ b/edgetpu/sepolicy/appdomain.te
@ -1,5 +1,8 @@
-# Allow apps to read tflite Darwinn delegate properties
+# Allow apps to read tflite DarwiNN delegate properties
 get_prop(appdomain, vendor_tflite_delegate_prop)

+# Allow apps to read DarwiNN runtime properties
+get_prop(appdomain, vendor_edgetpu_runtime_prop)
+
 # Allow apps to read hetero runtime properties
 get_prop(appdomain, vendor_hetero_runtime_prop)
--- a/edgetpu/sepolicy/edgetpu_dba_service.te
+++ b/edgetpu/sepolicy/edgetpu_dba_service.te
@ -41,8 +41,10 @@ allow edgetpu_dba_server proc_version:file r_file_perms;
 # under userdebug builds.
 userdebug_or_eng(`perfetto_producer(edgetpu_dba_server)')

-# Allow EdgeTPU DBA service to read tflite Darwinn delegate properties
+# Allow EdgeTPU DBA service to read tflite DarwiNN delegate properties
 get_prop(edgetpu_dba_server, vendor_tflite_delegate_prop)
+# Allow EdgeTPU DBA service to read DarwiNN runtime properties
+get_prop(edgetpu_dba_server, vendor_edgetpu_runtime_prop)
 # Allow EdgeTPU DBA service to read hetero runtime properties
 get_prop(edgetpu_dba_server, vendor_hetero_runtime_prop)
 # Allow EdgeTPU DBA service to read EdgeTPU CPU scheduler properties
--- a/edgetpu/sepolicy/edgetpu_tachyon_service.te
+++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te
@ -38,8 +38,10 @@ allow edgetpu_tachyon_server proc_version:file r_file_perms;
 # under userdebug builds.
 userdebug_or_eng(`perfetto_producer(edgetpu_tachyon_server)')

-# Allow Tachyon service to read tflite Darwinn delegate properties
+# Allow Tachyon service to read tflite DarwiNN delegate properties
 get_prop(edgetpu_tachyon_server, vendor_tflite_delegate_prop)
+# Allow Tachyon service to read DarwiNN runtime properties
+get_prop(edgetpu_tachyon_server, vendor_edgetpu_runtime_prop)
 # Allow Tachyon service to read hetero runtime properties
 get_prop(edgetpu_tachyon_server, vendor_hetero_runtime_prop)
 # Allow Tachyon service to read EdgeTPU CPU scheduler properties
--- a/edgetpu/sepolicy/hal_camera_default.te
+++ b/edgetpu/sepolicy/hal_camera_default.te
@ -1,5 +1,8 @@
-# Allow camera HAL to read tflite Darwinn delegate properties
+# Allow camera HAL to read tflite DarwiNN delegate properties
 get_prop(hal_camera_default, vendor_tflite_delegate_prop)

+# Allow camera HAL to read DarwiNN runtime properties
+get_prop(hal_camera_default, vendor_edgetpu_runtime_prop)
+
 # Allow camera HAL to read hetero runtime properties
 get_prop(hal_camera_default, vendor_hetero_runtime_prop)
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@ -54,5 +54,7 @@ userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)')

 # Allow NNAPI HAL to read tflite DarwiNN delegate properties
 get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop)
+# Allow NNAPI HAL to read DarwiNN runtime properties
+get_prop(hal_neuralnetworks_darwinn, vendor_edgetpu_runtime_prop)
 # Allow NNAPI HAL to read hetero runtime properties
 get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop)
--- a/edgetpu/sepolicy/property.te
+++ b/edgetpu/sepolicy/property.te
@ -2,13 +2,16 @@
 # since it lives under /system_ext/.
 system_public_prop(vendor_edgetpu_service_prop)

-# Tflite Darwinn delegate properties are written once by vendor_init,
-# and then read by apps, camera hal, and some Darwinn vendor services.
+# Tflite DarwiNN delegate properties are written once by vendor_init,
+# and then read by apps, camera hal, and some DarwiNN vendor services.
 system_vendor_config_prop(vendor_tflite_delegate_prop)

 # The EdgeTPU CPU scheduler properties are written once by vendor_init,
 # and then read by HAL service.
 system_vendor_config_prop(vendor_edgetpu_cpu_scheduler_prop)

+# DarwiNN runtime properties.
+system_vendor_config_prop(vendor_edgetpu_runtime_prop)
+
 # Hetero runtime properties, including tracing levels.
 system_vendor_config_prop(vendor_hetero_runtime_prop)
--- a/edgetpu/sepolicy/property_contexts
+++ b/edgetpu/sepolicy/property_contexts
@ -1,6 +1,7 @@
 # for EdgeTPU
 vendor.edgetpu.service.                         u:object_r:vendor_edgetpu_service_prop:s0
 vendor.edgetpu.cpu_scheduler.                   u:object_r:vendor_edgetpu_cpu_scheduler_prop:s0
+vendor.edgetpu.runtime.                         u:object_r:vendor_edgetpu_runtime_prop:s0

 # for DarwinnDelegate
 vendor.edgetpu.tflite_delegate.                 u:object_r:vendor_tflite_delegate_prop:s0