Merge "Allowed EdgeTPU service to read system properties related to vendor." into sc-dev am: 26cc7d6499

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14042450

Change-Id: I650b24c2e44106b738dd9149eda59ed9ab9b0aac

whitechapel/vendor/google/edgetpu_service.te

@@ -38,3 +38,6 @@ allow edgetpu_server hal_camera_default:fd use;
 # Allow EdgeTPU service to read the kernel version.
 # This is done inside the InitGoogle.
 allow edgetpu_server proc_version:file r_file_perms;
+
+# Allow EdgeTPU service to read EdgeTPU service related system properties.
+get_prop(edgetpu_server, vendor_edgetpu_service_prop);

whitechapel/vendor/google/property.te

@@ -26,6 +26,10 @@ vendor_internal_prop(vendor_camera_debug_prop)
 vendor_internal_prop(vendor_camera_fatp_prop)
 vendor_internal_prop(vendor_gps_prop)
 
+# EdgeTPU service requires system public properties
+# since it lives under /system_ext/.
+system_public_prop(vendor_edgetpu_service_prop)
+
 # Battery defender
 vendor_internal_prop(vendor_battery_defender_prop)
 

whitechapel/vendor/google/property_contexts

@@ -80,6 +80,9 @@ vendor.camera.fatp.                  u:object_r:vendor_camera_fatp_prop:s0
 # for gps
 vendor.gps                   u:object_r:vendor_gps_prop:s0
 
+# for EdgeTPU
+vendor.edgetpu.service.                         u:object_r:vendor_edgetpu_service_prop:s0
+
 # SecureElement
 persist.vendor.se.                              u:object_r:vendor_secure_element_prop:s0
 

whitechapel/vendor/google/vendor_init.te

@@ -8,6 +8,7 @@ set_prop(vendor_init, vendor_ims_prop)
 set_prop(vendor_init, vendor_ssrdump_prop)
 set_prop(vendor_init, vendor_ro_config_default_prop)
 get_prop(vendor_init, vendor_touchpanel_prop)
+set_prop(vendor_init, vendor_edgetpu_service_prop)
 
 allow vendor_init proc_dirty:file w_file_perms;
 allow vendor_init proc_sched:file write;