From e7cffe4da5b0125fcaa2063fd43cc4681bda7ea9 Mon Sep 17 00:00:00 2001
From: Dinesh Yadav <dkyadav@google.com>
Date: Wed, 22 Nov 2023 13:03:29 +0000
Subject: [PATCH] Allow edgetpu_tachyon_service to access GXP device & Dmabuf.

As gxp stack will be using Tachyon service to process kernels on aurora
dsp, these permissions will be needed.

Bug: 279655948
Change-Id: I04c11575208d0ca1a3dda68db1367804c4d7596d
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
---
 edgetpu/sepolicy/edgetpu_tachyon_service.te | 3 +++
 gxp/sepolicy/edgetpu_tachyon_service.te     | 3 +++
 2 files changed, 6 insertions(+)
 create mode 100644 gxp/sepolicy/edgetpu_tachyon_service.te

diff --git a/edgetpu/sepolicy/edgetpu_tachyon_service.te b/edgetpu/sepolicy/edgetpu_tachyon_service.te
index 66a4667..5ead23b 100644
--- a/edgetpu/sepolicy/edgetpu_tachyon_service.te
+++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te
@@ -27,6 +27,9 @@ allow edgetpu_tachyon_server gpu_device:chr_file rw_file_perms;
 allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
 allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
 
+# Allow Tachyon service to access dmabuf sysytem.
+allow edgetpu_tachyon_server dmabuf_system_heap_device:chr_file r_file_perms;
+
 # Allow Tachyon service to read the overcommit_memory info.
 allow edgetpu_tachyon_server proc_overcommit_memory:file r_file_perms;
 
diff --git a/gxp/sepolicy/edgetpu_tachyon_service.te b/gxp/sepolicy/edgetpu_tachyon_service.te
new file mode 100644
index 0000000..35987dd
--- /dev/null
+++ b/gxp/sepolicy/edgetpu_tachyon_service.te
@@ -0,0 +1,3 @@
+# Allow Tachyon service to access the GXP device and read GXP properties.
+allow edgetpu_tachyon_server gxp_device:chr_file rw_file_perms;
+get_prop(edgetpu_tachyon_server, vendor_gxp_prop)