From e95f5edafeff8816f386eb7ac83ecbc4a8c61b2b Mon Sep 17 00:00:00 2001 From: Nishok Kumar S Date: Thu, 24 Feb 2022 17:20:52 +0000 Subject: [PATCH] Allow camera HAL and GCA to access Aurora GXP device. The camera HAL and Google Camera App need selinux permission to run workloads on Aurora DSP. This change adds the selinux rules too allow these clients to access the GXP device and load firmware onto DSP cores in order to execute workloads on DSP. Bug: 220086991 Test: Verified that the camera HAL service and GCA app is able to access the GXP device and load GXP firmware. Change-Id: I1bd327cfbe5b37c88154acda54bf6c396e939289 --- whitechapel_pro/device.te | 1 + whitechapel_pro/file_contexts | 3 +++ whitechapel_pro/google_camera_app.te | 6 ++++++ whitechapel_pro/hal_camera_default.te | 3 +++ 4 files changed, 13 insertions(+) diff --git a/whitechapel_pro/device.te b/whitechapel_pro/device.te index a5fc57c6..d327aa60 100644 --- a/whitechapel_pro/device.te +++ b/whitechapel_pro/device.te @@ -12,6 +12,7 @@ type lwis_device, dev_type; type logbuffer_device, dev_type; type rls_device, dev_type; type fingerprint_device, dev_type; +type gxp_device, dev_type, mlstrustedobject; type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; type faceauth_heap_device, dmabuf_heap_device_type, dev_type; type vframe_heap_device, dmabuf_heap_device_type, dev_type; diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index b30cee19..5ad46436 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -43,6 +43,7 @@ # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 /vendor/firmware/mali_csffw\.bin u:object_r:same_process_hal_file:s0 +/vendor/firmware/gxp_fw_core[0-3] u:object_r:same_process_hal_file:s0 # Vendor libraries /vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0 @@ -56,6 +57,7 @@ /vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libprotobuf-cpp-lite-3\.9\.1\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 # Graphics /vendor/lib(64)?/hw/gralloc\.gs201\.so u:object_r:same_process_hal_file:s0 @@ -133,6 +135,7 @@ /dev/dri/card0 u:object_r:graphics_device:s0 /dev/fimg2d u:object_r:graphics_device:s0 /dev/g2d u:object_r:graphics_device:s0 +/dev/gxp u:object_r:gxp_device:s0 /dev/dit2 u:object_r:vendor_toe_device:s0 /dev/trusty-ipc-dev0 u:object_r:tee_device:s0 /dev/sg1 u:object_r:sg_device:s0 diff --git a/whitechapel_pro/google_camera_app.te b/whitechapel_pro/google_camera_app.te index 43ea14e3..ad097810 100644 --- a/whitechapel_pro/google_camera_app.te +++ b/whitechapel_pro/google_camera_app.te @@ -7,3 +7,9 @@ allow google_camera_app cameraserver_service:service_manager find; allow google_camera_app mediaextractor_service:service_manager find; allow google_camera_app mediametrics_service:service_manager find; allow google_camera_app mediaserver_service:service_manager find; + +# Allows camera app to access the GXP device. +allow google_camera_app gxp_device:chr_file rw_file_perms; + +# Allows camera app to search for GXP firmware file. +allow google_camera_app vendor_fw_file:dir search; diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te index f604875f..779157ca 100644 --- a/whitechapel_pro/hal_camera_default.te +++ b/whitechapel_pro/hal_camera_default.te @@ -24,6 +24,9 @@ allow hal_camera_default sysfs_edgetpu:file r_file_perms; allow hal_camera_default edgetpu_vendor_service:service_manager find; binder_call(hal_camera_default, edgetpu_vendor_server) +# Allow the camera hal to access the GXP device. +allow hal_camera_default gxp_device:chr_file rw_file_perms; + # Allow access to data files used by the camera HAL allow hal_camera_default mnt_vendor_file:dir search; allow hal_camera_default persist_file:dir search;