From f02f35fa9c60649ee30bf0c37295cbca1ced94d7 Mon Sep 17 00:00:00 2001
From: Yurii Shutkin <shutkin@google.com>
Date: Wed, 13 Mar 2024 10:37:40 +0100
Subject: [PATCH 1/2] rpmb_dev: add rpmb_dev package

rpmb_dev is a mock implementation of rpmb for storageproxy.
It is used on emulation platforms where we don't have
real rpmb support in ufs.

Change-Id: I7a0d9e3ae2fef4c7652df9558c1d0aaaea328949
Test: storageproxyd
Bug: 328769740
Signed-off-by: Yurii Shutkin <shutkin@google.com>
---
 trusty/rpmb_dev/rpmb_dev.mk            | 3 +++
 trusty/rpmb_dev/sepolicy/file_contexts | 2 ++
 trusty/rpmb_dev/sepolicy/rpmb_dev.te   | 4 ++++
 3 files changed, 9 insertions(+)
 create mode 100644 trusty/rpmb_dev/rpmb_dev.mk
 create mode 100644 trusty/rpmb_dev/sepolicy/file_contexts
 create mode 100644 trusty/rpmb_dev/sepolicy/rpmb_dev.te

diff --git a/trusty/rpmb_dev/rpmb_dev.mk b/trusty/rpmb_dev/rpmb_dev.mk
new file mode 100644
index 0000000..31c68ef
--- /dev/null
+++ b/trusty/rpmb_dev/rpmb_dev.mk
@@ -0,0 +1,3 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/trusty/rpmb_dev/sepolicy
+
+PRODUCT_PACKAGES += rpmb_dev
diff --git a/trusty/rpmb_dev/sepolicy/file_contexts b/trusty/rpmb_dev/sepolicy/file_contexts
new file mode 100644
index 0000000..1a44f7d
--- /dev/null
+++ b/trusty/rpmb_dev/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+# Binaries
+/vendor/bin/rpmb_dev     u:object_r:rpmb_dev_exec:s0
diff --git a/trusty/rpmb_dev/sepolicy/rpmb_dev.te b/trusty/rpmb_dev/sepolicy/rpmb_dev.te
new file mode 100644
index 0000000..0f46e03
--- /dev/null
+++ b/trusty/rpmb_dev/sepolicy/rpmb_dev.te
@@ -0,0 +1,4 @@
+type rpmb_dev, domain;
+type rpmb_dev_exec, vendor_file_type, exec_type, file_type;
+
+init_daemon_domain(rpmb_dev)

From 76ed6d8a6d25d0bb1bddb9f1918c203dd180ba5a Mon Sep 17 00:00:00 2001
From: sandeepbandaru <sandeepbandaru@google,com>
Date: Thu, 9 Nov 2023 16:08:01 +0000
Subject: [PATCH 2/2] Adding policies for allowing inference services with TPU
 from isolated_compute_app

Test: make
Bug:309953452
Change-Id: I2b0dc17f1debc71ed78d37007213210a7a1aed77
---
 edgetpu/sepolicy/device.te  | 2 +-
 edgetpu/sepolicy/service.te | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/edgetpu/sepolicy/device.te b/edgetpu/sepolicy/device.te
index 9296ba5..78e918a 100644
--- a/edgetpu/sepolicy/device.te
+++ b/edgetpu/sepolicy/device.te
@@ -1,2 +1,2 @@
 # EdgeTPU device (DarwiNN)
-type edgetpu_device, dev_type, mlstrustedobject;
+type edgetpu_device, dev_type, mlstrustedobject, isolated_compute_allowed_device;
diff --git a/edgetpu/sepolicy/service.te b/edgetpu/sepolicy/service.te
index b1a5409..5ea2006 100644
--- a/edgetpu/sepolicy/service.te
+++ b/edgetpu/sepolicy/service.te
@@ -4,4 +4,4 @@ type edgetpu_dba_service, app_api_service, service_manager_type, isolated_comput
 type edgetpu_tachyon_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
 
 # EdgeTPU binder service type declaration.
-type edgetpu_app_service, service_manager_type;
+type edgetpu_app_service, service_manager_type, isolated_compute_allowed_service;