1type hal_neuralnetworks_darwinn, domain; 2hal_server_domain(hal_neuralnetworks_darwinn, hal_neuralnetworks) 3 4type hal_neuralnetworks_darwinn_exec, exec_type, vendor_file_type, file_type; 5init_daemon_domain(hal_neuralnetworks_darwinn) 6 7# The TPU HAL looks for TPU instance in /dev/abrolhos 8allow hal_neuralnetworks_darwinn edgetpu_device:chr_file rw_file_perms; 9 10# Allow DarwiNN service to use a client-provided fd residing in /vendor/etc/. 11allow hal_neuralnetworks_darwinn vendor_configs_file:file r_file_perms; 12 13# Allow DarwiNN service to access data files. 14allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:file create_file_perms; 15allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:dir rw_dir_perms; 16 17# Allow DarwiNN service to access unix sockets for IPC. 18allow hal_neuralnetworks_darwinn hal_neuralnetworks_darwinn_data_file:sock_file { create unlink rw_file_perms }; 19 20# Register to hwbinder service. 21# add_hwservice() is granted by hal_server_domain + hal_neuralnetworks.te 22hwbinder_use(hal_neuralnetworks_darwinn) 23get_prop(hal_neuralnetworks_darwinn, hwservicemanager_prop) 24 25# Allow TPU HAL to read the kernel version. 26# This is done inside the InitGoogle. 27allow hal_neuralnetworks_darwinn proc_version:file r_file_perms; 28 29# Allow TPU NNAPI HAL to log to stats service. (metrics) 30allow hal_neuralnetworks_darwinn fwk_stats_service:service_manager find; 31binder_call(hal_neuralnetworks_darwinn, system_server); 32binder_use(hal_neuralnetworks_darwinn) 33 34# Allow TPU NNAPI HAL to request power hints from the Power Service 35hal_client_domain(hal_neuralnetworks_darwinn, hal_power) 36 37# TPU NNAPI to register the service to service_manager. 38add_service(hal_neuralnetworks_darwinn, edgetpu_nnapi_service); 39 40# Allow TPU NNAPI HAL to read the overcommit_memory info. 41allow hal_neuralnetworks_darwinn proc_overcommit_memory:file r_file_perms; 42 43# Allows the logging service to access /sys/class/edgetpu 44allow hal_neuralnetworks_darwinn sysfs_edgetpu:dir r_dir_perms; 45allow hal_neuralnetworks_darwinn sysfs_edgetpu:file r_file_perms; 46 47# Allows the NNAPI HAL to access the edgetpu_app_service 48allow hal_neuralnetworks_darwinn edgetpu_app_service:service_manager find; 49binder_call(hal_neuralnetworks_darwinn, edgetpu_app_server); 50 51# Allow NNAPI HAL to send trace packets to Perfetto with SELinux enabled 52# under userdebug builds. 53userdebug_or_eng(`perfetto_producer(hal_neuralnetworks_darwinn)') 54 55# Allow NNAPI HAL to read tflite DarwiNN delegate properties 56get_prop(hal_neuralnetworks_darwinn, vendor_tflite_delegate_prop) 57# Allow NNAPI HAL to read DarwiNN runtime properties 58get_prop(hal_neuralnetworks_darwinn, vendor_edgetpu_runtime_prop) 59# Allow NNAPI HAL to read hetero runtime properties 60get_prop(hal_neuralnetworks_darwinn, vendor_hetero_runtime_prop) 61 62# Allow DMA Buf access. 63allow hal_neuralnetworks_darwinn dmabuf_system_heap_device:chr_file r_file_perms; 64 65