Merge "collect bt hal dump log to bugreport" into main

commit: 3d92d72aa2f2f65dca986da46da5363ccd7c7503 [log] [tgz]
author: Joner Lin <jonerlin@google.com> Thu Jan 25 08:25:02 2024 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Thu Jan 25 08:25:02 2024 +0000
tree: 2b3d50c9b38c6f2c5627ca47f1b53bb710ce5545
parent: f03522a675ea89a8d18db2c43e3af7ce909903f5 [diff]
parent: fca1de2ce3345e6a170223f26fd2e682eb59bc64 [diff]
diff --git a/edgetpu/sepolicy/file_contexts b/edgetpu/sepolicy/file_contexts
index df0a63e..0cada88 100644
--- a/edgetpu/sepolicy/file_contexts
+++ b/edgetpu/sepolicy/file_contexts

@@ -15,7 +15,7 @@
 /vendor/lib64/libmetrics_logger\.so                                        u:object_r:same_process_hal_file:s0
 /vendor/lib64/libedgetpu_util\.so                                          u:object_r:same_process_hal_file:s0
 # EdgeTPU runtime libraries
-/vendor/lib64/com\.google\.edgetpu_app_service-V[1-2]-ndk\.so              u:object_r:same_process_hal_file:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V[1-3]-ndk\.so              u:object_r:same_process_hal_file:s0
 /vendor/lib64/com\.google\.edgetpu_vendor_service-V[1-2]-ndk\.so           u:object_r:same_process_hal_file:s0
 
 # EdgeTPU data files

diff --git a/gxp/sepolicy/appdomain.te b/gxp/sepolicy/appdomain.te
new file mode 100644
index 0000000..ada9421
--- /dev/null
+++ b/gxp/sepolicy/appdomain.te

@@ -0,0 +1,2 @@
+# Allow apps to read gxp properties
+get_prop(appdomain, vendor_gxp_prop)

diff --git a/gxp/sepolicy/edgetpu_app_service.te b/gxp/sepolicy/edgetpu_app_service.te
new file mode 100644
index 0000000..780823f
--- /dev/null
+++ b/gxp/sepolicy/edgetpu_app_service.te

@@ -0,0 +1,6 @@
+# Allow Edgetpu App Service to access the GXP device and read GXP properties.
+allow edgetpu_app_server gxp_device:chr_file rw_file_perms;
+get_prop(edgetpu_app_server, vendor_gxp_prop)
+
+# Allows Edgetpu App Service to search for GXP firmware file.
+allow edgetpu_app_server vendor_fw_file:dir search;

diff --git a/gxp/sepolicy/priv_app.te b/gxp/sepolicy/priv_app.te
new file mode 100644
index 0000000..8afc24d
--- /dev/null
+++ b/gxp/sepolicy/priv_app.te

@@ -0,0 +1,3 @@
+# Allows privileged applications to access the GXP device, except open,
+# which is guarded by the EdgeTPU service.
+allow priv_app gxp_device:chr_file { getattr read write ioctl map };

diff --git a/gxp/sepolicy/untrusted_app_all.te b/gxp/sepolicy/untrusted_app_all.te
new file mode 100644
index 0000000..456dfee
--- /dev/null
+++ b/gxp/sepolicy/untrusted_app_all.te

@@ -0,0 +1,3 @@
+# Allows applications to access the GXP device, except open,
+# which is guarded by the EdgeTPU service.
+allow untrusted_app_all gxp_device:chr_file { getattr read write ioctl map };
commit	3d92d72aa2f2f65dca986da46da5363ccd7c7503	[log] [tgz]
author	Joner Lin <jonerlin@google.com>	Thu Jan 25 08:25:02 2024 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Thu Jan 25 08:25:02 2024 +0000
tree	2b3d50c9b38c6f2c5627ca47f1b53bb710ce5545
parent	f03522a675ea89a8d18db2c43e3af7ce909903f5 [diff]
parent	fca1de2ce3345e6a170223f26fd2e682eb59bc64 [diff]