Merge "sepolicy: allow setprop for thermal_controld" into 24D1-dev
diff --git a/edgetpu/sepolicy/edgetpu_app_service.te b/edgetpu/sepolicy/edgetpu_app_service.te
index 271805e..838f476 100644
--- a/edgetpu/sepolicy/edgetpu_app_service.te
+++ b/edgetpu/sepolicy/edgetpu_app_service.te
@@ -38,3 +38,12 @@
# Allow EdgeTPU service to log to stats service. (metrics)
allow edgetpu_app_server fwk_stats_service:service_manager find;
+
+# Allow mlock without size restriction
+allow edgetpu_app_server self:capability ipc_lock;
+
+# Need to effectively read file mapped file when mmap + mlocked.
+allow edgetpu_app_server privapp_data_file:file { map read};
+
+# For shell level testing of mlock
+allow edgetpu_app_server shell_data_file:file { map read};
diff --git a/edgetpu/sepolicy/file_contexts b/edgetpu/sepolicy/file_contexts
index 0cada88..06f0a89 100644
--- a/edgetpu/sepolicy/file_contexts
+++ b/edgetpu/sepolicy/file_contexts
@@ -15,7 +15,7 @@
/vendor/lib64/libmetrics_logger\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0
# EdgeTPU runtime libraries
-/vendor/lib64/com\.google\.edgetpu_app_service-V[1-3]-ndk\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V[1-4]-ndk\.so u:object_r:same_process_hal_file:s0
/vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so u:object_r:same_process_hal_file:s0
# EdgeTPU data files