From f0dc7907b0dc935810ff5d0dea1ad1f0cdd74267 Mon Sep 17 00:00:00 2001 From: feiyuchen Date: Fri, 24 Mar 2023 07:25:10 +0000 Subject: [PATCH] Allow camera HAL to access edgetpu_app_service Today the EdgeTpu metrics logging library (used by EdgeTpu library used by camera HAL) has a dependency on edgetpu_app_service, in order to call its UserIsAuthorized API to know whether to log the metrics (We don't want to log metrics for 3P apps), see b/275016466. This is not ideal, because strictly speaking, camera HAL doesn't need such dependency. Still, this is fine and there is no security risk, because today even untrusted apps can call edgetpu_app_service: http://cs/android-internal/device/google/gs-common/edgetpu/sepolicy/untrusted_app_all.te;l=2;rcl=f4b62d12c171d4e294d8251e34197ab555c40673 Bug: 266084950 Test: Just mm Change-Id: I6c0e4411370e4b300b9ceb3ad804688d873371cd --- vendor/hal_camera_default.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te index 7acd698e..666ad738 100644 --- a/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -14,6 +14,10 @@ allow hal_camera_default lwis_device:chr_file rw_file_perms; allow hal_camera_default edgetpu_device:chr_file rw_file_perms; allow hal_camera_default edgetpu_vendor_service:service_manager find; binder_call(hal_camera_default, edgetpu_vendor_server) +# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging +# library has a dependency on edgetpu_app_service, see b/275016466. +allow hal_camera_default edgetpu_app_service:service_manager find; +binder_call(hal_camera_default, edgetpu_app_server) # Allow access to data files used by the camera HAL allow hal_camera_default mnt_vendor_file:dir search;