From a66855541904bbeaafcfc9170e048a584174e489 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Apr 2023 13:49:34 +0000 Subject: [PATCH 1/3] Add ArmNN config sysprops SELinux rules Bug: 205202540 Bug: 264489188 Test: manual - reboot device and check the absence of AVC denials (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0f99f3e63450befc661d38827e9afc853ca9257a) Merged-In: I70c89dcc4b2bbe665d69cc4be1ac2f6cf8155a10 Change-Id: I70c89dcc4b2bbe665d69cc4be1ac2f6cf8155a10 --- whitechapel/vendor/google/property.te | 3 +++ whitechapel/vendor/google/property_contexts | 3 +++ whitechapel/vendor/google/vendor_init.te | 2 ++ 3 files changed, 8 insertions(+) diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index 934e13a9..34f17a70 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -57,3 +57,6 @@ vendor_internal_prop(vendor_trusty_storage_prop) # Mali Integration vendor_restricted_prop(vendor_arm_runtime_option_prop) + +# ArmNN configuration +vendor_internal_prop(vendor_armnn_config_prop) diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index 4c01239d..17e9af59 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -101,3 +101,6 @@ ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix + +# ArmNN configuration +ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te index 928bc021..1707ef8b 100644 --- a/whitechapel/vendor/google/vendor_init.te +++ b/whitechapel/vendor/google/vendor_init.te @@ -45,3 +45,5 @@ get_prop(vendor_init, vendor_trusty_storage_prop) # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) +# ArmNN +set_prop(vendor_init, vendor_armnn_config_prop) From b4001ec206a8318ce1e4aa95811f6a8a836db384 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Apr 2023 10:38:27 +0000 Subject: [PATCH 2/3] Remove 'hal_neuralnetworks_armnn' sysprop exceptions Bug: 205202540 Bug: 264489188 Test: manual - reboot device and check the absence of AVC denials (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e4254a16aa516f5960f48732b078aad4ed63df6f) Merged-In: Ied38dc6b323911aa909f4f42b66ee404fc7062fa Change-Id: Ied38dc6b323911aa909f4f42b66ee404fc7062fa --- tracking_denials/hal_neuralnetworks_armnn.te | 2 -- 1 file changed, 2 deletions(-) diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te index 120510fd..04941460 100644 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ b/tracking_denials/hal_neuralnetworks_armnn.te @@ -1,5 +1,3 @@ # b/180550063 dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; -# b/190563897 -dontaudit hal_neuralnetworks_armnn default_prop:file read; From 9702cb57f20ed964d6cecf3f4b2396d1c2caa06d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 6 Apr 2023 15:20:15 +0000 Subject: [PATCH 3/3] Remove 'hal_neuralnetworks_armnn' '/data' access exception The mali driver has been configured not to look there anymore. Bug: 205779871 Bug: 264489188 Test: manual - reboot device and check the absence of AVC denials (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:347dfbe925e2218189d82d37697540af25401a22) Merged-In: Ic8bf0d51414461689ee5768821a2a1acda923c41 Change-Id: Ic8bf0d51414461689ee5768821a2a1acda923c41 --- tracking_denials/hal_neuralnetworks_armnn.te | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 tracking_denials/hal_neuralnetworks_armnn.te diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te deleted file mode 100644 index 04941460..00000000 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/180550063 -dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; -dontaudit hal_neuralnetworks_armnn system_data_file:dir { search };