Snap for 10872577 from 89796047b8af32839d358fb4f1af8a5519e7c96e to 24Q1-release

Change-Id: I45f15d59f3e1d4ee51ee9436c13a5a67e6b4892d
2023-09-28 01:09:02 +00:00 · 2023-09-28 01:09:02 +00:00 · 9120529f33
commit 9120529f33
parent b359595163 89796047b8
11 changed files with 34 additions and 22 deletions
--- a/edgetpu/sepolicy/appdomain.te
+++ b/edgetpu/sepolicy/appdomain.te
@ -1,5 +1,8 @@
-# Allow apps to read tflite Darwinn delegate properties
+# Allow apps to read tflite DarwiNN delegate properties
 get_prop(appdomain, vendor_tflite_delegate_prop)

+# Allow apps to read DarwiNN runtime properties
+get_prop(appdomain, vendor_edgetpu_runtime_prop)
+
 # Allow apps to read hetero runtime properties
 get_prop(appdomain, vendor_hetero_runtime_prop)
--- a/edgetpu/sepolicy/edgetpu_dba_service.te
+++ b/edgetpu/sepolicy/edgetpu_dba_service.te
@ -41,8 +41,10 @@ allow edgetpu_dba_server proc_version:file r_file_perms;
 # under userdebug builds.
 userdebug_or_eng(`perfetto_producer(edgetpu_dba_server)')

-# Allow EdgeTPU DBA service to read tflite Darwinn delegate properties
+# Allow EdgeTPU DBA service to read tflite DarwiNN delegate properties
 get_prop(edgetpu_dba_server, vendor_tflite_delegate_prop)
+# Allow EdgeTPU DBA service to read DarwiNN runtime properties
+get_prop(edgetpu_dba_server, vendor_edgetpu_runtime_prop)
 # Allow EdgeTPU DBA service to read hetero runtime properties
 get_prop(edgetpu_dba_server, vendor_hetero_runtime_prop)
 # Allow EdgeTPU DBA service to read EdgeTPU CPU scheduler properties
--- a/edgetpu/sepolicy/edgetpu_tachyon_service.te
+++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te
@ -38,8 +38,10 @@ allow edgetpu_tachyon_server proc_version:file r_file_perms;
 # under userdebug builds.
 userdebug_or_eng(`perfetto_producer(edgetpu_tachyon_server)')

-# Allow Tachyon service to read tflite Darwinn delegate properties
+# Allow Tachyon service to read tflite DarwiNN delegate properties
 get_prop(edgetpu_tachyon_server, vendor_tflite_delegate_prop)
+# Allow Tachyon service to read DarwiNN runtime properties
+get_prop(edgetpu_tachyon_server, vendor_edgetpu_runtime_prop)
 # Allow Tachyon service to read hetero runtime properties
 get_prop(edgetpu_tachyon_server, vendor_hetero_runtime_prop)
 # Allow Tachyon service to read EdgeTPU CPU scheduler properties
--- a/edgetpu/sepolicy/hal_camera_default.te
+++ b/edgetpu/sepolicy/hal_camera_default.te
@ -1,5 +1,8 @@
-# Allow camera HAL to read tflite Darwinn delegate properties
+# Allow camera HAL to read tflite DarwiNN delegate properties
 get_prop(hal_camera_default, vendor_tflite_delegate_prop)

+# Allow camera HAL to read DarwiNN runtime properties
+get_prop(hal_camera_default, vendor_edgetpu_runtime_prop)
+
 # Allow camera HAL to read hetero runtime properties
 get_prop(hal_camera_default, vendor_hetero_runtime_prop)
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@ -54,5 +54,7 @@ userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)')

 # Allow NNAPI HAL to read tflite DarwiNN delegate properties
 get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop)
+# Allow NNAPI HAL to read DarwiNN runtime properties
+get_prop(hal_neuralnetworks_darwinn, vendor_edgetpu_runtime_prop)
 # Allow NNAPI HAL to read hetero runtime properties
 get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop)
--- a/edgetpu/sepolicy/property.te
+++ b/edgetpu/sepolicy/property.te
@ -2,13 +2,16 @@
 # since it lives under /system_ext/.
 system_public_prop(vendor_edgetpu_service_prop)

-# Tflite Darwinn delegate properties are written once by vendor_init,
-# and then read by apps, camera hal, and some Darwinn vendor services.
+# Tflite DarwiNN delegate properties are written once by vendor_init,
+# and then read by apps, camera hal, and some DarwiNN vendor services.
 system_vendor_config_prop(vendor_tflite_delegate_prop)

