From 708eec566d576962fc76d88e1298d09376ccf2bb Mon Sep 17 00:00:00 2001
From: Yu-Chi Cheng <yuchicheng@google.com>
Date: Wed, 17 May 2023 14:29:05 -0700
Subject: [PATCH] Allowed edgetpu_vendor_service to access hetero runtime
 system properties.

Those properties include the one for trace level
("vendor.google.silicon.max_trace_level"), which will be used by the
edgetpu vendor service during on device compilation. This change is
required to avoid SELinux errors.

Bug: 282963211
Test: verified no avc error after this change with GCA + perfetto.
Change-Id: I66333571bc9dbbf86e033eefb1054c79b260ff67
---
 edgetpu/sepolicy/edgetpu_vendor_server.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/edgetpu/sepolicy/edgetpu_vendor_server.te b/edgetpu/sepolicy/edgetpu_vendor_server.te
index 1060510..4c03744 100644
--- a/edgetpu/sepolicy/edgetpu_vendor_server.te
+++ b/edgetpu/sepolicy/edgetpu_vendor_server.te
@@ -29,3 +29,6 @@ allow edgetpu_vendor_server proc_version:file r_file_perms;
 
 # Allow EdgeTPU vendor service to read the overcommit_memory info.
 allow edgetpu_vendor_server proc_overcommit_memory:file r_file_perms;
+
+# Allow EdgeTPU vendor service to read hetero runtime properties
+get_prop(edgetpu_vendor_server, vendor_hetero_runtime_prop)