drgreen/android_device_google_gs-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_google_gs-co.../edgetpu/sepolicy/edgetpu_tachyon_service.te
feiyuchen 0ea3b6ccd1 Allow edgetpu_tachyon_service to call mlock() 
Tachyon AIDL service is the new Darwinn runtime v3. It needs mlock capability to support the GenAI effort, allowing file backed large models to be mlocked, satisfying the memory accounting on Android, similar to what we just did for edgetpu_app_service ag/26481028

Bug: 337949682
Test: On-device tested that tachyon service can now lock large memories.
Change-Id: I02e4d87adf8a459e88e35f7b965d65b2840adce5
2024-05-07 03:50:02 +00:00

63 lines
2.6 KiB
Plaintext
Raw Blame History

# Tachyon service.
type edgetpu_tachyon_server, domain;
type edgetpu_tachyon_server_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(edgetpu_tachyon_server)
# The vendor service will use binder calls.
binder_use(edgetpu_tachyon_server);
# The vendor service will serve a binder service.
binder_service(edgetpu_tachyon_server);
# Tachyon service to register the service to service_manager.
add_service(edgetpu_tachyon_server, edgetpu_tachyon_service);
# Allow Tachyon service to access the edgetpu_app_service.
allow edgetpu_tachyon_server edgetpu_app_service:service_manager find;
binder_call(edgetpu_tachyon_server, edgetpu_app_server);
# Allow Tachyon service to look for TPU instance in /dev/edgetpu or /dev/edgetpu-soc.
allow edgetpu_tachyon_server edgetpu_device:chr_file rw_file_perms;
# Allow Tachyon service to access hardware buffers and ION memory.
allow edgetpu_tachyon_server hal_allocator:fd use;
allow edgetpu_tachyon_server hal_graphics_mapper_hwservice:hwservice_manager find;
allow edgetpu_tachyon_server hal_graphics_allocator:fd use;
allow edgetpu_tachyon_server gpu_device:chr_file rw_file_perms;
allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
# Allow Tachyon service to access dmabuf sysytem.
allow edgetpu_tachyon_server dmabuf_system_heap_device:chr_file r_file_perms;
# Allow Tachyon service to read the overcommit_memory info.
allow edgetpu_tachyon_server proc_overcommit_memory:file r_file_perms;
# Allow Tachyon service to read the kernel version.
# This is done inside the InitGoogle.
allow edgetpu_tachyon_server proc_version:file r_file_perms;
# Allow Tachyon service to send trace packets to Perfetto with SELinux enabled
# under userdebug builds.
userdebug_or_eng(`perfetto_producer(edgetpu_tachyon_server)')
# Allow Tachyon service to read tflite DarwiNN delegate properties
get_prop(edgetpu_tachyon_server, vendor_tflite_delegate_prop)
# Allow Tachyon service to read DarwiNN runtime properties
get_prop(edgetpu_tachyon_server, vendor_edgetpu_runtime_prop)
# Allow Tachyon service to read hetero runtime properties
get_prop(edgetpu_tachyon_server, vendor_hetero_runtime_prop)
# Allow Tachyon service to read EdgeTPU CPU scheduler properties
get_prop(edgetpu_tachyon_server, vendor_edgetpu_cpu_scheduler_prop)
# Allow mlock without size restriction
allow edgetpu_tachyon_server self:capability ipc_lock;
# Need to effectively read file mapped file when mmap + mlocked.
allow edgetpu_tachyon_server privapp_data_file:file { map read};
# For shell level testing of mlock
userdebug_or_eng(`
allow edgetpu_tachyon_server shell_data_file:file { map read};
')
Reference in New Issue View Git Blame Copy Permalink