From 9eeae92ade6f6cfc0d67846ad1a26bd6f91f6049 Mon Sep 17 00:00:00 2001
From: qinyiyan <qinyiyan@google.com>
Date: Tue, 4 May 2021 17:08:56 -0700
Subject: [PATCH] [SEPolicy] Allow EdgeTPU related service to log to stats
 service

We are collecting Suez metrics from TPU related services. This includes
NNAPI HAL, edgetput logging service, and edgetpu service.

This change allows them all to find stats_service.

Bug: 151063663
Test: Pushed selinx module to device and successfully logged Stats
service.

Change-Id: I80774485ae7c2a5f994d48a71b6406fac753a9f8
---
 whitechapel/vendor/google/edgetpu_logging.te            | 5 +++++
 whitechapel/vendor/google/edgetpu_service.te            | 3 +++
 whitechapel/vendor/google/hal_neuralnetworks_darwinn.te | 5 +++++
 3 files changed, 13 insertions(+)

diff --git a/whitechapel/vendor/google/edgetpu_logging.te b/whitechapel/vendor/google/edgetpu_logging.te
index ab67126f..5954fdd4 100644
--- a/whitechapel/vendor/google/edgetpu_logging.te
+++ b/whitechapel/vendor/google/edgetpu_logging.te
@@ -8,3 +8,8 @@ allow edgetpu_logging edgetpu_device:chr_file rw_file_perms;
 # Allows the logging service to access /sys/class/edgetpu
 allow edgetpu_logging sysfs_edgetpu:dir search;
 allow edgetpu_logging sysfs_edgetpu:file r_file_perms;
+
+# Allow TPU logging service to log to stats service. (metrics)
+allow edgetpu_logging fwk_stats_service:service_manager find;
+binder_call(edgetpu_logging, system_server);
+binder_use(edgetpu_logging)
diff --git a/whitechapel/vendor/google/edgetpu_service.te b/whitechapel/vendor/google/edgetpu_service.te
index 28b364e2..a90d3fd9 100644
--- a/whitechapel/vendor/google/edgetpu_service.te
+++ b/whitechapel/vendor/google/edgetpu_service.te
@@ -36,3 +36,6 @@ perfetto_producer(edgetpu_server);
 # Allow EdgeTPU service to connect to the EdgeTPU vendor version of the service.
 allow edgetpu_server edgetpu_vendor_service:service_manager find;
 binder_call(edgetpu_server, edgetpu_vendor_server);
+
+# Allow EdgeTPU service to log to stats service. (metrics)
+allow edgetpu_server fwk_stats_service:service_manager find;
diff --git a/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te b/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
index d2b8fa3c..5bfbd02a 100644
--- a/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
+++ b/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
@@ -25,3 +25,8 @@ get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop)
 # Allow TPU HAL to read the kernel version.
 # This is done inside the InitGoogle.
 allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;
+
+# Allow TPU NNAPI HAL to log to stats service. (metrics)
+allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find;
+binder_call(hal_neuralnetworks_darwinn, system_server);
+binder_use(hal_neuralnetworks_darwinn)