From 1b7a5a0078d63f2a874d13d65cb8e231d3ba16bd Mon Sep 17 00:00:00 2001 From: Dinesh Yadav Date: Fri, 6 Dec 2024 03:53:02 +0000 Subject: [PATCH] Allow tachyon service to make binder calls to GCA This permission is needed for tachyon service to call callbacks. AVC Error seen when tachyon tries accessing GCA: 12-02 11:40:03.212 6987 6987 W com.google.edge: type=1400 audit(0.0:17): avc: denied { call } for scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:google_camera_app:s0:c145,c256,c512,c768 tclass=binder permissive=0 12-03 07:12:26.424 4166 4166 W com.google.edge: type=1400 audit(0.0:254): avc: denied { call } for scontext=u:r:edgetpu_tachyon_server:s0 tcontext=u:r:debug_camera_app:s0:c67,c257,c512,c768 tclass=binder permissive=0 Bug: 381787911 Flag: EXEMPT updates device sepolicy only Change-Id: I5544fbc11cea0d98dfdeffd9d2871fc037d87c61 --- vendor/debug_camera_app.te | 4 ++++ vendor/google_camera_app.te | 3 +++ 2 files changed, 7 insertions(+) diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te index 86394cf5..6474cb11 100644 --- a/vendor/debug_camera_app.te +++ b/vendor/debug_camera_app.te @@ -1,3 +1,4 @@ +# File containing sepolicies for GCA-Eng & GCA-Next. userdebug_or_eng(` # Allows GCA-Eng & GCA-Next access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; @@ -9,4 +10,7 @@ userdebug_or_eng(` # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; + + # Allow tachyon_service to communicate with GCA-Eng via binder. + binder_call(edgetpu_tachyon_server, debug_camera_app); ') diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index c572c26e..05aff08a 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -8,3 +8,6 @@ allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map } # Allows GCA to access the hw_jpeg /dev/video12. allow google_camera_app hw_jpg_device:chr_file rw_file_perms; + +# Allow tachyon service to communicate with google_camera_app via binder. +binder_call(edgetpu_tachyon_server, google_camera_app);