Snap for 11355999 from f03522a675ea89a8d18db2c43e3af7ce909903f5 to 24Q2-release

Change-Id: I9bb1328055e5a3a17e319738378c67929c52a13b

edgetpu/sepolicy/file_contexts

@@ -15,7 +15,7 @@
 /vendor/lib64/libmetrics_logger\.so                                        u:object_r:same_process_hal_file:s0
 /vendor/lib64/libedgetpu_util\.so                                          u:object_r:same_process_hal_file:s0
 # EdgeTPU runtime libraries
-/vendor/lib64/com\.google\.edgetpu_app_service-V[1-2]-ndk\.so              u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V[1-3]-ndk\.so              u:object_r:same_process_hal_file:s0
 /vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so           u:object_r:same_process_hal_file:s0
 
 # EdgeTPU data files

gxp/sepolicy/appdomain.te

@@ -0,0 +1,2 @@
+# Allow apps to read gxp properties
+get_prop(appdomain, vendor_gxp_prop)

gxp/sepolicy/edgetpu_app_service.te

@@ -0,0 +1,6 @@
+# Allow Edgetpu App Service to access the GXP device and read GXP properties.
+allow edgetpu_app_server gxp_device:chr_file rw_file_perms;
+get_prop(edgetpu_app_server, vendor_gxp_prop)
+
+# Allows Edgetpu App Service to search for GXP firmware file.
+allow edgetpu_app_server vendor_fw_file:dir search;

gxp/sepolicy/priv_app.te

@@ -0,0 +1,3 @@
+# Allows privileged applications to access the GXP device, except open,
+# which is guarded by the EdgeTPU service.
+allow priv_app gxp_device:chr_file { getattr read write ioctl map };

gxp/sepolicy/untrusted_app_all.te

@@ -0,0 +1,3 @@
+# Allows applications to access the GXP device, except open,
+# which is guarded by the EdgeTPU service.
+allow untrusted_app_all gxp_device:chr_file { getattr read write ioctl map };