summaryrefslogtreecommitdiff
path: root/sepolicy/edgetpu/hal_neuralnetworks_darwinn.te
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy/edgetpu/hal_neuralnetworks_darwinn.te')
-rw-r--r--sepolicy/edgetpu/hal_neuralnetworks_darwinn.te53
1 files changed, 53 insertions, 0 deletions
diff --git a/sepolicy/edgetpu/hal_neuralnetworks_darwinn.te b/sepolicy/edgetpu/hal_neuralnetworks_darwinn.te
new file mode 100644
index 00000000..f301a729
--- /dev/null
+++ b/sepolicy/edgetpu/hal_neuralnetworks_darwinn.te
@@ -0,0 +1,53 @@
+type hal_neuralnetworks_darwinn, domain;
+hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks)
+
+type hal_neuralnetworks_darwinn_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_neuralnetworks_darwinn)
+
+# The TPU HAL looks for TPU instance in /dev/abrolhos
+allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms;
+
+# Allow DawriNN service to use a client-provided fd residing in /vendor/etc/.
+allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms;
+
+# Allow DarwiNN service to access data files.
+allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:file create_file_perms;
+allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir_perms;
+
+# Allow DarwiNN service to access unix sockets for IPC.
+allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:sock_file { create unlink rw_file_perms };
+
+# Register to hwbinder service.
+# add_hwservice() is granted by hal_server_domain + hal_neuralnetworks.te
+hwbinder_use(hal_neuralnetworks_darwinn)
+get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop)
+
+# Allow TPU HAL to read the kernel version.
+# This is done inside the InitGoogle.
+allow hal_neuralnetworks_darwinn proc_version:file r_file_perms;
+
+# Allow TPU NNAPI HAL to log to stats service. (metrics)
+allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find;
+binder_call(hal_neuralnetworks_darwinn, system_server);
+binder_use(hal_neuralnetworks_darwinn)
+
+# Allow TPU NNAPI HAL to request power hints from the Power Service
+hal_client_domain(hal_neuralnetworks_darwinn, hal_power)
+
+# TPU NNAPI to register the service to service_manager.
+add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service);
+
+# Allow TPU NNAPI HAL to read the overcommit_memory info.
+allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms;
+
+# Allows the logging service to access /sys/class/edgetpu
+allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms;
+allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms;
+
+# Allows the NNAPI HAL to access the edgetpu_app_service
+allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find;
+binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server);
+
+# Allow NNAPI HAL to send trace packets to Perfetto with SELinux enabled
+# under userdebug builds.
+userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)')
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 03:17:16 +0000