From db15a0bcf20275a26eef0d51d55cb8edfbd1ee44 Mon Sep 17 00:00:00 2001
From: Nishok Kumar S <nishok@google.com>
Date: Mon, 2 Sep 2024 10:28:25 +0000
Subject: [PATCH] Add sepolicy for NNAPI HAL to access
 hal_graphics_allocator_service, This is required for AHardwareBuffer
 allocation.

Attached avc error log in commit message:

E SELinux : avc:  denied  { find } for pid=820 uid=1000 name=android.hardware.graphics.allocator.IAllocator/default scontext=u:r:hal_neuralnetworks_darwinn:s0 tcontext=u:object_r:hal_graphics_allocator_service:s0 tclass=service_manager permissive=0

Bug: 361711471
Test: Flash private build, run CTS NNAPI tests.
Change-Id: I7850bd0c64974180cee206bfc43c25b70fac3f79
---
 edgetpu/sepolicy/hal_neuralnetworks_darwinn.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
index 3b2cd4f..abdbcd7 100644
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@@ -1,3 +1,4 @@
+# Sepolicies for EdgeTPU
 type hal_neuralnetworks_darwinn, domain;
 hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks)
 
@@ -62,3 +63,8 @@ get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop)
 # Allow DMA Buf access.
 allow hal_neuralnetworks_darwinn dmabuf_system_heap_device:chr_file r_file_perms;
 
+# Allows the NNAPI HAL to access the graphics_allocator_service.
+# This is required for shared memory buffer allocation.
+# Context:- b/361711471.
+hal_client_domain(hal_neuralnetworks_darwinn, hal_graphics_allocator);
+allow hal_neuralnetworks_darwinn hal_graphics_allocator_service:service_manager find;