From b11f8d2103f4ec6678511f6fed06d6e7736b2221 Mon Sep 17 00:00:00 2001
From: qinyiyan <qinyiyan@google.com>
Date: Wed, 6 Jul 2022 12:06:58 -0700
Subject: [PATCH] Add edgetpu contexts and sepolicies.

bug: 236041918
Change-Id: Ie3d2833c3c297dad7304dca307778d2f6a155180
---
 edgetpu/debug_camera_app.te  | 5 +++++
 edgetpu/file_contexts        | 2 ++
 edgetpu/genfs_contexts       | 2 ++
 edgetpu/google_camera_app.te | 3 +++
 4 files changed, 12 insertions(+)
 create mode 100644 edgetpu/debug_camera_app.te
 create mode 100644 edgetpu/file_contexts
 create mode 100644 edgetpu/genfs_contexts
 create mode 100644 edgetpu/google_camera_app.te

diff --git a/edgetpu/debug_camera_app.te b/edgetpu/debug_camera_app.te
new file mode 100644
index 00000000..44382239
--- /dev/null
+++ b/edgetpu/debug_camera_app.te
@@ -0,0 +1,5 @@
+userdebug_or_eng(`
+	# Allows GCA-Eng to find and access the EdgeTPU.
+	allow debug_camera_app edgetpu_app_service:service_manager find;
+	allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map };
+')
\ No newline at end of file
diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts
new file mode 100644
index 00000000..ef141fdd
--- /dev/null
+++ b/edgetpu/file_contexts
@@ -0,0 +1,2 @@
+# EdgeTPU device (DarwiNN)
+/dev/edgetpu-soc                      u:object_r:edgetpu_device:s0
diff --git a/edgetpu/genfs_contexts b/edgetpu/genfs_contexts
new file mode 100644
index 00000000..8123a73c
--- /dev/null
+++ b/edgetpu/genfs_contexts
@@ -0,0 +1,2 @@
+# EdgeTPU
+genfscon sysfs /devices/platform/1ce00000.rio   u:object_r:sysfs_edgetpu:s0
diff --git a/edgetpu/google_camera_app.te b/edgetpu/google_camera_app.te
new file mode 100644
index 00000000..a0ad7316
--- /dev/null
+++ b/edgetpu/google_camera_app.te
@@ -0,0 +1,3 @@
+# Allows GCA to find and access the EdgeTPU.
+allow google_camera_app edgetpu_app_service:service_manager find;
+allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map };