From 5675757d41bfcdfd84ad4e4cee4ea1f0938d4b05 Mon Sep 17 00:00:00 2001
From: Richard Hsu <hsuy@google.com>
Date: Sat, 7 May 2022 21:37:28 -0700
Subject: [PATCH] [SELinux] Allow NNAPI HAL to log traces to perfetto under
 userdebug builds

Allows DarwiNN NNAPI HAL to log traces to perfetto only under userdebug builds. This is similar to the camera HAL fix in ag/17080874

Error message:
TracingMuxer: type=1400 audit(0.0:486): avc: denied { write } for name="traced_producer" dev="tmpfs" ino=1116 scontext=u:r:hal_neuralnetworks_darwinn:s0

This rule is common for EdgeTPU in both WHI and PRO.

Bug: 231838536

Test: tested on PRO before and after the change, and the traces now shows up.

Example: https://ui.perfetto.dev/#!/?s=ab911b3972bc16a1a831e148a7446c09757a08426bbe3c3b16d31a728b1d923
https://screenshot.googleplex.com/3roWETkTFyiDjW9

Change-Id: I8d4a57e262087aa4ec6670a487d7b06d2f2cde69
---
 edgetpu/hal_neuralnetworks_darwinn.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/edgetpu/hal_neuralnetworks_darwinn.te b/edgetpu/hal_neuralnetworks_darwinn.te
index 18960713..f301a729 100644
--- a/edgetpu/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/hal_neuralnetworks_darwinn.te
@@ -47,3 +47,7 @@ allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms;
 # Allows the NNAPI HAL to access the edgetpu_app_service
 allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find;
 binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server);
+
+# Allow NNAPI HAL to send trace packets to Perfetto with SELinux enabled
+# under userdebug builds.
+userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)')