From d18a92b0efa0c7bb1779d6ea374a6253c22c014c Mon Sep 17 00:00:00 2001
From: Yu-Chi Cheng <yuchicheng@google.com>
Date: Mon, 8 Mar 2021 16:02:14 -0800
Subject: [PATCH] Allowed the EdgeTPU service to access Package Manager binder
 service.

EdgeTPU service will connect to the Package Manager service
to verify applicatoin signatures.
This change added the corresponding SELinux rules to allow such
connection.

Bug: 181821398
Test: Verified using Google Camera App on local device.
Change-Id: Ia32b3de102c162e28710e0aa917831e8de784183
---
 whitechapel/vendor/google/edgetpu_service.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/whitechapel/vendor/google/edgetpu_service.te b/whitechapel/vendor/google/edgetpu_service.te
index 241a87eb..b6789cff 100644
--- a/whitechapel/vendor/google/edgetpu_service.te
+++ b/whitechapel/vendor/google/edgetpu_service.te
@@ -26,3 +26,7 @@ neverallow appdomain edgetpu_device:chr_file { open };
 # Allow EdgeTPU service access to its data files.
 allow edgetpu_server edgetpu_service_data_file:file create_file_perms;
 allow edgetpu_server edgetpu_service_data_file:dir rw_dir_perms;
+
+# Allow EdgeTPU service to access the Package Manager service.
+allow edgetpu_server package_native_service:service_manager find;
+binder_call(edgetpu_server, system_server);