db15a0bcf2
This is required for AHardwareBuffer allocation.
Attached avc error log in commit message:
E SELinux : avc: denied { find } for pid=820 uid=1000 name=android.hardware.graphics.allocator.IAllocator/default scontext=u:r:hal_neuralnetworks_darwinn:s0 tcontext=u:object_r:hal_graphics_allocator_service:s0 tclass=service_manager permissive=0
Bug: 361711471
Test: Flash private build, run CTS NNAPI tests.
Change-Id: I7850bd0c64974180cee206bfc43c25b70fac3f79
70 lines
3.1 KiB
Text
70 lines
3.1 KiB
Text
# Sepolicies for EdgeTPU
|
|
type hal_neuralnetworks_darwinn, domain;
|
|
hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks)
|
|
|
|
type hal_neuralnetworks_darwinn_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(hal_neuralnetworks_darwinn)
|
|
|
|
# The TPU HAL looks for TPU instance in /dev/abrolhos
|
|
allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms;
|
|
|
|
# Allow DarwiNN service to use a client-provided fd residing in /vendor/etc/.
|
|
allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms;
|
|
|
|
# Allow DarwiNN service to access data files.
|
|
allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:file create_file_perms;
|
|
allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir_perms;
|
|
|
|
# Allow DarwiNN service to access unix sockets for IPC.
|
|
allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:sock_file { create unlink rw_file_perms };
|
|
|
|
# Register to hwbinder service.
|
|
# add_hwservice() is granted by hal_server_domain + hal_neuralnetworks.te
|
|
hwbinder_use(hal_neuralnetworks_darwinn)
|
|
get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop)
|
|
|
|
# Allow TPU HAL to read the kernel version.
|
|
# This is done inside the InitGoogle.
|
|
allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;
|
|
|
|
# Allow TPU NNAPI HAL to log to stats service. (metrics)
|
|
allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find;
|
|
binder_call(hal_neuralnetworks_darwinn, system_server);
|
|
binder_use(hal_neuralnetworks_darwinn)
|
|
|
|
# Allow TPU NNAPI HAL to request power hints from the Power Service
|
|
hal_client_domain(hal_neuralnetworks_darwinn, hal_power)
|
|
|
|
# TPU NNAPI to register the service to service_manager.
|
|
add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service);
|
|
|
|
# Allow TPU NNAPI HAL to read the overcommit_memory info.
|
|
allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms;
|
|
|
|
# Allows the logging service to access /sys/class/edgetpu
|
|
allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms;
|
|
allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms;
|
|
|
|
# Allows the NNAPI HAL to access the edgetpu_app_service
|
|
allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find;
|
|
binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server);
|
|
|
|
# Allow NNAPI HAL to send trace packets to Perfetto with SELinux enabled
|
|
# under userdebug builds.
|
|
userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)')
|
|
|
|
# Allow NNAPI HAL to read tflite DarwiNN delegate properties
|
|
get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop)
|
|
# Allow NNAPI HAL to read DarwiNN runtime properties
|
|
get_prop(hal_neuralnetworks_darwinn, vendor_edgetpu_runtime_prop)
|
|
# Allow NNAPI HAL to read hetero runtime properties
|
|
get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop)
|
|
|
|
# Allow DMA Buf access.
|
|
allow hal_neuralnetworks_darwinn dmabuf_system_heap_device:chr_file r_file_perms;
|
|
|
|
# Allows the NNAPI HAL to access the graphics_allocator_service.
|
|
# This is required for shared memory buffer allocation.
|
|
# Context:- b/361711471.
|
|
hal_client_domain(hal_neuralnetworks_darwinn, hal_graphics_allocator);
|
|
allow hal_neuralnetworks_darwinn hal_graphics_allocator_service:service_manager find;
|