Allowed EdgeTPU service to read system properties related to vendor.

The EdgeTPU service will read properties including
"vendor.edgetpu.service.allow_unlisted_app". This change added the
related SELinux rule for it.

Bug: 182209462
Test: tested on local Oriole + GCA
Change-Id: I8e7f7975bf144593d00a305554d75a5e0200a428

whitechapel/vendor/google/edgetpu_service.te

@@ -38,3 +38,6 @@ allow edgetpu_server hal_camera_default:fd use;
 # Allow EdgeTPU service to read the kernel version.
 # This is done inside the InitGoogle.
 allow edgetpu_server proc_version:file r_file_perms;
+
+# Allow EdgeTPU service to read EdgeTPU service related system properties.
+get_prop(edgetpu_server, vendor_edgetpu_service_prop);

whitechapel/vendor/google/property.te

@@ -26,6 +26,10 @@ vendor_internal_prop(vendor_camera_debug_prop)
 vendor_internal_prop(vendor_camera_fatp_prop)
 vendor_internal_prop(vendor_gps_prop)
 
+# EdgeTPU service requires system public properties
+# since it lives under /system_ext/.
+system_public_prop(vendor_edgetpu_service_prop)
+
 # Battery defender
 vendor_internal_prop(vendor_battery_defender_prop)
 

whitechapel/vendor/google/property_contexts

@@ -80,6 +80,9 @@ vendor.camera.fatp.                  u:object_r:vendor_camera_fatp_prop:s0
 # for gps
 vendor.gps                   u:object_r:vendor_gps_prop:s0
 
+# for EdgeTPU
+vendor.edgetpu.service.                         u:object_r:vendor_edgetpu_service_prop:s0
+
 # SecureElement
 persist.vendor.se.                              u:object_r:vendor_secure_element_prop:s0
 

whitechapel/vendor/google/vendor_init.te

@@ -8,6 +8,7 @@ set_prop(vendor_init, vendor_ims_prop)
 set_prop(vendor_init, vendor_ssrdump_prop)
 set_prop(vendor_init, vendor_ro_config_default_prop)
 get_prop(vendor_init, vendor_touchpanel_prop)
+set_prop(vendor_init, vendor_edgetpu_service_prop)
 
 allow vendor_init proc_dirty:file w_file_perms;
 allow vendor_init proc_sched:file write;