From 33274eb576f340cc715138b74a68a7b52b4ab239 Mon Sep 17 00:00:00 2001
From: qinyiyan <qinyiyan@google.com>
Date: Fri, 8 Sep 2023 13:43:44 -0700
Subject: [PATCH] Add tachyon service to the device.mk and sepolicy.

Bug: 299932913

Change-Id: Ifb8e55c07a9534ae49c96669c90357d04fb31f23
---
 edgetpu/edgetpu.mk                          |  4 ++
 edgetpu/sepolicy/edgetpu_tachyon_service.te | 46 +++++++++++++++++++++
 edgetpu/sepolicy/file_contexts              |  3 ++
 edgetpu/sepolicy/service.te                 |  1 +
 edgetpu/sepolicy/service_contexts           |  3 ++
 5 files changed, 57 insertions(+)
 create mode 100644 edgetpu/sepolicy/edgetpu_tachyon_service.te

diff --git a/edgetpu/edgetpu.mk b/edgetpu/edgetpu.mk
index 5ad2711..feb728f 100644
--- a/edgetpu/edgetpu.mk
+++ b/edgetpu/edgetpu.mk
@@ -23,6 +23,10 @@ PRODUCT_PACKAGES += \
 PRODUCT_PACKAGES += com.google.edgetpu.dba-service
 # TPU DBA C API library
 PRODUCT_PACKAGES += libedgetpu_dba.google
+# TPU Tachyon HAL service
+PRODUCT_PACKAGES += com.google.edgetpu.tachyon-service
+# TPU Tachyon C API library
+PRODUCT_PACKAGES += libedgetpu_tachyon.google
 
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/edgetpu/sepolicy
 
diff --git a/edgetpu/sepolicy/edgetpu_tachyon_service.te b/edgetpu/sepolicy/edgetpu_tachyon_service.te
new file mode 100644
index 0000000..fbe3edf
--- /dev/null
+++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te
@@ -0,0 +1,46 @@
+# Tachyon service.
+type edgetpu_tachyon_server, domain;
+type edgetpu_tachyon_server_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(edgetpu_tachyon_server)
+
+# The vendor service will use binder calls.
+binder_use(edgetpu_tachyon_server);
+
+# The vendor service will serve a binder service.
+binder_service(edgetpu_tachyon_server);
+
+# Tachyon service to register the service to service_manager.
+add_service(edgetpu_tachyon_server, edgetpu_tachyon_service);
+
+# Allow Tachyon service to access the edgetpu_app_service.
+allow edgetpu_tachyon_server edgetpu_app_service:service_manager find;
+binder_call(edgetpu_tachyon_server, edgetpu_app_server);
+
+# Allow Tachyon service to look for TPU instance in /dev/edgetpu or /dev/edgetpu-soc.
+allow edgetpu_tachyon_server edgetpu_device:chr_file rw_file_perms;
+
+# Allow Tachyon service to access hardware buffers and ION memory.
+allow edgetpu_tachyon_server hal_allocator:fd use;
+allow edgetpu_tachyon_server hal_graphics_mapper_hwservice:hwservice_manager find;
+allow edgetpu_tachyon_server hal_graphics_allocator:fd use;
+allow edgetpu_tachyon_server gpu_device:chr_file rw_file_perms;
+allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
+allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
+
+# Allow Tachyon service to read the overcommit_memory info.
+allow edgetpu_tachyon_server proc_overcommit_memory:file r_file_perms;
+
+# Allow Tachyon service to read the kernel version.
+# This is done inside the InitGoogle.
+allow edgetpu_tachyon_server proc_version:file r_file_perms;
+
+# Allow Tachyon service to send trace packets to Perfetto with SELinux enabled
+# under userdebug builds.
+userdebug_or_eng(`perfetto_producer(edgetpu_tachyon_server)')
+
+# Allow Tachyon service to read tflite Darwinn delegate properties
+get_prop(edgetpu_tachyon_server, vendor_tflite_delegate_prop)
+# Allow Tachyon service to read hetero runtime properties
+get_prop(edgetpu_tachyon_server, vendor_hetero_runtime_prop)
+# Allow Tachyon service to read EdgeTPU CPU scheduler properties
+get_prop(edgetpu_tachyon_server, vendor_edgetpu_cpu_scheduler_prop)
diff --git a/edgetpu/sepolicy/file_contexts b/edgetpu/sepolicy/file_contexts
index 8f6481c..df0a63e 100644
--- a/edgetpu/sepolicy/file_contexts
+++ b/edgetpu/sepolicy/file_contexts
@@ -24,3 +24,6 @@
 
 # EdgeTPU DBA service
 /vendor/bin/hw/com\.google\.edgetpu.dba-service                            u:object_r:edgetpu_dba_server_exec:s0
+
+# Tachyon service
+/vendor/bin/hw/com\.google\.edgetpu.tachyon-service                        u:object_r:edgetpu_tachyon_server_exec:s0
diff --git a/edgetpu/sepolicy/service.te b/edgetpu/sepolicy/service.te
index a61c8f8..b1a5409 100644
--- a/edgetpu/sepolicy/service.te
+++ b/edgetpu/sepolicy/service.te
@@ -1,6 +1,7 @@
 type edgetpu_nnapi_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
 type edgetpu_vendor_service, service_manager_type, hal_service_type;
 type edgetpu_dba_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
+type edgetpu_tachyon_service, app_api_service, service_manager_type, isolated_compute_allowed_service;
 
 # EdgeTPU binder service type declaration.
 type edgetpu_app_service, service_manager_type;
diff --git a/edgetpu/sepolicy/service_contexts b/edgetpu/sepolicy/service_contexts
index 83967f7..31684eb 100644
--- a/edgetpu/sepolicy/service_contexts
+++ b/edgetpu/sepolicy/service_contexts
@@ -8,3 +8,6 @@ com.google.edgetpu.IEdgeTpuAppService/default              u:object_r:edgetpu_ap
 
 # EdgeTPU DBA Service
 com.google.edgetpu.dba.IDevice/default                     u:object_r:edgetpu_dba_service:s0
+
+# Tachyon Service
+com.google.edgetpu.tachyon.IComputeService/default         u:object_r:edgetpu_tachyon_service:s0