Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / e9d07b9e5f55b82ad31bad4e3f1e8cfba5349657^! / .
commite9d07b9e5f55b82ad31bad4e3f1e8cfba5349657[log] [tgz]
authorMichael Butler <butlermichael@google.com>Thu Jun 29 18:33:03 2017 -0700
committerMichael Butler <butlermichael@google.com>Tue Jul 25 20:42:26 2017 +0000
tree320410de1ce2f490088d0e14862a7098084e212f
parentfde0e02a2c961efcf7552c0ea95ad170bbf3e15f [diff]
Default sepolicy rules for initial upload of Neural Network API.

Bug: 63905942
Test: mm -j40
Change-Id: I354ee863475aedd2dc9d2b436a00bcd82931456f
(cherry picked from commit 4fc5fb5e521347d65dc921f8c1fb751c66f9a92c)

diff --git a/prebuilts/api/26.0/26.0.ignore.cil b/prebuilts/api/26.0/26.0.ignore.cil
index 874f710..6c2da16 100644
--- a/prebuilts/api/26.0/26.0.ignore.cil
+++ b/prebuilts/api/26.0/26.0.ignore.cil

@@ -7,6 +7,7 @@
     e2fs
     e2fs_exec
     hal_cas_hwservice
+    hal_neuralnetworks_hwservice
     hal_tetheroffload_hwservice
     kmsg_debug_device
     netd_stable_secret_prop

diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 702795d..3f3454f 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts

@@ -26,6 +26,7 @@
 android.hardware.media.omx::IOmx                                u:object_r:hal_omx_hwservice:s0
 android.hardware.media.omx::IOmxStore                           u:object_r:hal_omx_hwservice:s0
 android.hardware.memtrack::IMemtrack                            u:object_r:hal_memtrack_hwservice:s0
+android.hardware.neuralnetworks::IDevice                        u:object_r:hal_neuralnetworks_hwservice:s0
 android.hardware.nfc::INfc                                      u:object_r:hal_nfc_hwservice:s0
 android.hardware.oemlock::IOemLock                              u:object_r:hal_oemlock_hwservice:s0
 android.hardware.power::IPower                                  u:object_r:hal_power_hwservice:s0

diff --git a/private/system_server.te b/private/system_server.te
index fddfe2d..e61b303 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -194,6 +194,7 @@
 hal_client_domain(system_server, hal_ir)
 hal_client_domain(system_server, hal_light)
 hal_client_domain(system_server, hal_memtrack)
+hal_client_domain(system_server, hal_neuralnetworks)
 hal_client_domain(system_server, hal_oemlock)
 allow system_server hal_omx_hwservice:hwservice_manager find;
 allow system_server hidl_token_hwservice:hwservice_manager find;

diff --git a/public/attributes b/public/attributes
index cd4b820..7ee7daf 100644
--- a/public/attributes
+++ b/public/attributes

@@ -289,6 +289,12 @@
 expandattribute hal_memtrack_client true;
 attribute hal_memtrack_server;
 expandattribute hal_memtrack_server false;
+attribute hal_neuralnetworks;
+expandattribute hal_neuralnetworks true;
+attribute hal_neuralnetworks_client;
+expandattribute hal_neuralnetworks_client true;
+attribute hal_neuralnetworks_server;
+expandattribute hal_neuralnetworks_server false;
 attribute hal_nfc;
 expandattribute hal_nfc true;
 attribute hal_nfc_client;

diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
new file mode 100644
index 0000000..c697ac2
--- /dev/null
+++ b/public/hal_neuralnetworks.te

@@ -0,0 +1,8 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_neuralnetworks_client, hal_neuralnetworks_server)
+binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client)
+
+add_hwservice(hal_neuralnetworks_server, hal_neuralnetworks_hwservice)
+allow hal_neuralnetworks_client hal_neuralnetworks_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
+allow hal_neuralnetworks hal_allocator:fd use;

diff --git a/public/hwservice.te b/public/hwservice.te
index 815221d..ce27f21 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te

@@ -22,6 +22,7 @@
 type hal_keymaster_hwservice, hwservice_manager_type;
 type hal_light_hwservice, hwservice_manager_type;
 type hal_memtrack_hwservice, hwservice_manager_type;
+type hal_neuralnetworks_hwservice, hwservice_manager_type;
 type hal_nfc_hwservice, hwservice_manager_type;
 type hal_oemlock_hwservice, hwservice_manager_type;
 type hal_omx_hwservice, hwservice_manager_type;