From 47c4e6c965a04a8c1d49cee49d9325da344bc0a7 Mon Sep 17 00:00:00 2001 From: "Hyunki00.koo" Date: Thu, 30 Jun 2022 19:10:42 -0700 Subject: [PATCH] edgetpu/file_contexts Signed-off-by: Hyunki00.koo Change-Id: I6dfa880a0d4ceb80a54de24e3817b6c880fea7ba --- edgetpu/file_contexts | 2 - edgetpu/genfs_contexts | 2 - edgetpu/google_camera_app.te | 3 - tracking_denials/google_camera_app.te | 4 - tracking_denials/hal_neuralnetworks_armnn.te | 8 -- whitechapel_pro/hal_camera_default.te | 93 -------------------- whitechapel_pro/hal_power_stats_default.te | 1 - 7 files changed, 113 deletions(-) delete mode 100644 edgetpu/file_contexts delete mode 100644 edgetpu/genfs_contexts delete mode 100644 edgetpu/google_camera_app.te delete mode 100644 tracking_denials/hal_neuralnetworks_armnn.te delete mode 100644 whitechapel_pro/hal_camera_default.te diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts deleted file mode 100644 index 7b5d25ab..00000000 --- a/edgetpu/file_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# EdgeTPU device (DarwiNN) -/dev/janeiro u:object_r:edgetpu_device:s0 diff --git a/edgetpu/genfs_contexts b/edgetpu/genfs_contexts deleted file mode 100644 index 78e7e959..00000000 --- a/edgetpu/genfs_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# EdgeTPU -genfscon sysfs /devices/platform/1ce00000.janeiro u:object_r:sysfs_edgetpu:s0 diff --git a/edgetpu/google_camera_app.te b/edgetpu/google_camera_app.te deleted file mode 100644 index a0ad7316..00000000 --- a/edgetpu/google_camera_app.te +++ /dev/null @@ -1,3 +0,0 @@ -# Allows GCA to find and access the EdgeTPU. -allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te index 72796c22..7174d568 100644 --- a/tracking_denials/google_camera_app.te +++ b/tracking_denials/google_camera_app.te @@ -1,8 +1,4 @@ # b/209889068 -dontaudit google_camera_app edgetpu_app_service:service_manager { find }; -dontaudit google_camera_app edgetpu_device:chr_file { ioctl }; -dontaudit google_camera_app edgetpu_device:chr_file { map }; -dontaudit google_camera_app edgetpu_device:chr_file { read write }; dontaudit google_camera_app vendor_default_prop:file { getattr }; dontaudit google_camera_app vendor_default_prop:file { map }; dontaudit google_camera_app vendor_default_prop:file { open }; diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te deleted file mode 100644 index b58f29fe..00000000 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ /dev/null @@ -1,8 +0,0 @@ -# b/205073167 -dontaudit hal_neuralnetworks_armnn default_prop:file { open }; -dontaudit hal_neuralnetworks_armnn default_prop:file { read }; -# b/205202540 -dontaudit hal_neuralnetworks_armnn default_prop:file { getattr }; -dontaudit hal_neuralnetworks_armnn default_prop:file { map }; -# b/205779871 -dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te deleted file mode 100644 index 92c629ed..00000000 --- a/whitechapel_pro/hal_camera_default.te +++ /dev/null @@ -1,93 +0,0 @@ -type hal_camera_default_tmpfs, file_type; - -allow hal_camera_default self:global_capability_class_set sys_nice; -allow hal_camera_default kernel:process setsched; - -binder_use(hal_camera_default); -vndbinder_use(hal_camera_default); - -allow hal_camera_default lwis_device:chr_file rw_file_perms; -allow hal_camera_default gpu_device:chr_file rw_file_perms; -allow hal_camera_default sysfs_chip_id:file r_file_perms; - -# Face authentication code that is part of the camera HAL needs to allocate -# dma_bufs and access the Trusted Execution Environment device node -allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms; -allow hal_camera_default tee_device:chr_file rw_file_perms; - -# Allow the camera hal to access the EdgeTPU service and the -# Android shared memory allocated by the EdgeTPU service for -# on-device compilation. -allow hal_camera_default