Merge "move edgetpu to gs-common"

2022-11-10 03:19:29 +00:00 · 2022-11-10 03:19:29 +00:00 · 18b9f37425
commit 18b9f37425
parent 912095c099 84b32a700f
21 changed files with 20 additions and 227 deletions
--- a/edgetpu/device.te
+++ b/edgetpu/device.te
@ -1,2 +0,0 @@
 # EdgeTPU device (DarwiNN)
 type edgetpu_device, dev_type, mlstrustedobject;
--- a/edgetpu/edgetpu_app_service.te
+++ b/edgetpu/edgetpu_app_service.te
@ -1,38 +0,0 @@
 # EdgeTPU app server process which runs the EdgeTPU binder service.
 type edgetpu_app_server, coredomain, domain;
 type edgetpu_app_server_exec, exec_type, system_file_type, file_type;
 init_daemon_domain(edgetpu_app_server)
 # The server will use binder calls.
 binder_use(edgetpu_app_server);
 # The server will serve a binder service.
 binder_service(edgetpu_app_server);
 # EdgeTPU server to register the service to service_manager.
 add_service(edgetpu_app_server, edgetpu_app_service);
 # EdgeTPU service needs to access /dev/abrolhos.
 allow edgetpu_app_server edgetpu_device:chr_file rw_file_perms;
 allow edgetpu_app_server sysfs_edgetpu:dir r_dir_perms;
 allow edgetpu_app_server sysfs_edgetpu:file rw_file_perms;
 # Applications are not allowed to open the EdgeTPU device directly.
 neverallow appdomain edgetpu_device:chr_file { open };
 # Allow EdgeTPU service to access the Package Manager service.
 allow edgetpu_app_server package_native_service:service_manager find;
 binder_call(edgetpu_app_server, system_server);
 # Allow EdgeTPU service to read EdgeTPU service related system properties.
 get_prop(edgetpu_app_server, vendor_edgetpu_service_prop);
 # Allow EdgeTPU service to generate Perfetto traces.
 perfetto_producer(edgetpu_app_server);
 # Allow EdgeTPU service to connect to the EdgeTPU vendor version of the service.
 allow edgetpu_app_server edgetpu_vendor_service:service_manager find;
 binder_call(edgetpu_app_server, edgetpu_vendor_server);
 # Allow EdgeTPU service to log to stats service. (metrics)
 allow edgetpu_app_server fwk_stats_service:service_manager find;
--- a/edgetpu/edgetpu_logging.te
+++ b/edgetpu/edgetpu_logging.te
@ -1,15 +0,0 @@
 type edgetpu_logging, domain;
 type edgetpu_logging_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(edgetpu_logging)
 # The logging service accesses /dev/abrolhos
 allow edgetpu_logging edgetpu_device:chr_file rw_file_perms;
 # Allows the logging service to access /sys/class/edgetpu
 allow edgetpu_logging sysfs_edgetpu:dir search;
 allow edgetpu_logging sysfs_edgetpu:file rw_file_perms;
 # Allow TPU logging service to log to stats service. (metrics)
 allow edgetpu_logging fwk_stats_service:service_manager find;
 binder_call(edgetpu_logging, system_server);
 binder_use(edgetpu_logging)
--- a/edgetpu/edgetpu_vendor_service.te
+++ b/edgetpu/edgetpu_vendor_service.te
@ -1,31 +0,0 @@
 # EdgeTPU vendor service.
 type edgetpu_vendor_server, domain;
 type edgetpu_vendor_server_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(edgetpu_vendor_server)
 # The vendor service will use binder calls.
 binder_use(edgetpu_vendor_server);
 # The vendor service will serve a binder service.
 binder_service(edgetpu_vendor_server);
 # EdgeTPU vendor service to register the service to service_manager.
 add_service(edgetpu_vendor_server, edgetpu_vendor_service);
 # Allow communications between other vendor services.
 allow edgetpu_vendor_server vndbinder_device:chr_file { read write open ioctl map };
 # Allow EdgeTPU vendor service to access its data files.
 allow edgetpu_vendor_server edgetpu_vendor_service_data_file:file create_file_perms;
 allow edgetpu_vendor_server edgetpu_vendor_service_data_file:dir create_dir_perms;
 # Allow EdgeTPU vendor service to access Android shared memory allocated
 # by the camera hal for on-device compilation.
 allow edgetpu_vendor_server hal_camera_default:fd use;
