Merge "Add the TPU AIDL NNAPI HAL to the sepolicy." into sc-dev am: d2558a05b3

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14506028 Change-Id: I45981dd19e54cae6d96b6cde5ab33a81d81d222f
2021-05-14 20:44:45 +00:00 · 2021-05-14 20:44:45 +00:00 · 73b67b2d9f
commit 73b67b2d9f
parent d081badaa2 d2558a05b3
5 changed files with 11 additions and 0 deletions
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@ -342,6 +342,7 @@
 # NeuralNetworks file contexts
 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-armnn   u:object_r:hal_neuralnetworks_armnn_exec:s0
 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-darwinn u:object_r:hal_neuralnetworks_darwinn_exec:s0
 /vendor/bin/hw/android\.hardware\.neuralnetworks@service-darwinn-aidl u:object_r:hal_neuralnetworks_darwinn_exec:s0
 # GRIL
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                 u:object_r:hal_radioext_default_exec:s0
--- a/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
+++ b/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
@ -30,3 +30,6 @@ allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;
 allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find;
 binder_call(hal_neuralnetworks_darwinn, system_server);
 binder_use(hal_neuralnetworks_darwinn)
 # TPU NNAPI to register the service to service_manager.
 add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service);
--- a/whitechapel/vendor/google/priv_app.te
+++ b/whitechapel/vendor/google/priv_app.te
@ -1,6 +1,9 @@
 # Allows privileged applications to discover the EdgeTPU service.
 allow priv_app edgetpu_service:service_manager find;
 # Allows privileged applications to discover the NNAPI TPU service.
 allow priv_app edgetpu_nnapi_service:service_manager find;
 # Allows privileged applications to access the EdgeTPU device, except open,
 # which is guarded by the EdgeTPU service.
 allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };
--- a/whitechapel/vendor/google/service.te
+++ b/whitechapel/vendor/google/service.te
@ -3,3 +3,4 @@ type uwb_vendor_service, service_manager_type, vendor_service;
 type touch_context_service, service_manager_type, vendor_service;
 type hal_uwb_service, service_manager_type, vendor_service;
 type edgetpu_vendor_service, service_manager_type, vendor_service;
 type edgetpu_nnapi_service, app_api_service, service_manager_type, vendor_service;
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@ -2,6 +2,9 @@
 com.google.edgetpu.IEdgeTpuService/default                 u:object_r:edgetpu_service:s0
 com.google.edgetpu.IEdgeTpuVendorService/default           u:object_r:edgetpu_vendor_service:s0
 # TPU NNAPI Service
 android.hardware.neuralnetworks.IDevice/google-edgetpu	   u:object_r:edgetpu_nnapi_service:s0
 com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_display_service:s0
 com.google.input.ITouchContextService/default              u:object_r:touch_context_service:s0
 uwb_vendor                                                 u:object_r:uwb_vendor_service:s0