Merge "Allow edgetpu_tachyon_service to access GXP device & Dmabuf." into main

commit: 039b7e6d76d88fb82e5702590e7e46a01034e84c [log] [tgz]
author: Dinesh Yadav <dkyadav@google.com> Wed Nov 29 03:22:00 2023 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Wed Nov 29 03:22:00 2023 +0000
tree: dde2276ac07a74cf972eef501ac614203e4eaea8
parent: 8996d1b7ee3361946fe53ebcf40f1331d3f388b4 [diff]
parent: e7cffe4da5b0125fcaa2063fd43cc4681bda7ea9 [diff]
diff --git a/edgetpu/sepolicy/edgetpu_tachyon_service.te b/edgetpu/sepolicy/edgetpu_tachyon_service.te
index 66a4667..5ead23b 100644
--- a/edgetpu/sepolicy/edgetpu_tachyon_service.te
+++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te

@@ -27,6 +27,9 @@
 allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
 allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
 
+# Allow Tachyon service to access dmabuf sysytem.
+allow edgetpu_tachyon_server dmabuf_system_heap_device:chr_file r_file_perms;
+
 # Allow Tachyon service to read the overcommit_memory info.
 allow edgetpu_tachyon_server proc_overcommit_memory:file r_file_perms;
 

diff --git a/gxp/sepolicy/edgetpu_tachyon_service.te b/gxp/sepolicy/edgetpu_tachyon_service.te
new file mode 100644
index 0000000..35987dd
--- /dev/null
+++ b/gxp/sepolicy/edgetpu_tachyon_service.te

@@ -0,0 +1,3 @@
+# Allow Tachyon service to access the GXP device and read GXP properties.
+allow edgetpu_tachyon_server gxp_device:chr_file rw_file_perms;
+get_prop(edgetpu_tachyon_server, vendor_gxp_prop)
commit	039b7e6d76d88fb82e5702590e7e46a01034e84c	[log] [tgz]
author	Dinesh Yadav <dkyadav@google.com>	Wed Nov 29 03:22:00 2023 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Wed Nov 29 03:22:00 2023 +0000
tree	dde2276ac07a74cf972eef501ac614203e4eaea8
parent	8996d1b7ee3361946fe53ebcf40f1331d3f388b4 [diff]
parent	e7cffe4da5b0125fcaa2063fd43cc4681bda7ea9 [diff]