From 4585613637a85e1c4e71241673a394703af96a04 Mon Sep 17 00:00:00 2001
From: qinyiyan <qinyiyan@google.com>
Date: Wed, 14 Apr 2021 20:54:12 -0700
Subject: [PATCH] Update sepolicy for the egetpu_logging service to access the
 sysfs.

Test: make selinux_policy -j128 and pushed sepolicy modules to the
device. The avc denials are gone.
Bug:185448476

Change-Id: Ibff482b64a6cdbc5a7967bb8cc4281c8bd0b5b98
---
 whitechapel/vendor/google/edgetpu_logging.te | 4 ++++
 whitechapel/vendor/google/genfs_contexts     | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/whitechapel/vendor/google/edgetpu_logging.te b/whitechapel/vendor/google/edgetpu_logging.te
index 021338f4..ab67126f 100644
--- a/whitechapel/vendor/google/edgetpu_logging.te
+++ b/whitechapel/vendor/google/edgetpu_logging.te
@@ -4,3 +4,7 @@ init_daemon_domain(edgetpu_logging)
 
 # The logging service accesses /dev/abrolhos
 allow edgetpu_logging edgetpu_device:chr_file rw_file_perms;
+
+# Allows the logging service to access /sys/class/edgetpu
+allow edgetpu_logging sysfs_edgetpu:dir search;
+allow edgetpu_logging sysfs_edgetpu:file r_file_perms;
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 7d154e67..ba6bd0e2 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -96,7 +96,8 @@ genfscon proc  /fts_ext/driver_test
 genfscon sysfs /devices/virtual/sec/tsp                                         u:object_r:sysfs_touch:s0
 
 # EdgeTPU
-genfscon sysfs /class/edgetpu                                                   u:object_r:sysfs_edgetpu:s0
+genfscon sysfs /devices/platform/1ce00000.abrolhos                              u:object_r:sysfs_edgetpu:s0
+genfscon sysfs /devices/platform/abrolhos                                       u:object_r:sysfs_edgetpu:s0
 
 # Vendor sched files
 genfscon sysfs /kernel/vendor_sched/clear_prefer_high_cap                      u:object_r:sysfs_vendor_sched:s0