| Dan Cashman | 91d398d | 2017-09-26 12:58:29 -0700 | [diff] [blame] | 1 | # HwBinder IPC from client to server, and callbacks |
| 2 | binder_call(hal_neuralnetworks_client, hal_neuralnetworks_server) |
| 3 | binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client) |
| 4 | |
| Steven Moreland | 9234e00 | 2018-06-06 09:30:18 -0700 | [diff] [blame] | 5 | hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice) |
| Dan Cashman | 91d398d | 2017-09-26 12:58:29 -0700 | [diff] [blame] | 6 | allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find; |
| 7 | allow hal_neuralnetworks hal_allocator:fd use; |
| Xusong Wang | 83db40b | 2020-02-21 10:53:09 -0800 | [diff] [blame] | 8 | allow hal_neuralnetworks hal_graphics_mapper_hwservice:hwservice_manager find; |
| 9 | allow hal_neuralnetworks hal_graphics_allocator:fd use; |
| Jason Macnak | 2102119 | 2022-05-12 21:01:45 +0000 | [diff] [blame^] | 10 | allow hal_neuralnetworks gpu_device:chr_file rw_file_perms; |
| 11 | allow hal_neuralnetworks gpu_device:dir r_dir_perms; |
| Michael Butler | 3ff7bf8 | 2018-12-07 17:24:24 -0800 | [diff] [blame] | 12 | |
| 13 | # Allow NN HAL service to use a client-provided fd residing in /data/data/. |
| 14 | allow hal_neuralnetworks_server app_data_file:file { read write getattr map }; |
| Miao Wang | 8c2f4ba | 2019-04-24 16:44:41 -0700 | [diff] [blame] | 15 | allow hal_neuralnetworks_server privapp_data_file:file { read write getattr map }; |
| Michael Butler | 3ff7bf8 | 2018-12-07 17:24:24 -0800 | [diff] [blame] | 16 | |
| 17 | # Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/. |
| 18 | allow hal_neuralnetworks_server shell_data_file:file { read write getattr map }; |
| Przemyslaw Szczepaniak | 62a22ce | 2019-04-02 15:34:16 +0100 | [diff] [blame] | 19 | |
| Xusong Wang | 83db40b | 2020-02-21 10:53:09 -0800 | [diff] [blame] | 20 | # Allow NN HAL service to read a client-provided ION memory fd. |
| 21 | allow hal_neuralnetworks_server ion_device:chr_file r_file_perms; |
| 22 | |
| Przemysław Szczepaniak | 94be980 | 2020-04-23 17:04:05 +0100 | [diff] [blame] | 23 | # Allow NN HAL service to use a client-provided fd residing in /storage |
| 24 | allow hal_neuralnetworks_server storage_file:file { getattr map read }; |
| 25 | |
| Xusong Wang | c4e559e | 2021-04-16 16:34:57 -0700 | [diff] [blame] | 26 | # Allow NN HAL service to read a client-provided fd residing in /data/app/. |
| 27 | allow hal_neuralnetworks_server apk_data_file:file { getattr map read }; |
| 28 | |
| Przemyslaw Szczepaniak | 62a22ce | 2019-04-02 15:34:16 +0100 | [diff] [blame] | 29 | # Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product |
| 30 | # property to determine whether to deny NNAPI extensions use for apps |
| 31 | # on product partition (apps in GSI are not allowed to use NNAPI extensions). |
| 32 | get_prop(hal_neuralnetworks_client, nnapi_ext_deny_product_prop); |
| Ian Hua | 91d153e | 2021-10-05 15:23:18 +0100 | [diff] [blame] | 33 | |
| 34 | # Allow NN HAL client to read device_config_nnapi_native_prop. |
| 35 | get_prop(hal_neuralnetworks_client, device_config_nnapi_native_prop) |
| 36 | |
| Przemyslaw Szczepaniak | 62a22ce | 2019-04-02 15:34:16 +0100 | [diff] [blame] | 37 | # This property is only expected to be found in /product/build.prop, |
| 38 | # allow to be set only by init. |
| 39 | neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set; |
| Lev Proleev | e4414bf | 2021-01-19 15:23:51 +0000 | [diff] [blame] | 40 | |
| 41 | # Define sepolicy for NN AIDL HAL service |
| 42 | hal_attribute_service(hal_neuralnetworks, hal_neuralnetworks_service) |
| 43 | binder_call(hal_neuralnetworks_server, servicemanager) |
| 44 | |
| Michael Butler | 581faff | 2021-04-13 16:27:19 -0700 | [diff] [blame] | 45 | binder_use(hal_neuralnetworks_server) |
| 46 | |
| Lev Proleev | e4414bf | 2021-01-19 15:23:51 +0000 | [diff] [blame] | 47 | allow hal_neuralnetworks_server dumpstate:fifo_file write; |