edgetpu_device:chr_file rw_file_perms; -allow hal_camera_default sysfs_edgetpu:dir r_dir_perms; -allow hal_camera_default sysfs_edgetpu:file r_file_perms; -allow hal_camera_default edgetpu_vendor_service:service_manager find; -binder_call(hal_camera_default, edgetpu_vendor_server) - -# Allow the camera hal to access the GXP device. -allow hal_camera_default gxp_device:chr_file rw_file_perms; - -# Allow access to data files used by the camera HAL -allow hal_camera_default mnt_vendor_file:dir search; -allow hal_camera_default persist_file:dir search; -allow hal_camera_default persist_camera_file:dir rw_dir_perms; -allow hal_camera_default persist_camera_file:file create_file_perms; -allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; -allow hal_camera_default vendor_camera_data_file:file create_file_perms; - -# Allow creating dump files for debugging in non-release builds -userdebug_or_eng(` - allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; - allow hal_camera_default vendor_camera_data_file:file create_file_perms; -') - -# tmpfs is used by google3 prebuilts linked by the HAL to unpack data files -# compiled into the shared libraries with cc_embed_data rules -tmpfs_domain(hal_camera_default); - -# Allow access to camera-related system properties -set_prop(hal_camera_default, vendor_camera_prop); -set_prop(hal_camera_default, log_tag_prop); -get_prop(hal_camera_default, vendor_camera_debug_prop); -userdebug_or_eng(` - set_prop(hal_camera_default, vendor_camera_fatp_prop); - set_prop(hal_camera_default, vendor_camera_debug_prop); -') - -# For camera hal to talk with rlsservice -allow hal_camera_default rls_service:service_manager find; -binder_call(hal_camera_default, rlsservice) - -hal_client_domain(hal_camera_default, hal_graphics_allocator); -hal_client_domain(hal_camera_default, hal_graphics_composer) -hal_client_domain(hal_camera_default, hal_power); -hal_client_domain(hal_camera_default, hal_thermal); - -# Allow access to sensor service for sensor_listener -binder_call(hal_camera_default, system_server); - -# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering -allow hal_camera_default eco_service:service_manager find; -binder_call(hal_camera_default, mediacodec); -binder_call(hal_camera_default, mediacodec_samsung); - -# Allow camera HAL to query preferred camera frequencies from the radio HAL -# extensions to avoid interference with cellular antennas. -allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; -binder_call(hal_camera_default, hal_radioext_default); - -# Allow camera HAL to connect to the stats service. -allow hal_camera_default fwk_stats_service:service_manager find; - -# For observing apex file changes -allow hal_camera_default apex_info_file:file r_file_perms; - -# Allow camera HAL to query current device clock frequencies. -allow hal_camera_default sysfs_devfreq_cur:file r_file_perms; - -# Allow camera HAL to read backlight of display -allow hal_camera_default sysfs_leds:dir r_dir_perms; -allow hal_camera_default sysfs_leds:file r_file_perms; - -# Allow camera HAL to send trace packets to Perfetto -userdebug_or_eng(`perfetto_producer(hal_camera_default)') diff --git a/whitechapel_pro/hal_power_stats_default.te b/whitechapel_pro/hal_power_stats_default.te index 4160fcda..501ef328 100644 --- a/whitechapel_pro/hal_power_stats_default.te +++ b/whitechapel_pro/hal_power_stats_default.te @@ -5,7 +5,6 @@ r_dir_file(hal_power_stats_default, sysfs_aoc) r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate) r_dir_file(hal_power_stats_default, sysfs_acpm_stats) r_dir_file(hal_power_stats_default, sysfs_cpu) -r_dir_file(hal_power_stats_default, sysfs_edgetpu) r_dir_file(hal_power_stats_default, sysfs_iio_devices) r_dir_file(hal_power_stats_default, sysfs_leds) r_dir_file(hal_power_stats_default, sysfs_odpm)