From af16ce519de0f2d34567332ca2b5d7a063b91750 Mon Sep 17 00:00:00 2001
From: qinyiyan <qinyiyan@google.com>
Date: Thu, 5 Oct 2023 12:17:41 -0700
Subject: [PATCH] Allow hal_neuralnetworks_darwinn and dba service to read DMA
 buf.

AVC denials seen:
avc:  denied  { read } for  name="system" dev="tmpfs" ino=592 scontext=u:r:hal_neuralnetworks_darwinn:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0

bug: 303526151
Test: forrest build
Change-Id: I42e714908df163df6a328f451202a93fc11caeee
---
 edgetpu/sepolicy/edgetpu_dba_service.te        | 4 ++++
 edgetpu/sepolicy/hal_neuralnetworks_darwinn.te | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/edgetpu/sepolicy/edgetpu_dba_service.te b/edgetpu/sepolicy/edgetpu_dba_service.te
index da210da..fd1822b 100644
--- a/edgetpu/sepolicy/edgetpu_dba_service.te
+++ b/edgetpu/sepolicy/edgetpu_dba_service.te
@@ -47,3 +47,7 @@ get_prop(edgetpu_dba_server, vendor_tflite_delegate_prop)
 get_prop(edgetpu_dba_server, vendor_hetero_runtime_prop)
 # Allow EdgeTPU DBA service to read EdgeTPU CPU scheduler properties
 get_prop(edgetpu_dba_server, vendor_edgetpu_cpu_scheduler_prop)
+
+# Allow DMA Buf access.
+allow edgetpu_dba_server dmabuf_system_heap_device:chr_file r_file_perms;
+
diff --git a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
index f867528..63a3a17 100644
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@@ -56,3 +56,7 @@ userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)')
 get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop)
 # Allow NNAPI HAL to read hetero runtime properties
 get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop)
+
+# Allow DMA Buf access.
+allow hal_neuralnetworks_darwinn dmabuf_system_heap_device:chr_file r_file_perms;
+