Merge "sepolicy: allow setprop for thermal_controld" into 24D1-dev
diff --git a/edgetpu/sepolicy/edgetpu_app_service.te b/edgetpu/sepolicy/edgetpu_app_service.te
index 271805e..838f476 100644
--- a/edgetpu/sepolicy/edgetpu_app_service.te
+++ b/edgetpu/sepolicy/edgetpu_app_service.te
@@ -38,3 +38,12 @@
 
 # Allow EdgeTPU service to log to stats service. (metrics)
 allow edgetpu_app_server fwk_stats_service:service_manager find;
+
+# Allow mlock without size restriction
+allow edgetpu_app_server self:capability ipc_lock;
+
+# Need to effectively read file mapped file when mmap + mlocked.
+allow edgetpu_app_server privapp_data_file:file { map read};
+
+# For shell level testing of mlock
+allow edgetpu_app_server shell_data_file:file { map read};
diff --git a/edgetpu/sepolicy/file_contexts b/edgetpu/sepolicy/file_contexts
index 0cada88..06f0a89 100644
--- a/edgetpu/sepolicy/file_contexts
+++ b/edgetpu/sepolicy/file_contexts
@@ -15,7 +15,7 @@
 /vendor/lib64/libmetrics_logger\.so                                        u:object_r:same_process_hal_file:s0
 /vendor/lib64/libedgetpu_util\.so                                          u:object_r:same_process_hal_file:s0
 # EdgeTPU runtime libraries
-/vendor/lib64/com\.google\.edgetpu_app_service-V[1-3]-ndk\.so              u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V[1-4]-ndk\.so              u:object_r:same_process_hal_file:s0
 /vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so           u:object_r:same_process_hal_file:s0
 
 # EdgeTPU data files