Allowed the EdgeTPU service to access Package Manager binder service.

EdgeTPU service will connect to the Package Manager service to verify applicatoin signatures. This change added the corresponding SELinux rules to allow such connection. Bug: 181821398 Test: Verified using Google Camera App on local device. Change-Id: Ia32b3de102c162e28710e0aa917831e8de784183
2021-03-08 16:02:14 -08:00 · 2021-03-08 16:02:14 -08:00 · d18a92b0ef
commit d18a92b0ef
parent cd3a13deaf
1 changed files with 4 additions and 0 deletions
--- a/whitechapel/vendor/google/edgetpu_service.te
+++ b/whitechapel/vendor/google/edgetpu_service.te
@ -26,3 +26,7 @@ neverallow appdomain edgetpu_device:chr_file { open };
 # Allow EdgeTPU service access to its data files.
 allow edgetpu_server edgetpu_service_data_file:file create_file_perms;
 allow edgetpu_server edgetpu_service_data_file:dir rw_dir_perms;
+
+# Allow EdgeTPU service to access the Package Manager service.
+allow edgetpu_server package_native_service:service_manager find;
+binder_call(edgetpu_server, system_server);