Allow camera HAL and GCA to access Aurora GXP device.
The camera HAL and Google Camera App need selinux permission to run workloads on Aurora DSP. This change adds the selinux rules too allow these clients to access the GXP device and load firmware onto DSP cores in order to execute workloads on DSP. Bug: 220086991 Test: Verified that the camera HAL service and GCA app is able to access the GXP device and load GXP firmware. Change-Id: I1bd327cfbe5b37c88154acda54bf6c396e939289
This commit is contained in:
Nishok Kumar S
parent
129ef29bc8
commit
e95f5edafe
4 changed files with 13 additions and 0 deletions
|
|
@ -12,6 +12,7 @@ type lwis_device, dev_type;
|
|||
type logbuffer_device, dev_type;
|
||||
type rls_device, dev_type;
|
||||
type fingerprint_device, dev_type;
|
||||
type gxp_device, dev_type, mlstrustedobject;
|
||||
type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type;
|
||||
type faceauth_heap_device, dmabuf_heap_device_type, dev_type;
|
||||
type vframe_heap_device, dmabuf_heap_device_type, dev_type;
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@
|
|||
# Vendor Firmwares
|
||||
/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0
|
||||
/vendor/firmware/mali_csffw\.bin u:object_r:same_process_hal_file:s0
|
||||
/vendor/firmware/gxp_fw_core[0-3] u:object_r:same_process_hal_file:s0
|
||||
|
||||
# Vendor libraries
|
||||
/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0
|
||||
|
|
@ -56,6 +57,7 @@
|
|||
/vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libprotobuf-cpp-lite-3\.9\.1\.so u:object_r:same_process_hal_file:s0
|
||||
/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0
|
||||
|
||||
# Graphics
|
||||
/vendor/lib(64)?/hw/gralloc\.gs201\.so u:object_r:same_process_hal_file:s0
|
||||
|
|
@ -133,6 +135,7 @@
|
|||
/dev/dri/card0 u:object_r:graphics_device:s0
|
||||
/dev/fimg2d u:object_r:graphics_device:s0
|
||||
/dev/g2d u:object_r:graphics_device:s0
|
||||
/dev/gxp u:object_r:gxp_device:s0
|
||||
/dev/dit2 u:object_r:vendor_toe_device:s0
|
||||
/dev/trusty-ipc-dev0 u:object_r:tee_device:s0
|
||||
/dev/sg1 u:object_r:sg_device:s0
|
||||
|
|
|
|||
|
|
@ -7,3 +7,9 @@ allow google_camera_app cameraserver_service:service_manager find;
|
|||
allow google_camera_app mediaextractor_service:service_manager find;
|
||||
allow google_camera_app mediametrics_service:service_manager find;
|
||||
allow google_camera_app mediaserver_service:service_manager find;
|
||||
|
||||
# Allows camera app to access the GXP device.
|
||||
allow google_camera_app gxp_device:chr_file rw_file_perms;
|
||||
|
||||
# Allows camera app to search for GXP firmware file.
|
||||
allow google_camera_app vendor_fw_file:dir search;
|
||||
|
|
|
|||
|
|
@ -24,6 +24,9 @@ allow hal_camera_default sysfs_edgetpu:file r_file_perms;
|
|||
allow hal_camera_default edgetpu_vendor_service:service_manager find;
|
||||
binder_call(hal_camera_default, edgetpu_vendor_server)
|
||||
|
||||
# Allow the camera hal to access the GXP device.
|
||||
allow hal_camera_default gxp_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow access to data files used by the camera HAL
|
||||
allow hal_camera_default mnt_vendor_file:dir search;
|
||||
allow hal_camera_default persist_file:dir search;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue