organize EdgeTPU modules and sepolicy
Bug: 190331327
Bug: 190331548
Bug: 189895600
Bug: 190331108
Bug: 182524105
Bug: 183935302
Test: build ROM and check if the modules and sepolicy are still there
Change-Id: I40391a239a16c4fe79d58fab209dcbd1a8f25ede
diff --git a/edgetpu/device.te b/edgetpu/device.te
new file mode 100644
index 0000000..9296ba5
--- /dev/null
+++ b/edgetpu/device.te
@@ -0,0 +1,2 @@
+# EdgeTPU device (DarwiNN)
+type edgetpu_device, dev_type, mlstrustedobject;
diff --git a/whitechapel/vendor/google/edgetpu_app_service.te b/edgetpu/edgetpu_app_service.te
similarity index 94%
rename from whitechapel/vendor/google/edgetpu_app_service.te
rename to edgetpu/edgetpu_app_service.te
index ffecdd1..58ce246 100644
--- a/whitechapel/vendor/google/edgetpu_app_service.te
+++ b/edgetpu/edgetpu_app_service.te
@@ -9,9 +9,6 @@
# The server will serve a binder service.
binder_service(edgetpu_app_server);
-# EdgeTPU binder service type declaration.
-type edgetpu_app_service, service_manager_type;
-
# EdgeTPU server to register the service to service_manager.
add_service(edgetpu_app_server, edgetpu_app_service);
diff --git a/whitechapel/vendor/google/edgetpu_logging.te b/edgetpu/edgetpu_logging.te
similarity index 100%
rename from whitechapel/vendor/google/edgetpu_logging.te
rename to edgetpu/edgetpu_logging.te
diff --git a/whitechapel/vendor/google/edgetpu_vendor_service.te b/edgetpu/edgetpu_vendor_service.te
similarity index 100%
rename from whitechapel/vendor/google/edgetpu_vendor_service.te
rename to edgetpu/edgetpu_vendor_service.te
diff --git a/edgetpu/file.te b/edgetpu/file.te
new file mode 100644
index 0000000..2482dbf
--- /dev/null
+++ b/edgetpu/file.te
@@ -0,0 +1,9 @@
+# EdgeTPU sysfs
+type sysfs_edgetpu, sysfs_type, fs_type;
+
+# EdgeTPU hal data file
+type hal_neuralnetworks_darwinn_data_file, file_type, data_file_type;
+
+# EdgeTPU vendor service data file
+type edgetpu_vendor_service_data_file, file_type, data_file_type;
+
diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts
new file mode 100644
index 0000000..e0439c4
--- /dev/null
+++ b/edgetpu/file_contexts
@@ -0,0 +1,25 @@
+# EdgeTPU logging service
+/vendor/bin/hw/android\.hardware\.edgetpu\.logging@service-edgetpu-logging u:object_r:edgetpu_logging_exec:s0
+
+# EdgeTPU device (DarwiNN)
+/dev/abrolhos u:object_r:edgetpu_device:s0
+
+# EdgeTPU service binaries and libraries
+/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0
+/vendor/lib64/com\.google\.edgetpu_app_service-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
+/vendor/lib64/libedgetpu_client\.google\.so u:object_r:same_process_hal_file:s0
+
+# EdgeTPU vendor service
+/vendor/bin/hw/vendor\.google\.edgetpu_vendor_service@1\.0-service u:object_r:edgetpu_vendor_server_exec:s0
+/vendor/lib64/com\.google\.edgetpu_vendor_service-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
+
+# EdgeTPU runtime libraries
+/vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0
+
+# EdgeTPU data files
+/data/vendor/edgetpu(/.*)? u:object_r:edgetpu_vendor_service_data_file:s0
+/data/vendor/hal_neuralnetworks_darwinn(/.*)? u:object_r:hal_neuralnetworks_darwinn_data_file:s0
+
+# NeuralNetworks file contexts
+/vendor/bin/hw/android\.hardware\.neuralnetworks@service-darwinn-aidl u:object_r:hal_neuralnetworks_darwinn_exec:s0
+
diff --git a/edgetpu/genfs_contexts b/edgetpu/genfs_contexts
new file mode 100644
index 0000000..345d299
--- /dev/null
+++ b/edgetpu/genfs_contexts
@@ -0,0 +1,4 @@
+# EdgeTPU
+genfscon sysfs /devices/platform/1ce00000.abrolhos u:object_r:sysfs_edgetpu:s0
+genfscon sysfs /devices/platform/abrolhos u:object_r:sysfs_edgetpu:s0
+
diff --git a/whitechapel/vendor/google/hal_neuralnetworks_darwinn.te b/edgetpu/hal_neuralnetworks_darwinn.te
similarity index 100%
rename from whitechapel/vendor/google/hal_neuralnetworks_darwinn.te
rename to edgetpu/hal_neuralnetworks_darwinn.te
diff --git a/whitechapel/vendor/google/priv_app.te b/edgetpu/priv_app.te
similarity index 100%
rename from whitechapel/vendor/google/priv_app.te
rename to edgetpu/priv_app.te
diff --git a/edgetpu/property.te b/edgetpu/property.te
new file mode 100644
index 0000000..ed93d44
--- /dev/null
+++ b/edgetpu/property.te
@@ -0,0 +1,4 @@
+# EdgeTPU service requires system public properties
+# since it lives under /system_ext/.
+system_public_prop(vendor_edgetpu_service_prop)
+
diff --git a/edgetpu/property_contexts b/edgetpu/property_contexts
new file mode 100644
index 0000000..130cfef
--- /dev/null
+++ b/edgetpu/property_contexts
@@ -0,0 +1,3 @@
+# for EdgeTPU
+vendor.edgetpu.service. u:object_r:vendor_edgetpu_service_prop:s0
+
diff --git a/edgetpu/service.te b/edgetpu/service.te
new file mode 100644
index 0000000..46bee03
--- /dev/null
+++ b/edgetpu/service.te
@@ -0,0 +1,5 @@
+# EdgeTPU binder service type declaration.
+type edgetpu_app_service, service_manager_type;
+
+type edgetpu_vendor_service, service_manager_type, vendor_service;
+type edgetpu_nnapi_service, app_api_service, service_manager_type, vendor_service;
diff --git a/edgetpu/service_contexts b/edgetpu/service_contexts
new file mode 100644
index 0000000..76fe43d
--- /dev/null
+++ b/edgetpu/service_contexts
@@ -0,0 +1,7 @@
+# EdgeTPU service
+com.google.edgetpu.IEdgeTpuAppService/default u:object_r:edgetpu_app_service:s0
+com.google.edgetpu.IEdgeTpuVendorService/default u:object_r:edgetpu_vendor_service:s0
+
+# TPU NNAPI Service
+android.hardware.neuralnetworks.IDevice/google-edgetpu u:object_r:edgetpu_nnapi_service:s0
+
diff --git a/edgetpu/untrusted_app_all.te b/edgetpu/untrusted_app_all.te
new file mode 100644
index 0000000..9abec61
--- /dev/null
+++ b/edgetpu/untrusted_app_all.te
@@ -0,0 +1,7 @@
+# Allows applications to discover the EdgeTPU service.
+allow untrusted_app_all edgetpu_app_service:service_manager find;
+
+# Allows applications to access the EdgeTPU device, except open, which is guarded
+# by the EdgeTPU service.
+allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };
+
diff --git a/edgetpu/vendor_init.te b/edgetpu/vendor_init.te
new file mode 100644
index 0000000..aec7958
--- /dev/null
+++ b/edgetpu/vendor_init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_edgetpu_service_prop)
diff --git a/tracking_denials/hal_neuralnetworks_darwinn.te b/tracking_denials/hal_neuralnetworks_darwinn.te
deleted file mode 100644
index 54fa8a2..0000000
--- a/tracking_denials/hal_neuralnetworks_darwinn.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# b/182524105
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { open };
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { write };
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { map };
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { write };
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { read };
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { open };
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { map };
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { read };
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { read };
-dontaudit hal_neuralnetworks_darwinn tmpfs:file { read };
-# b/183935302
-dontaudit hal_neuralnetworks_darwinn proc_version:file { read };
-dontaudit hal_neuralnetworks_darwinn proc_version:file { read };
diff --git a/whitechapel/vendor/google/device.te b/whitechapel/vendor/google/device.te
index 63bd319..68a73c6 100644
--- a/whitechapel/vendor/google/device.te
+++ b/whitechapel/vendor/google/device.te
@@ -21,9 +21,6 @@
# usbpd
type logbuffer_device, dev_type;
-# EdgeTPU device (DarwiNN)
-type edgetpu_device, dev_type, mlstrustedobject;
-
#cpuctl
type cpuctl_device, dev_type;
diff --git a/whitechapel/vendor/google/file.te b/whitechapel/vendor/google/file.te
index 412f03d..3518bea 100644
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@@ -133,15 +133,6 @@
type vendor_camera_tuning_file, vendor_file_type, file_type;
type vendor_camera_data_file, file_type, data_file_type;
-# EdgeTPU hal data file
-type hal_neuralnetworks_darwinn_data_file, file_type, data_file_type;
-
-# EdgeTPU vendor service data file
-type edgetpu_vendor_service_data_file, file_type, data_file_type;
-
-# EdgeTPU sysfs
-type sysfs_edgetpu, sysfs_type, fs_type;
-
# Vendor sched files
type sysfs_vendor_sched, sysfs_type, fs_type;
userdebug_or_eng(`
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 45d9d76..d04d3ab 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -344,9 +344,6 @@
# AoC file contexts.
/vendor/bin/aocd u:object_r:aocd_exec:s0
-# NeuralNetworks file contexts
-/vendor/bin/hw/android\.hardware\.neuralnetworks@service-darwinn-aidl u:object_r:hal_neuralnetworks_darwinn_exec:s0
-
# GRIL
/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0
@@ -363,28 +360,6 @@
# Citadel StrongBox
/dev/gsc0 u:object_r:citadel_device:s0
-# EdgeTPU device (DarwiNN)
-/dev/abrolhos u:object_r:edgetpu_device:s0
-
-# EdgeTPU logging service
-/vendor/bin/hw/android\.hardware\.edgetpu\.logging@service-edgetpu-logging u:object_r:edgetpu_logging_exec:s0
-
-# EdgeTPU service binaries and libraries
-/system_ext/bin/hw/vendor\.google\.edgetpu_app_service@1\.0-service u:object_r:edgetpu_app_server_exec:s0
-/vendor/lib64/com\.google\.edgetpu_app_service-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
-/vendor/lib64/libedgetpu_client\.google\.so u:object_r:same_process_hal_file:s0
-
-# EdgeTPU vendor service
-/vendor/bin/hw/vendor\.google\.edgetpu_vendor_service@1\.0-service u:object_r:edgetpu_vendor_server_exec:s0
-/vendor/lib64/com\.google\.edgetpu_vendor_service-V1-ndk_platform\.so u:object_r:same_process_hal_file:s0
-
-# EdgeTPU runtime libraries
-/vendor/lib64/libedgetpu_util\.so u:object_r:same_process_hal_file:s0
-
-# EdgeTPU data files
-/data/vendor/edgetpu(/.*)? u:object_r:edgetpu_vendor_service_data_file:s0
-/data/vendor/hal_neuralnetworks_darwinn(/.*)? u:object_r:hal_neuralnetworks_darwinn_data_file:s0
-
# Tetheroffload Service
/dev/dit2 u:object_r:vendor_toe_device:s0
/vendor/bin/hw/vendor\.samsung_slsi\.hardware\.tetheroffload@1\.0-service u:object_r:hal_tetheroffload_default_exec:s0
diff --git a/whitechapel/vendor/google/genfs_contexts b/whitechapel/vendor/google/genfs_contexts
index 3a31a33..f384ae6 100644
--- a/whitechapel/vendor/google/genfs_contexts
+++ b/whitechapel/vendor/google/genfs_contexts
@@ -109,10 +109,6 @@
genfscon proc /fts_ext/driver_test u:object_r:proc_touch:s0
genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0
-# EdgeTPU
-genfscon sysfs /devices/platform/1ce00000.abrolhos u:object_r:sysfs_edgetpu:s0
-genfscon sysfs /devices/platform/abrolhos u:object_r:sysfs_edgetpu:s0
-
# Vendor sched files
genfscon sysfs /kernel/vendor_sched u:object_r:sysfs_vendor_sched:s0
genfscon proc /vendor_sched u:object_r:proc_vendor_sched:s0
diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te
index f540c88..9454c2e 100644
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@@ -27,10 +27,6 @@
vendor_internal_prop(vendor_camera_fatp_prop)
vendor_internal_prop(vendor_gps_prop)
-# EdgeTPU service requires system public properties
-# since it lives under /system_ext/.
-system_public_prop(vendor_edgetpu_service_prop)
-
# Battery defender
vendor_internal_prop(vendor_battery_defender_prop)
diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts
index 6149725..94d4065 100644
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@@ -90,9 +90,6 @@
# for gps
vendor.gps u:object_r:vendor_gps_prop:s0
-# for EdgeTPU
-vendor.edgetpu.service. u:object_r:vendor_edgetpu_service_prop:s0
-
# SecureElement
persist.vendor.se. u:object_r:vendor_secure_element_prop:s0
diff --git a/whitechapel/vendor/google/service.te b/whitechapel/vendor/google/service.te
index c47e63f..99e9948 100644
--- a/whitechapel/vendor/google/service.te
+++ b/whitechapel/vendor/google/service.te
@@ -2,5 +2,3 @@
type uwb_vendor_service, service_manager_type, vendor_service;
type touch_context_service, service_manager_type, vendor_service;
type hal_uwb_service, service_manager_type, vendor_service;
-type edgetpu_vendor_service, service_manager_type, vendor_service;
-type edgetpu_nnapi_service, app_api_service, service_manager_type, vendor_service;
diff --git a/whitechapel/vendor/google/service_contexts b/whitechapel/vendor/google/service_contexts
index 4e005ec..687f8cc 100644
--- a/whitechapel/vendor/google/service_contexts
+++ b/whitechapel/vendor/google/service_contexts
@@ -1,10 +1,3 @@
-# EdgeTPU service
-com.google.edgetpu.IEdgeTpuAppService/default u:object_r:edgetpu_app_service:s0
-com.google.edgetpu.IEdgeTpuVendorService/default u:object_r:edgetpu_vendor_service:s0
-
-# TPU NNAPI Service
-android.hardware.neuralnetworks.IDevice/google-edgetpu u:object_r:edgetpu_nnapi_service:s0
-
com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0
com.google.input.ITouchContextService/default u:object_r:touch_context_service:s0
uwb_vendor u:object_r:uwb_vendor_service:s0
diff --git a/whitechapel/vendor/google/untrusted_app_all.te b/whitechapel/vendor/google/untrusted_app_all.te
index cd7fb41..a4d8beb 100644
--- a/whitechapel/vendor/google/untrusted_app_all.te
+++ b/whitechapel/vendor/google/untrusted_app_all.te
@@ -1,10 +1,3 @@
-# Allows applications to discover the EdgeTPU service.
-allow untrusted_app_all edgetpu_app_service:service_manager find;
-
-# Allows applications to access the EdgeTPU device, except open, which is guarded
-# by the EdgeTPU service.
-allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };
-
# Allows Exoplayer(and other applications) access to the vstream-secure DMA-BUF heap
# for secure video playback
allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;
diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te
index 5a86ade..8e3e369 100644
--- a/whitechapel/vendor/google/vendor_init.te
+++ b/whitechapel/vendor/google/vendor_init.te
@@ -10,7 +10,6 @@
set_prop(vendor_init, vendor_ssrdump_prop)
set_prop(vendor_init, vendor_ro_config_default_prop)
get_prop(vendor_init, vendor_touchpanel_prop)
-set_prop(vendor_init, vendor_edgetpu_service_prop)
set_prop(vendor_init, vendor_tcpdump_log_prop)
set_prop(vendor_init, vendor_thermal_prop)