From 6e818988b6bc8d86f6f54f71232845d571617fb8 Mon Sep 17 00:00:00 2001
From: qinyiyan <qinyiyan@google.com>
Date: Tue, 12 Oct 2021 13:53:44 -0700
Subject: [PATCH] Allow the NNAPI HAL to access edgetpu_app_service.

10-12 14:40:11.528   759   759 W Binder:759_1: type=1400 audit(0.0:23): avc: denied { call } for scontext=u:r:hal_neuralnetworks_darwinn:s0 tcontext=u:r:edgetpu_app_server:s0 tclass=binder permissive=0

10-12 18:17:04.678   440   440 E SELinux : avc:  denied  { find } for pid=753 uid=1000 name=com.google.edgetpu.IEdgeTpuAppService/default scontext=u:r:hal_neuralnetworks_darwinn:s0 tcontext=u:object_r:edgetpu_app_service:s0 tclass=service_manager permissive=0

Test: rebuilt the selinux_policy. The AVC denials don't show up.
Bug: 196697793
Change-Id: If43f7411a3324f65323ea004e34878f070d9ebeb
---
 edgetpu/hal_neuralnetworks_darwinn.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/edgetpu/hal_neuralnetworks_darwinn.te b/edgetpu/hal_neuralnetworks_darwinn.te
index b45a7059..18960713 100644
--- a/edgetpu/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/hal_neuralnetworks_darwinn.te
@@ -43,3 +43,7 @@ allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms;
 # Allows the logging service to access /sys/class/edgetpu
 allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms;
 allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms;
+
+# Allows the NNAPI HAL to access the edgetpu_app_service
+allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find;
+binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server);