1# EdgeTPU DBA service. 2type edgetpu_dba_server, domain; 3type edgetpu_dba_server_exec, exec_type, vendor_file_type, file_type; 4init_daemon_domain(edgetpu_dba_server) 5 6# The vendor service will use binder calls. 7binder_use(edgetpu_dba_server); 8 9# The vendor service will serve a binder service. 10binder_service(edgetpu_dba_server); 11 12# EdgeTPU DBA service to register the service to service_manager. 13add_service(edgetpu_dba_server, edgetpu_dba_service); 14 15# Allow EdgeTPU DBA service to access the edgetpu_app_service. 16allow edgetpu_dba_server edgetpu_app_service:service_manager find; 17binder_call(edgetpu_dba_server, edgetpu_app_server); 18 19# Allow EdgeTPU DBA service to look for TPU instance in /dev/edgetpu or /dev/edgetpu-soc. 20allow edgetpu_dba_server edgetpu_device:chr_file rw_file_perms; 21 22# Allow EdgeTPU DBA service to request power hints from the Power Service. 23hal_client_domain(edgetpu_dba_server, hal_power) 24 25# Allow EdgeTPU DBA service to access hardware buffers and ION memory. 26allow edgetpu_dba_server hal_allocator:fd use; 27allow edgetpu_dba_server hal_graphics_mapper_hwservice:hwservice_manager find; 28allow edgetpu_dba_server hal_graphics_allocator:fd use; 29allow edgetpu_dba_server gpu_device:chr_file rw_file_perms; 30allow edgetpu_dba_server gpu_device:dir r_dir_perms; 31allow edgetpu_dba_server ion_device:chr_file r_file_perms; 32 33# Allow EdgeTPU DBA service to read the overcommit_memory info. 34allow edgetpu_dba_server proc_overcommit_memory:file r_file_perms; 35 36# Allow EdgeTPU DBA service to read the kernel version. 37# This is done inside the InitGoogle. 38allow edgetpu_dba_server proc_version:file r_file_perms; 39 40# Allow EdgeTPU DBA service to send trace packets to Perfetto with SELinux enabled 41# under userdebug builds. 42userdebug_or_eng(`perfetto_producer(edgetpu_dba_server)') 43 44# Allow EdgeTPU DBA service to read tflite DarwiNN delegate properties 45get_prop(edgetpu_dba_server, vendor_tflite_delegate_prop) 46# Allow EdgeTPU DBA service to read DarwiNN runtime properties 47get_prop(edgetpu_dba_server, vendor_edgetpu_runtime_prop) 48# Allow EdgeTPU DBA service to read hetero runtime properties 49get_prop(edgetpu_dba_server, vendor_hetero_runtime_prop) 50# Allow EdgeTPU DBA service to read EdgeTPU CPU scheduler properties 51get_prop(edgetpu_dba_server, vendor_edgetpu_cpu_scheduler_prop) 52 53# Allow DMA Buf access. 54allow edgetpu_dba_server dmabuf_system_heap_device:chr_file r_file_perms; 55 56