Merge "Allowed EdgeTPU service and the EdgeTPU NNAPI hal to read /proc/version." into sc-dev am: f9668d2b94

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14035811 Change-Id: Iec2f2d735c6c44e655ef15a0a660a7189e368422
2021-03-31 15:04:44 +00:00 · 2021-03-31 15:04:44 +00:00 · 62e7f60757
commit 62e7f60757
parent 5157e0dc04 f9668d2b94
2 changed files with 8 additions and 0 deletions
--- a/whitechapel/vendor/google/edgetpu_service.te
+++ b/whitechapel/vendor/google/edgetpu_service.te
@ -34,3 +34,7 @@ binder_call(edgetpu_server, system_server);
 # Allow EdgeTPU service to access Android shared memory allocated
 # by the camera hal for on-device compilation.
 allow edgetpu_server hal_camera_default:fd use;
+
+# Allow EdgeTPU service to read the kernel version.
+# This is done inside the InitGoogle.
+allow edgetpu_server proc_version:file r_file_perms;
--- a/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
+++ b/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
@ -18,3 +18,7 @@ allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir
 # add_hwservice() is granted by hal_server_domain + hal_neuralnetworks.te
 hwbinder_use(hal_neuralnetworks_darwinn)
 get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop)
+
+# Allow TPU HAL to read the kernel version.
+# This is done inside the InitGoogle.
+allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;