1# Tachyon service. 2type edgetpu_tachyon_server, domain; 3type edgetpu_tachyon_server_exec, exec_type, vendor_file_type, file_type; 4init_daemon_domain(edgetpu_tachyon_server) 5 6# The vendor service will use binder calls. 7binder_use(edgetpu_tachyon_server); 8 9# The vendor service will serve a binder service. 10binder_service(edgetpu_tachyon_server); 11 12# Tachyon service to register the service to service_manager. 13add_service(edgetpu_tachyon_server, edgetpu_tachyon_service); 14 15# Allow Tachyon service to access the edgetpu_app_service. 16allow edgetpu_tachyon_server edgetpu_app_service:service_manager find; 17binder_call(edgetpu_tachyon_server, edgetpu_app_server); 18 19# Allow Tachyon service to look for TPU instance in /dev/edgetpu or /dev/edgetpu-soc. 20allow edgetpu_tachyon_server edgetpu_device:chr_file rw_file_perms; 21 22# Allow Tachyon service to access hardware buffers and ION memory. 23allow edgetpu_tachyon_server hal_allocator:fd use; 24allow edgetpu_tachyon_server hal_graphics_mapper_hwservice:hwservice_manager find; 25allow edgetpu_tachyon_server hal_graphics_allocator:fd use; 26allow edgetpu_tachyon_server gpu_device:chr_file rw_file_perms; 27allow edgetpu_tachyon_server gpu_device:dir r_dir_perms; 28allow edgetpu_tachyon_server ion_device:chr_file r_file_perms; 29 30# Allow Tachyon service to access dmabuf sysytem. 31allow edgetpu_tachyon_server dmabuf_system_heap_device:chr_file r_file_perms; 32 33# Allow Tachyon service to read the overcommit_memory info. 34allow edgetpu_tachyon_server proc_overcommit_memory:file r_file_perms; 35 36# Allow Tachyon service to read the kernel version. 37# This is done inside the InitGoogle. 38allow edgetpu_tachyon_server proc_version:file r_file_perms; 39 40# Allow Tachyon service to send trace packets to Perfetto with SELinux enabled 41# under userdebug builds. 42userdebug_or_eng(`perfetto_producer(edgetpu_tachyon_server)') 43 44# Allow Tachyon service to read tflite DarwiNN delegate properties 45get_prop(edgetpu_tachyon_server, vendor_tflite_delegate_prop) 46# Allow Tachyon service to read DarwiNN runtime properties 47get_prop(edgetpu_tachyon_server, vendor_edgetpu_runtime_prop) 48# Allow Tachyon service to read hetero runtime properties 49get_prop(edgetpu_tachyon_server, vendor_hetero_runtime_prop) 50# Allow Tachyon service to read EdgeTPU CPU scheduler properties 51get_prop(edgetpu_tachyon_server, vendor_edgetpu_cpu_scheduler_prop) 52 53# Allow mlock without size restriction 54allow edgetpu_tachyon_server self:capability ipc_lock; 55 56# Need to effectively read file mapped file when mmap + mlocked. 57allow edgetpu_tachyon_server privapp_data_file:file { map read}; 58 59# For shell level testing of mlock 60userdebug_or_eng(` 61 allow edgetpu_tachyon_server shell_data_file:file { map read}; 62') 63