Allow camera HAL to access tachyon HAL Bug: 352680961 Flag: EXEMPT updates device sepolicy only Change-Id: I8383887e36340db67c595a12c11c336d3d9bf974

commit: 3582506fec99d02f772d0d2605333b7835b09dc7 [log] [tgz]
author: Dinesh Yadav <dkyadav@google.com> Fri Jul 12 08:23:36 2024 +0000
committer: Dinesh Yadav <dkyadav@google.com> Tue Jul 16 04:31:02 2024 +0000
tree: aaa2003d59fa1b79b3613512c805107bc33c70d9
parent: 1a4e01ef9e1639dc7391ec98e18efd970c7bde38 [diff]
diff --git a/edgetpu/sepolicy/edgetpu_tachyon_service.te b/edgetpu/sepolicy/edgetpu_tachyon_service.te
index da34353..877a180 100644
--- a/edgetpu/sepolicy/edgetpu_tachyon_service.te
+++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te

@@ -27,6 +27,9 @@
 allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
 allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
 
+# Allow Tachyon service to access camera hal via binder.
+binder_call(edgetpu_tachyon_server, hal_camera_default);
+
 # Allow Tachyon service to access dmabuf sysytem.
 allow edgetpu_tachyon_server dmabuf_system_heap_device:chr_file r_file_perms;
 

diff --git a/edgetpu/sepolicy/hal_camera_default.te b/edgetpu/sepolicy/hal_camera_default.te
index 624533a..e84f5dc 100644
--- a/edgetpu/sepolicy/hal_camera_default.te
+++ b/edgetpu/sepolicy/hal_camera_default.te

@@ -6,3 +6,10 @@
 
 # Allow camera HAL to read hetero runtime properties
 get_prop(hal_camera_default, vendor_hetero_runtime_prop)
+
+# Allow camera HAL to access tachyon HAL
+allow hal_camera_default edgetpu_tachyon_service:service_manager find;
+
+# Allow camera HAL to communicate with tachyon hal using binder calls
+binder_call(hal_camera_default, edgetpu_tachyon_server);
+
commit	3582506fec99d02f772d0d2605333b7835b09dc7	[log] [tgz]
author	Dinesh Yadav <dkyadav@google.com>	Fri Jul 12 08:23:36 2024 +0000
committer	Dinesh Yadav <dkyadav@google.com>	Tue Jul 16 04:31:02 2024 +0000
tree	aaa2003d59fa1b79b3613512c805107bc33c70d9
parent	1a4e01ef9e1639dc7391ec98e18efd970c7bde38 [diff]