 # The EdgeTPU CPU scheduler properties are written once by vendor_init,
 # and then read by HAL service.
 system_vendor_config_prop(vendor_edgetpu_cpu_scheduler_prop)

+# DarwiNN runtime properties.
+system_vendor_config_prop(vendor_edgetpu_runtime_prop)
+
 # Hetero runtime properties, including tracing levels.
 system_vendor_config_prop(vendor_hetero_runtime_prop)
--- a/edgetpu/sepolicy/property_contexts
+++ b/edgetpu/sepolicy/property_contexts
@ -1,6 +1,7 @@
 # for EdgeTPU
 vendor.edgetpu.service.                         u:object_r:vendor_edgetpu_service_prop:s0
 vendor.edgetpu.cpu_scheduler.                   u:object_r:vendor_edgetpu_cpu_scheduler_prop:s0
+vendor.edgetpu.runtime.                         u:object_r:vendor_edgetpu_runtime_prop:s0

 # for DarwinnDelegate
 vendor.edgetpu.tflite_delegate.                 u:object_r:vendor_tflite_delegate_prop:s0
--- a/gyotaku_app/sepolicy/gyotaku_app.te
+++ b/gyotaku_app/sepolicy/gyotaku_app.te
@ -1,34 +1,25 @@
 type gyotaku_app, domain;

-app_domain(gyotaku_app)
-
 userdebug_or_eng(`
+  app_domain(gyotaku_app)
+  net_domain(gyotaku_app)
+
  # For Gyotaku app common use
  allow gyotaku_app app_api_service:service_manager find;
  allow gyotaku_app privapp_data_file:lnk_file read;
-  allow gyotaku_app gyotaku_app:udp_socket create;
  allow gyotaku_app system_app_data_file:dir create_dir_perms;
  allow gyotaku_app system_app_data_file:file create_file_perms;

-  # For cloud and network related use
-  allow gyotaku_app dnsproxyd_socket:sock_file write;
-  allow gyotaku_app gyotaku_app:udp_socket connect;
-  allow gyotaku_app netd:unix_stream_socket connectto;
-  allow gyotaku_app gyotaku_app:tcp_socket create;
-  allow gyotaku_app privapp_data_file:file execute;
-  allow netd gyotaku_app:fd use;
-  allow netd gyotaku_app:tcp_socket {read write};
-
  # For access /proc/fs/f2fs/* storage use
  allow gyotaku_app proc_f2fs:dir search;
-  allow gyotaku_app proc_f2fs:file {open read};
+  allow gyotaku_app proc_f2fs:file r_file_perms;

  # For access /proc/stat use
-  allow gyotaku_app proc_stat:file {read open getattr};
+  allow gyotaku_app proc_stat:file r_file_perms;

  # For getproperty isDebuggable use
  get_prop(gyotaku_app, userdebug_or_eng_prop)

-  # For persiste property use
-  allow gyotaku_app logpersistd_logging_prop:file {read open getattr map};
+  # For persistent property use
+  get_prop(gyotaku_app, logpersistd_logging_prop);
 ')
--- a/mediacodec/samsung/sepolicy/file.te
+++ b/mediacodec/samsung/sepolicy/file.te
@ -1 +1,2 @@
 type sysfs_mfc, sysfs_type, fs_type;
+type sysfs_force_empty, sysfs_type, fs_type;
--- a/mediacodec/samsung/sepolicy/genfs_contexts
+++ b/mediacodec/samsung/sepolicy/genfs_contexts
@ -1 +1,2 @@
 genfscon sysfs /devices/platform/mfc/video4linux/video u:object_r:sysfs_mfc:s0
+genfscon sysfs /kernel/vendor_mm/cma/vframe/force_empty  u:object_r:sysfs_force_empty:s0
--- a/mediacodec/samsung/sepolicy/mediacodec_samsung.te
+++ b/mediacodec/samsung/sepolicy/mediacodec_samsung.te
@ -14,6 +14,9 @@ allow mediacodec_samsung gpu_device:chr_file rw_file_perms;
 allow mediacodec_samsung sysfs_mfc:file r_file_perms;
 allow mediacodec_samsung sysfs_mfc:dir r_dir_perms;

+allow mediacodec_samsung sysfs_force_empty:dir r_file_perms;
+allow mediacodec_samsung sysfs_force_empty:file rw_file_perms;
+
 # can use graphics allocator
 hal_client_domain(mediacodec_samsung, hal_graphics_allocator)