From 9f6785063af2bb5c7a11b79a9d98218f3d0e6493 Mon Sep 17 00:00:00 2001
From: feiyuchen <feiyuchen@google.com>
Date: Mon, 26 Jun 2023 02:00:24 +0000
Subject: [PATCH] Add SEPolicy for audio HAL to use EdgeTpu

The added policies for Audio HAL (`hal_audio_default`) are exactly the same as Camera HAL (`hal_camera_default`).

Background: Audio team is migrating audio processing offload to TPU. POR is for Android U QPR.
Design doc: https://docs.google.com/document/d/1KarcXFbfiJVxHDFgT5AYNE0-tUc0cr_63dCNK-5HQys/edit?resourcekey=0-J-4NEenhAWuoa5Ou7ZGYgw

Bug: 289466639
Change-Id: I02b7ba4e4956b0db615b21a88dc47b615cc66e44
Test: It was tested in above Bug that Audio HAL could use EdgeTpu
---
 edgetpu/sepolicy/hal_audio_default.te | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 edgetpu/sepolicy/hal_audio_default.te

diff --git a/edgetpu/sepolicy/hal_audio_default.te b/edgetpu/sepolicy/hal_audio_default.te
new file mode 100644
index 0000000..2646fcc
--- /dev/null
+++ b/edgetpu/sepolicy/hal_audio_default.te
@@ -0,0 +1,14 @@
+# Allow the audio hal to access the EdgeTPU service and the
+# Android shared memory allocated by the EdgeTPU service for
+# on-device compilation.
+allow hal_audio_default edgetpu_device:chr_file rw_file_perms;
+allow hal_audio_default edgetpu_vendor_service:service_manager find;
+binder_call(hal_audio_default, edgetpu_vendor_server)
+
+# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging
+# library has a dependency on edgetpu_app_service, see b/275016466.
+allow hal_audio_default edgetpu_app_service:service_manager find;
+binder_call(hal_audio_default, edgetpu_app_server)
+
+# Allow audio HAL to read tflite Darwinn delegate properties
+get_prop(hal_audio_default, vendor_tflite_delegate_prop)