commit af16ce519de0f2d34567332ca2b5d7a063b91750
author qinyiyan <qinyiyan@google.com> Thu Oct 05 12:17:41 2023 -0700
committer qinyiyan <qinyiyan@google.com> Thu Oct 05 14:13:31 2023 -0700
tree 974bc299bffbf7181ca0b3bb1d0d161d67d36691
parent 33274eb576f340cc715138b74a68a7b52b4ab239

Allow hal_neuralnetworks_darwinn and dba service to read DMA buf.

AVC denials seen:
avc:  denied  { read } for  name="system" dev="tmpfs" ino=592 scontext=u:r:hal_neuralnetworks_darwinn:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0

bug: 303526151
Test: forrest build
Change-Id: I42e714908df163df6a328f451202a93fc11caeee

edgetpu/sepolicy/edgetpu_dba_service.te

diff --git a/edgetpu/sepolicy/edgetpu_dba_service.te b/edgetpu/sepolicy/edgetpu_dba_service.te
index da210da..fd1822b 100644
--- a/edgetpu/sepolicy/edgetpu_dba_service.te
+++ b/edgetpu/sepolicy/edgetpu_dba_service.te
@@ -47,3 +47,7 @@
 get_prop(edgetpu_dba_server, vendor_hetero_runtime_prop)
 # Allow EdgeTPU DBA service to read EdgeTPU CPU scheduler properties
 get_prop(edgetpu_dba_server, vendor_edgetpu_cpu_scheduler_prop)
+
+# Allow DMA Buf access.
+allow edgetpu_dba_server dmabuf_system_heap_device:chr_file r_file_perms;
+

edgetpu/sepolicy/hal_neuralnetworks_darwinn.te

diff --git a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
index f867528..63a3a17 100644
--- a/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
+++ b/edgetpu/sepolicy/hal_neuralnetworks_darwinn.te
@@ -56,3 +56,7 @@
 get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop)
 # Allow NNAPI HAL to read hetero runtime properties
 get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop)
+
+# Allow DMA Buf access.
+allow hal_neuralnetworks_darwinn dmabuf_system_heap_device:chr_file r_file_perms;
+