 # Allow EdgeTPU vendor service to read the kernel version.
 # This is done inside the InitGoogle.
 allow edgetpu_vendor_server proc_version:file r_file_perms;
 # Allow EdgeTPU vendor service to read the overcommit_memory info.
 allow edgetpu_vendor_server proc_overcommit_memory:file r_file_perms;
--- a/edgetpu/file.te
+++ b/edgetpu/file.te
@ -1,9 +0,0 @@
 # EdgeTPU sysfs
 type sysfs_edgetpu, sysfs_type, fs_type;
 # EdgeTPU hal data file
 type hal_neuralnetworks_darwinn_data_file, file_type, data_file_type;
 # EdgeTPU vendor service data file
 type edgetpu_vendor_service_data_file, file_type, data_file_type;
--- a/edgetpu/file_contexts
+++ b/edgetpu/file_contexts
@ -1,30 +0,0 @@
 # EdgeTPU logging service
 /vendor/bin/hw/android\.hardware\.edgetpu\.logging@service-edgetpu-logging u:object_r:edgetpu_logging_exec:s0
 # EdgeTPU device (DarwiNN)
 /dev/abrolhos                      u:object_r:edgetpu_device:s0
 # EdgeTPU service binaries and libraries
 /system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0
 /vendor/lib64/com\.google\.edgetpu_app_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
 /vendor/lib64/libedgetpu_client\.google\.so u:object_r:same_process_hal_file:s0
 # EdgeTPU vendor service
 /vendor/bin/hw/vendor\.google\.edgetpu_vendor_service@1\.0-service u:object_r:edgetpu_vendor_server_exec:s0
 /vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
 # EdgeTPU runtime libraries
 /vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0
 # EdgeTPU data files
 /data/vendor/edgetpu(/.*)?                              u:object_r:edgetpu_vendor_service_data_file:s0
 /data/vendor/hal_neuralnetworks_darwinn(/.*)?           u:object_r:hal_neuralnetworks_darwinn_data_file:s0
 # NeuralNetworks file contexts
 /vendor/bin/hw/android\.hardware\.neuralnetworks@service-darwinn-aidl u:object_r:hal_neuralnetworks_darwinn_exec:s0
 # EdgeTPU metrics logging service.
 /vendor/lib64/libmetrics_logger\.so u:object_r:same_process_hal_file:s0
 # EdgeTPU DBA service
 /vendor/bin/hw/com\.google\.edgetpu.dba-service u:object_r:edgetpu_dba_server_exec:s0
--- a/edgetpu/genfs_contexts
+++ b/edgetpu/genfs_contexts
@ -1,4 +0,0 @@
 # EdgeTPU
 genfscon sysfs /devices/platform/1ce00000.abrolhos                              u:object_r:sysfs_edgetpu:s0
 genfscon sysfs /devices/platform/abrolhos                                       u:object_r:sysfs_edgetpu:s0
--- a/edgetpu/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/hal_neuralnetworks_darwinn.te
@ -1,53 +0,0 @@
 type hal_neuralnetworks_darwinn, domain;
 hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks)
 type hal_neuralnetworks_darwinn_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_neuralnetworks_darwinn)
 # The TPU HAL looks for TPU instance in /dev/abrolhos
 allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms;
 # Allow DawriNN service to use a client-provided fd residing in /vendor/etc/.
 allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms;
 # Allow DarwiNN service to access data files.
 allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:file create_file_perms;
 allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir_perms;
 # Allow DarwiNN service to access unix sockets for IPC.
 allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:sock_file { create unlink rw_file_perms };
 # Register to hwbinder service.
 # add_hwservice() is granted by hal_server_domain + hal_neuralnetworks.te
 hwbinder_use(hal_neuralnetworks_darwinn)
 get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop)
 # Allow TPU HAL to read the kernel version.
 # This is done inside the InitGoogle.
 allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;
 # Allow TPU NNAPI HAL to log to stats service. (metrics)
 allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find;
 binder_call(hal_neuralnetworks_darwinn, system_server);
 binder_use(hal_neuralnetworks_darwinn)
 # Allow TPU NNAPI HAL to request power hints from the Power Service
 hal_client_domain(hal_neuralnetworks_darwinn, hal_power)
 # TPU NNAPI to register the service to service_manager.
 add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service);
 # Allow TPU NNAPI HAL to read the overcommit_memory info.
 allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms;
 # Allows the logging service to access /sys/class/edgetpu
 allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms;
 allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms;
 # Allows the NNAPI HAL to access the edgetpu_app_service
 allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find;
 binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server);
 # Allow NNAPI HAL to send trace packets to Perfetto with SELinux enabled
 # under userdebug builds.
 userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)')
--- a/edgetpu/priv_app.te
+++ b/edgetpu/priv_app.te
@ -1,15 +0,0 @@
 # Allows privileged applications to discover the EdgeTPU service.
 allow priv_app edgetpu_app_service:service_manager find;
 # Allows privileged applications to discover the NNAPI TPU service.
 allow priv_app edgetpu_nnapi_service:service_manager find;
 # Allows privileged applications to access the EdgeTPU device, except open,
 # which is guarded by the EdgeTPU service.
 allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };
 # Allows privileged applications to access the PowerHAL.
 hal_client_domain(priv_app, hal_power)
 # Allows privileged applications to discover the EdgeTPU DBA service.
 allow priv_app edgetpu_dba_service:service_manager find;
