Evolution-X-Tensor/device_google_zumapro
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Modem ML: Add sepolicy for TFLiteService

Browse source 
Add the sepolicy required to:
- Introduce modemml_tflite_service which runs on the system server.
- Allow modem_ml_svc_sit to access the new service.
- Allow system_server to access NNAPI TPU service.

Relevant logs before the sepolicy changes are made:

```
auditd  : avc:  denied  { find } for pid=1000 uid=1001 name=com.android.server.modemml.ITFLiteService/default scontext=u:r:modem_ml_svc_sit:s0 tcontext=u:object_r:modemml_tflite_service:s0 tclass=service_manager permissive=1
```

```
11-14 03:03:44.392  1064  1064 I auditd  : type=1400 audit(0.0:9): avc:  denied  { call } for  comm="modem_ml_svc_si" scontext=u:r:modem_ml_svc_sit:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
```

```
SELinux : avc:  denied  { find } for pid=1115 uid=1000 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:system_server:s0 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1
```

Bug: 307449478

Change-Id: I14c2aa02eca08a026d100af6eea11ac9ac9e4fc7
This commit is contained in:
Kah Xuan Lim 2023-11-13 12:34:35 +08:00
parent dc37b510fa
commit 6914e7a49b
4 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
vendor/service.te vendored
View file

@ -4,3 +4,4 @@ type hal_uwb_vendor_service, service_manager_type, hal_service_type;
# WLC
type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type;
type modemml_tflite_service, system_server_service, service_manager_type;

1
vendor/service_contexts vendored
View file

@ -3,3 +3,4 @@ com.google.hardware.pixel.display.IDisplay/default u:object_r:hal
vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0
hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0
android.hardware.media.c2.IComponentStore/default1 u:object_r:hal_codec2_service:s0
com.android.server.modemml.ITFLiteService/default u:object_r:modemml_tflite_service:s0

2
vendor/system_server.te vendored Normal file
View file

@ -0,0 +1,2 @@
# Allow modemml.TFLiteService in system server to access NNAPI TPU service
allow system_server edgetpu_nnapi_service:service_manager find;