device_google_gs101/edgetpu/hal_neuralnetworks_darwinn.te

type hal_neuralnetworks_darwinn, domain;
hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks)

type hal_neuralnetworks_darwinn_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_neuralnetworks_darwinn)

# The TPU HAL looks for TPU instance in /dev/abrolhos
allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms;

# Allow DawriNN service to use a client-provided fd residing in /vendor/etc/.
allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms;

# Allow DarwiNN service to access data files.
allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:file create_file_perms;
allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir_perms;

# Allow DarwiNN service to access unix sockets for IPC.
allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:sock_file { create unlink rw_file_perms };

# Register to hwbinder service.
# add_hwservice() is granted by hal_server_domain + hal_neuralnetworks.te
hwbinder_use(hal_neuralnetworks_darwinn)
get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop)

# Allow TPU HAL to read the kernel version.
# This is done inside the InitGoogle.
allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;

# Allow TPU NNAPI HAL to log to stats service. (metrics)
allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find;
binder_call(hal_neuralnetworks_darwinn, system_server);
binder_use(hal_neuralnetworks_darwinn)

# Allow TPU NNAPI HAL to request power hints from the Power Service
hal_client_domain(hal_neuralnetworks_darwinn, hal_power)

# TPU NNAPI to register the service to service_manager.
add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service);

# Allow TPU NNAPI HAL to read the overcommit_memory info.
allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms;

# Allows the logging service to access /sys/class/edgetpu
allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms;
allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms;

# Allows the NNAPI HAL to access the edgetpu_app_service
allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find;
binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server);

# Allow NNAPI HAL to send trace packets to Perfetto with SELinux enabled
# under userdebug builds.
userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)')