commit 8e965d36a2547b0462251483757fcd43ca0d907c
author Yu-Chi Cheng <yuchicheng@google.com> Thu Mar 16 14:10:10 2023 -0700
committer Yu-Chi Cheng <yuchicheng@google.com> Thu Mar 16 14:10:10 2023 -0700
tree b7d14ed4ef45fcb4fceed0d5c945f6f4e38bc96f
parent 118833e6d04cfb601fa4eae00de16ffb4ffd650f

Added the hetero runtime system property SELinux rules.

Currently, there is a hetero runtime property that darwinn
and other hetero runtime project will use: the trace level
(vendor.google.silicon.max_trace_level).

This change allows edgetpu services and clients to be able to see
that property in order to change the trace level.

Bug: 272292650
Test: verified it to build but not tested on device yet since selinux
has not been enforced yet.

Change-Id: Id6d345b92d2e710b41ca58907ad443fc2667054a

edgetpu/sepolicy/appdomain.te

diff --git a/edgetpu/sepolicy/appdomain.te b/edgetpu/sepolicy/appdomain.te
index 37cb1db..804a202 100644
--- a/edgetpu/sepolicy/appdomain.te
+++ b/edgetpu/sepolicy/appdomain.te
@@ -1,2 +1,5 @@
 # Allow apps to read tflite Darwinn delegate properties
 get_prop(appdomain, vendor_tflite_delegate_prop)
+
+# Allow apps to read hetero runtime properties
+get_prop(appdomain, vendor_hetero_runtime_prop)

edgetpu/sepolicy/edgetpu_dba_service.te

diff --git a/edgetpu/sepolicy/edgetpu_dba_service.te b/edgetpu/sepolicy/edgetpu_dba_service.te
index dca4ac4..ce1f200 100644
--- a/edgetpu/sepolicy/edgetpu_dba_service.te
+++ b/edgetpu/sepolicy/edgetpu_dba_service.te
@@ -39,3 +39,5 @@
 
 # Allow EdgeTPU DBA service to read tflite Darwinn delegate properties
 get_prop(edgetpu_dba_server, vendor_tflite_delegate_prop)
+# Allow EdgeTPU DBA service to read hetero runtime properties
+get_prop(edgetpu_dba_server, vendor_hetero_runtime_prop)

edgetpu/sepolicy/hal_camera_default.te

diff --git a/edgetpu/sepolicy/hal_camera_default.te b/edgetpu/sepolicy/hal_camera_default.te
index a8ea541..3c09f2f 100644
--- a/edgetpu/sepolicy/hal_camera_default.te
+++ b/edgetpu/sepolicy/hal_camera_default.te
@@ -1,2 +1,5 @@
 # Allow camera HAL to read tflite Darwinn delegate properties
 get_prop(hal_camera_default, vendor_tflite_delegate_prop)
+
+# Allow camera HAL to read hetero runtime properties
+get_prop(hal_camera_default, vendor_hetero_runtime_prop)

edgetpu/sepolicy/hal_neuralnetworks_darwinn.te

diff --git a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
index 02e485c..7d50bfc 100644
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@@ -54,3 +54,5 @@
 
 # Allow NNAPI HAL to read tflite DarwiNN delegate properties
 get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop)
+# Allow NNAPI HAL to read hetero runtime properties
+get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop)

edgetpu/sepolicy/property.te

diff --git a/edgetpu/sepolicy/property.te b/edgetpu/sepolicy/property.te
index 254d059..1ed9a59 100644
--- a/edgetpu/sepolicy/property.te
+++ b/edgetpu/sepolicy/property.te
@@ -5,3 +5,6 @@
 # Tflite Darwinn delegate properties are written once by vendor_init,
 # and then read by apps, camera hal, and some Darwinn vendor services.
 system_vendor_config_prop(vendor_tflite_delegate_prop)
+
+# Hetero runtime properties, including tracing levels.
+system_vendor_config_prop(vendor_hetero_runtime_prop)

edgetpu/sepolicy/property_contexts

diff --git a/edgetpu/sepolicy/property_contexts b/edgetpu/sepolicy/property_contexts
index 56c2bf6..c21eb13 100644
--- a/edgetpu/sepolicy/property_contexts
+++ b/edgetpu/sepolicy/property_contexts
@@ -3,3 +3,6 @@
 
 # for DarwinnDelegate
 vendor.edgetpu.tflite_delegate.                 u:object_r:vendor_tflite_delegate_prop:s0
+
+# for hetero runtime
+vendor.google.silicon.                          u:object_r:vendor_hetero_runtime_prop:s0