Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allowed Camera hal to access EdgeTPU service for on-device compilation.

Browse source 
Camera hal DarwiNN pipelines are switching to use the on-device
compilation, which achieves by talking to the EdgeTPU service.
This change added the required selinux policies to allow accessing
the service, as well as allowing file descriptors to be shared
between them for passing the compilation info around.

Bug: 182423730
Bug: 182706078
Test: verified on Oriole running camera.
Change-Id: I5d3bc84fd54d4618f505f37d9773894261061d7f
This commit is contained in:
Yu-Chi Cheng 2021-03-16 11:53:12 -07:00
parent b70e0bebdd
commit 86aa156202
3 changed files with 11 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tracking_denials/edgetpu_server.te
View file

@ -1,9 +0,0 @@
# b/182706078
dontaudit edgetpu_server tmpfs:file { getattr };
dontaudit edgetpu_server tmpfs:file { getattr };
dontaudit edgetpu_server tmpfs:file { map };
dontaudit edgetpu_server tmpfs:file { read write };
dontaudit edgetpu_server hal_camera_default:fd { use };
dontaudit edgetpu_server hal_camera_default:fd { use };
dontaudit edgetpu_server tmpfs:file { read write };
dontaudit edgetpu_server tmpfs:file { map };

4
whitechapel/vendor/google/edgetpu_service.te vendored
View file

@ -30,3 +30,7 @@ allow edgetpu_server edgetpu_service_data_file:dir rw_dir_perms;
# Allow EdgeTPU service to access the Package Manager service.
allow edgetpu_server package_native_service:service_manager find;
binder_call(edgetpu_server, system_server);
# Allow EdgeTPU service to access Android shared memory allocated
# by the camera hal for on-device compilation.
allow edgetpu_server hal_camera_default:fd use;

7
whitechapel/vendor/google/hal_camera_default.te vendored
View file

@ -13,6 +13,13 @@ allow hal_camera_default sysfs_edgetpu:dir r_dir_perms;
allow hal_camera_default sysfs_edgetpu:file r_file_perms;
allow hal_camera_default sysfs_chip_id:file r_file_perms;
# Allow the camera hal to access the EdgeTPU service and the
# Android shared memory allocated by the EdgeTPU service for
# on-device compilation.
allow hal_camera_default edgetpu_server:fd use;
allow hal_camera_default edgetpu_service:service_manager find;
binder_call(hal_camera_default, edgetpu_server)
allow hal_camera_default mnt_vendor_file:dir search;
allow hal_camera_default persist_file:dir search;
allow hal_camera_default persist_camera_file:dir search;