6914e7a49b
Add the sepolicy required to:
- Introduce modemml_tflite_service which runs on the system server.
- Allow modem_ml_svc_sit to access the new service.
- Allow system_server to access NNAPI TPU service.
Relevant logs before the sepolicy changes are made:
```
auditd : avc: denied { find } for pid=1000 uid=1001 name=com.android.server.modemml.ITFLiteService/default scontext=u:r:modem_ml_svc_sit:s0 tcontext=u:object_r:modemml_tflite_service:s0 tclass=service_manager permissive=1
```
```
11-14 03:03:44.392 1064 1064 I auditd : type=1400 audit(0.0:9): avc: denied { call } for comm="modem_ml_svc_si" scontext=u:r:modem_ml_svc_sit:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1
```
```
SELinux : avc: denied { find } for pid=1115 uid=1000 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:system_server:s0 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1
```
Bug: 307449478
Change-Id: I14c2aa02eca08a026d100af6eea11ac9ac9e4fc7
6 lines
624 B
Text
6 lines
624 B
Text
vendor.qti.hardware.fingerprint.IQfpExtendedFingerprint/default u:object_r:hal_fingerprint_service:s0
|
|
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
|
|
vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0
|
|
hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0
|
|
android.hardware.media.c2.IComponentStore/default1 u:object_r:hal_codec2_service:s0
|
|
com.android.server.modemml.ITFLiteService/default u:object_r:modemml_tflite_service:s0
|