From 0f99f3e63450befc661d38827e9afc853ca9257a Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <ambroisie@google.com>
Date: Thu, 6 Apr 2023 13:49:34 +0000
Subject: [PATCH 1/2] Add ArmNN config sysprops SELinux rules

Bug: b/205202540
Test: manual - reboot device and check the absence of AVC denials
Change-Id: I70c89dcc4b2bbe665d69cc4be1ac2f6cf8155a10
---
 whitechapel/vendor/google/property.te       | 3 +++
 whitechapel/vendor/google/property_contexts | 3 +++
 whitechapel/vendor/google/vendor_init.te    | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te
index 934e13a9..34f17a70 100644
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@@ -57,3 +57,6 @@ vendor_internal_prop(vendor_trusty_storage_prop)
 
 # Mali Integration
 vendor_restricted_prop(vendor_arm_runtime_option_prop)
+
+# ArmNN configuration
+vendor_internal_prop(vendor_armnn_config_prop)
diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index 4c01239d..17e9af59 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -101,3 +101,6 @@ ro.vendor.trusty.storage.fs_ready               u:object_r:vendor_trusty_storage
 
 # Mali GPU driver configuration and debug options
 vendor.mali.                                    u:object_r:vendor_arm_runtime_option_prop:s0 prefix
+
+# ArmNN configuration
+ro.vendor.armnn.                                u:object_r:vendor_armnn_config_prop:s0 prefix
diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te
index 928bc021..1707ef8b 100644
--- a/whitechapel/vendor/google/vendor_init.te
+++ b/whitechapel/vendor/google/vendor_init.te
@@ -45,3 +45,5 @@ get_prop(vendor_init, vendor_trusty_storage_prop)
 # Mali
 set_prop(vendor_init, vendor_arm_runtime_option_prop)
 
+# ArmNN
+set_prop(vendor_init, vendor_armnn_config_prop)

From e4254a16aa516f5960f48732b078aad4ed63df6f Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <ambroisie@google.com>
Date: Thu, 6 Apr 2023 10:38:27 +0000
Subject: [PATCH 2/2] Remove 'hal_neuralnetworks_armnn' sysprop exceptions

Bug: b/205202540
Test: manual - reboot device and check the absence of AVC denials
Change-Id: Ied38dc6b323911aa909f4f42b66ee404fc7062fa
---
 tracking_denials/hal_neuralnetworks_armnn.te | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te
index 120510fd..04941460 100644
--- a/tracking_denials/hal_neuralnetworks_armnn.te
+++ b/tracking_denials/hal_neuralnetworks_armnn.te
@@ -1,5 +1,3 @@
 # b/180550063
 dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
 dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };
-# b/190563897
-dontaudit hal_neuralnetworks_armnn default_prop:file read;