68 lines
2.8 KiB
Text
68 lines
2.8 KiB
Text
# Tachyon service.
|
|
type edgetpu_tachyon_server, domain;
|
|
type edgetpu_tachyon_server_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(edgetpu_tachyon_server)
|
|
|
|
# The vendor service will use binder calls.
|
|
binder_use(edgetpu_tachyon_server);
|
|
|
|
# The vendor service will serve a binder service.
|
|
binder_service(edgetpu_tachyon_server);
|
|
|
|
# Tachyon service to register the service to service_manager.
|
|
add_service(edgetpu_tachyon_server, edgetpu_tachyon_service);
|
|
|
|
# Allow Tachyon service to access the edgetpu_app_service.
|
|
allow edgetpu_tachyon_server edgetpu_app_service:service_manager find;
|
|
binder_call(edgetpu_tachyon_server, edgetpu_app_server);
|
|
|
|
# Allow Tachyon service to look for TPU instance in /dev/edgetpu or /dev/edgetpu-soc.
|
|
allow edgetpu_tachyon_server edgetpu_device:chr_file rw_file_perms;
|
|
|
|
# Allow Tachyon service to access hardware buffers and ION memory.
|
|
allow edgetpu_tachyon_server hal_allocator:fd use;
|
|
allow edgetpu_tachyon_server hal_graphics_mapper_hwservice:hwservice_manager find;
|
|
allow edgetpu_tachyon_server hal_graphics_allocator:fd use;
|
|
allow edgetpu_tachyon_server gpu_device:chr_file rw_file_perms;
|
|
allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
|
|
allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
|
|
|
|
# Allow Tachyon service to access camera hal via binder.
|
|
binder_call(edgetpu_tachyon_server, hal_camera_default);
|
|
|
|
# Allow Tachyon service to access dmabuf sysytem.
|
|
allow edgetpu_tachyon_server dmabuf_system_heap_device:chr_file r_file_perms;
|
|
|
|
# Allow Tachyon service to read the overcommit_memory info.
|
|
allow edgetpu_tachyon_server proc_overcommit_memory:file r_file_perms;
|
|
|
|
# Allow Tachyon service to read the kernel version.
|
|
# This is done inside the InitGoogle.
|
|
allow edgetpu_tachyon_server proc_version:file r_file_perms;
|
|
|
|
# Allow Tachyon service to send trace packets to Perfetto with SELinux enabled
|
|
# under userdebug builds.
|
|
perfetto_producer(edgetpu_tachyon_server)
|
|
|
|
# Allow Tachyon service to read tflite DarwiNN delegate properties
|
|
get_prop(edgetpu_tachyon_server, vendor_tflite_delegate_prop)
|
|
# Allow Tachyon service to read DarwiNN runtime properties
|
|
get_prop(edgetpu_tachyon_server, vendor_edgetpu_runtime_prop)
|
|
# Allow Tachyon service to read hetero runtime properties
|
|
get_prop(edgetpu_tachyon_server, vendor_hetero_runtime_prop)
|
|
# Allow Tachyon service to read EdgeTPU CPU scheduler properties
|
|
get_prop(edgetpu_tachyon_server, vendor_edgetpu_cpu_scheduler_prop)
|
|
|
|
# Allow mlock without size restriction
|
|
allow edgetpu_tachyon_server self:capability ipc_lock;
|
|
|
|
# Need to effectively read file mapped file when mmap + mlocked.
|
|
allow edgetpu_tachyon_server privapp_data_file:file { map read};
|
|
|
|
# For shell level testing of mlock
|
|
userdebug_or_eng(`
|
|
allow edgetpu_tachyon_server shell_data_file:file { map read};
|
|
')
|
|
|
|
# For shell level testing
|
|
binder_call(edgetpu_tachyon_server, shell);
|