Allow applications to use NN API HAL services The NeuralNetworks runtime is a library that communicates with NeuralNetworks HIDL services and is linked by applications. To enable the NN runtime to use these services, applications must have explicit sepolicy permissions to find the NN services and communicate across binder. This CL relaxes neverallow rules for hal_neuralnetworks_*. Because it is affecting pre-existing neverallow rules, this CL requires a CTS rebuild. Bug: 70340780 Test: mm Test: ran neuralnetworks vts and cts binaries Change-Id: I84f73ac77486681f91d1f8687268c0fa22a7ba0b (cherry picked from commit 598870bebc4bb34542df81799b46f3cdcfb6723b)

commit: ea331aa7b8e5cda406ac5da77b7c5c8477f4ea0f [log] [tgz]
author: Michael Butler <butlermichael@google.com> Fri Dec 15 14:16:25 2017 -0800
committer: Yang Ni <yangni@google.com> Tue Jan 16 13:50:37 2018 -0800
tree: 844c562fdd0b4cf00a64b9269906b6d1e4becf6f
parent: ba6cd7b1fefa79de880463e5dff9c8901718fbed [diff] [blame]
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 974f328..7f9d315 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil

@@ -31,3 +31,8 @@
 ; Unfortunately, we can't currently express this in module policy language:
 ;     typeattribute hal_camera hal_allocator_client;
 (typeattributeset hal_allocator_client (hal_camera))
+
+; Apps, except isolated apps, are clients of Neuralnetworks HAL
+; Unfortunately, we can't currently express this in module policy language:
+;     typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
+(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
commit	ea331aa7b8e5cda406ac5da77b7c5c8477f4ea0f	[log] [tgz]
author	Michael Butler <butlermichael@google.com>	Fri Dec 15 14:16:25 2017 -0800
committer	Yang Ni <yangni@google.com>	Tue Jan 16 13:50:37 2018 -0800
tree	844c562fdd0b4cf00a64b9269906b6d1e4becf6f
parent	ba6cd7b1fefa79de880463e5dff9c8901718fbed [diff] [blame]