summaryrefslogtreecommitdiff
path: root/sepolicy/edgetpu/priv_app.te
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy/edgetpu/priv_app.te')
-rw-r--r--sepolicy/edgetpu/priv_app.te12
1 files changed, 12 insertions, 0 deletions
diff --git a/sepolicy/edgetpu/priv_app.te b/sepolicy/edgetpu/priv_app.te
new file mode 100644
index 00000000..db6e0a27
--- /dev/null
+++ b/sepolicy/edgetpu/priv_app.te
@@ -0,0 +1,12 @@
+# Allows privileged applications to discover the EdgeTPU service.
+allow priv_app edgetpu_app_service:service_manager find;
+
+# Allows privileged applications to discover the NNAPI TPU service.
+allow priv_app edgetpu_nnapi_service:service_manager find;
+
+# Allows privileged applications to access the EdgeTPU device, except open,
+# which is guarded by the EdgeTPU service.
+allow priv_app edgetpu_device:chr_file { getattr read write ioctl map };
+
+# Allows privileged applications to access the PowerHAL.
+hal_client_domain(priv_app, hal_power)
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 03:14:58 +0000