--- a/edgetpu/property.te
+++ b/edgetpu/property.te
@ -1,4 +0,0 @@
 # EdgeTPU service requires system public properties
 # since it lives under /system_ext/.
 system_public_prop(vendor_edgetpu_service_prop)
--- a/edgetpu/property_contexts
+++ b/edgetpu/property_contexts
@ -1,3 +0,0 @@
 # for EdgeTPU
 vendor.edgetpu.service.                         u:object_r:vendor_edgetpu_service_prop:s0
--- a/edgetpu/service.te
+++ b/edgetpu/service.te
@ -1,6 +0,0 @@
 # EdgeTPU binder service type declaration.
 type edgetpu_app_service, service_manager_type;
 type edgetpu_vendor_service, service_manager_type, hal_service_type;
 type edgetpu_nnapi_service, app_api_service, service_manager_type;
 type edgetpu_dba_service, app_api_service, service_manager_type;
--- a/edgetpu/service_contexts
+++ b/edgetpu/service_contexts
@ -1,9 +0,0 @@
 # EdgeTPU service
 com.google.edgetpu.IEdgeTpuAppService/default              u:object_r:edgetpu_app_service:s0
 com.google.edgetpu.IEdgeTpuVendorService/default           u:object_r:edgetpu_vendor_service:s0
 # TPU NNAPI Service
 android.hardware.neuralnetworks.IDevice/google-edgetpu	   u:object_r:edgetpu_nnapi_service:s0
 # EdgeTPU DBA Service
 com.google.edgetpu.dba.IDevice/default                     u:object_r:edgetpu_dba_service:s0
--- a/edgetpu/untrusted_app_all.te
+++ b/edgetpu/untrusted_app_all.te
@ -1,7 +0,0 @@
 # Allows applications to discover the EdgeTPU service.
 allow untrusted_app_all edgetpu_app_service:service_manager find;
 # Allows applications to access the EdgeTPU device, except open, which is guarded
 # by the EdgeTPU service.
 allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };
--- a/edgetpu/vendor_init.te
+++ b/edgetpu/vendor_init.te
@ -1 +0,0 @@
 set_prop(vendor_init, vendor_edgetpu_service_prop)
--- a/whitechapel/vendor/google/edgetpu_dba_service.te
+++ b/whitechapel/vendor/google/edgetpu_dba_service.te
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@ -27,6 +27,10 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate-service\.gs101                      u:object_r:hal_dumpstate_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service\.gs101              u:object_r:hal_power_stats_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.pixel                       u:object_r:hal_memtrack_default_exec:s0
 # EdgeTPU DBA service
 /vendor/bin/hw/com\.google\.edgetpu.dba-service u:object_r:edgetpu_dba_server_exec:s0
 # Wireless charger HAL
 /(vendor|system/vendor)/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor             u:object_r:hal_wlc_exec:s0
@ -113,6 +117,9 @@
 /dev/umts_dm0                  u:object_r:radio_device:s0
 /dev/umts_router               u:object_r:radio_device:s0
 # EdgeTPU device (DarwiNN)
 /dev/abrolhos                  u:object_r:edgetpu_device:s0
 # OEM IPC device
 /dev/oem_ipc[0-7]              u:object_r:radio_device:s0
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@ -17,6 +17,10 @@ genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception      u:ob
 genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32      u:object_r:sysfs_aoc_dumpstate:s0
 genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1      u:object_r:sysfs_aoc_dumpstate:s0
 # EdgeTPU
 genfscon sysfs /devices/platform/1ce00000.abrolhos                          u:object_r:sysfs_edgetpu:s0
 genfscon sysfs /devices/platform/abrolhos                                   u:object_r:sysfs_edgetpu:s0
 # WiFi
 genfscon sysfs /wifi                                                        u:object_r:sysfs_wifi:s0
 # Battery
--- a/whitechapel/vendor/google/priv_app.te
+++ b/whitechapel/vendor/google/priv_app.te
@ -0,0 +1,5 @@
 # Allows privileged applications to access the PowerHAL.
 hal_client_domain(priv_app, hal_power)
 # Allows privileged applications to discover the EdgeTPU DBA service.
 allow priv_app edgetpu_dba_service:service_manager find;
--- a/whitechapel/vendor/google/service.te
+++ b/whitechapel/vendor/google/service.te
@ -1,2 +1,3 @@
 type hal_pixel_display_service, service_manager_type, hal_service_type;
 type hal_uwb_vendor_service, service_manager_type, hal_service_type;
 type edgetpu_dba_service, app_api_service, service_manager_type;
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@ -1,3 +1,6 @@
 com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_display_service:s0
 hardware.qorvo.uwb.IUwbVendor/default                      u:object_r:hal_uwb_vendor_service:s0
 android.hardware.drm.IDrmFactory/widevine                  u:object_r:hal_drm_service:s0
 # EdgeTPU DBA Service
 com.google.edgetpu.dba.IDevice/default                     u:object_r:edgetpu_dba_service:s0
		`@ -1,2 +0,0 @@`
			`# EdgeTPU device (DarwiNN)`
			`type edgetpu_device, dev_type, mlstrustedobject;`
		`@ -1,3 +0,0 @@`
			`# for EdgeTPU`
			`vendor.edgetpu.service. u:object_r:vendor_edgetpu_service_prop:s0`
		`@ -1 +0,0 @@`
			`set_prop(vendor_init, vendor_edgetpu_service_prop)`