Evolution-X-Tensor/device_google_zuma
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow camera HAL to access edgetpu_app_service

Browse source 
Today the EdgeTpu metrics logging library (used by EdgeTpu library used by camera HAL) has a dependency on edgetpu_app_service, in order to call its UserIsAuthorized API to know whether to log the metrics (We don't want to log metrics for 3P apps), see b/275016466.

This is not ideal, because strictly speaking, camera HAL doesn't need such dependency.

Still, this is fine and there is no security risk, because today even untrusted apps can call edgetpu_app_service: http://cs/android-internal/device/google/gs-common/edgetpu/sepolicy/untrusted_app_all.te;l=2;rcl=f4b62d12c171d4e294d8251e34197ab555c40673

Bug: 266084950
Test: Just mm
Change-Id: I6c0e4411370e4b300b9ceb3ad804688d873371cd
This commit is contained in:
feiyuchen 2023-03-24 07:25:10 +00:00 committed by Feiyu Chen
parent 3fae47e04b
commit f0dc7907b0
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
vendor/hal_camera_default.te vendored
View file

@ -14,6 +14,10 @@ allow hal_camera_default lwis_device:chr_file rw_file_perms;
allow hal_camera_default edgetpu_device:chr_file rw_file_perms;
allow hal_camera_default edgetpu_vendor_service:service_manager find;
binder_call(hal_camera_default, edgetpu_vendor_server)
# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging
# library has a dependency on edgetpu_app_service, see b/275016466.
allow hal_camera_default edgetpu_app_service:service_manager find;
binder_call(hal_camera_default, edgetpu_app_server)
# Allow access to data files used by the camera HAL
allow hal_camera_default mnt_vendor_file:dir search;