drgreen/android_device_google_gs-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_google_gs-co.../edgetpu/sepolicy/edgetpu_tachyon_service.te
Yu-Chi Cheng 7232d53128 Added SELinux rules for vendor.darwinn.runtime. properties. 
This allows DarwiNN runtime components to access related system
properties, including the ones that control host DMA-BUF allocation.

Bug: 297432189
Test: verified camera to work on local device
Change-Id: I4b3f566417445a2a0ef6eae64d9b0ed7d20ff26c
2023-09-26 20:49:42 +00:00

49 lines
2.2 KiB
Plaintext
Raw Blame History

# Tachyon service.
type edgetpu_tachyon_server, domain;
type edgetpu_tachyon_server_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(edgetpu_tachyon_server)
# The vendor service will use binder calls.
binder_use(edgetpu_tachyon_server);
# The vendor service will serve a binder service.
binder_service(edgetpu_tachyon_server);
# Tachyon service to register the service to service_manager.
add_service(edgetpu_tachyon_server, edgetpu_tachyon_service);
# Allow Tachyon service to access the edgetpu_app_service.
allow edgetpu_tachyon_server edgetpu_app_service:service_manager find;
binder_call(edgetpu_tachyon_server, edgetpu_app_server);
# Allow Tachyon service to look for TPU instance in /dev/edgetpu or /dev/edgetpu-soc.
allow edgetpu_tachyon_server edgetpu_device:chr_file rw_file_perms;
# Allow Tachyon service to access hardware buffers and ION memory.
allow edgetpu_tachyon_server hal_allocator:fd use;
allow edgetpu_tachyon_server hal_graphics_mapper_hwservice:hwservice_manager find;
allow edgetpu_tachyon_server hal_graphics_allocator:fd use;
allow edgetpu_tachyon_server gpu_device:chr_file rw_file_perms;
allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
# Allow Tachyon service to read the overcommit_memory info.
allow edgetpu_tachyon_server proc_overcommit_memory:file r_file_perms;
# Allow Tachyon service to read the kernel version.
# This is done inside the InitGoogle.
allow edgetpu_tachyon_server proc_version:file r_file_perms;
# Allow Tachyon service to send trace packets to Perfetto with SELinux enabled
# under userdebug builds.
userdebug_or_eng(`perfetto_producer(edgetpu_tachyon_server)')
# Allow Tachyon service to read tflite DarwiNN delegate properties
get_prop(edgetpu_tachyon_server, vendor_tflite_delegate_prop)
# Allow Tachyon service to read DarwiNN runtime properties
get_prop(edgetpu_tachyon_server, vendor_edgetpu_runtime_prop)
# Allow Tachyon service to read hetero runtime properties
get_prop(edgetpu_tachyon_server, vendor_hetero_runtime_prop)
# Allow Tachyon service to read EdgeTPU CPU scheduler properties
get_prop(edgetpu_tachyon_server, vendor_edgetpu_cpu_scheduler_prop)
Reference in New Issue View Git Blame Copy Permalink