Allow edgetpu_tachyon_service to access GXP device & Dmabuf.
As gxp stack will be using Tachyon service to process kernels on aurora
dsp, these permissions will be needed.
Bug: 279655948
Change-Id: I04c11575208d0ca1a3dda68db1367804c4d7596d
Signed-off-by: Dinesh Yadav <dkyadav@google.com>
diff --git a/edgetpu/sepolicy/edgetpu_tachyon_service.te b/edgetpu/sepolicy/edgetpu_tachyon_service.te
index 66a4667..5ead23b 100644
--- a/edgetpu/sepolicy/edgetpu_tachyon_service.te
+++ b/edgetpu/sepolicy/edgetpu_tachyon_service.te
@@ -27,6 +27,9 @@
allow edgetpu_tachyon_server gpu_device:dir r_dir_perms;
allow edgetpu_tachyon_server ion_device:chr_file r_file_perms;
+# Allow Tachyon service to access dmabuf sysytem.
+allow edgetpu_tachyon_server dmabuf_system_heap_device:chr_file r_file_perms;
+
# Allow Tachyon service to read the overcommit_memory info.
allow edgetpu_tachyon_server proc_overcommit_memory:file r_file_perms;
diff --git a/gxp/sepolicy/edgetpu_tachyon_service.te b/gxp/sepolicy/edgetpu_tachyon_service.te
new file mode 100644
index 0000000..35987dd
--- /dev/null
+++ b/gxp/sepolicy/edgetpu_tachyon_service.te
@@ -0,0 +1,3 @@
+# Allow Tachyon service to access the GXP device and read GXP properties.
+allow edgetpu_tachyon_server gxp_device:chr_file rw_file_perms;
+get_prop(edgetpu_tachyon_server, vendor_gxp_prop)