Add SELinux policy for edgetpu_native device_config prop

The new android property namespace will store the configurations which are set on the server side and read by the EdgeTpu HAL. Notes: * This CL is similar to nnapi_native CL: https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/1844919 * The read permission of EdgeTpu HAL will be added in another internal CL. Test: mm Bug: 243553703 Bug: 246401730 Change-Id: I5705f679148b313d919f334c51e31f7645aca82a
2023-02-13 21:55:57 +00:00 · 2023-02-13 21:55:57 +00:00 · 70e1942fb3
commit 70e1942fb3
parent b9a2339bf8
5 changed files with 6 additions and 0 deletions
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@ -13,6 +13,7 @@
    credential_service
    device_as_webcam
    device_config_camera_native_prop
+    device_config_edgetpu_native_prop
    device_config_memory_safety_native_boot_prop
    device_config_memory_safety_native_prop
    device_config_vendor_system_native_prop
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@ -3,6 +3,7 @@ typeattribute flags_health_check coredomain;
 init_daemon_domain(flags_health_check)

 set_prop(flags_health_check, device_config_boot_count_prop)
+set_prop(flags_health_check, device_config_edgetpu_native_prop)
 set_prop(flags_health_check, device_config_reset_performed_prop)
 set_prop(flags_health_check, device_config_runtime_native_boot_prop)
 set_prop(flags_health_check, device_config_runtime_native_prop)
--- a/private/property_contexts
+++ b/private/property_contexts
@ -250,6 +250,7 @@ persist.device_config.attempted_boot_count          u:object_r:device_config_boo
 persist.device_config.camera_native.                u:object_r:device_config_camera_native_prop:s0
 persist.device_config.configuration.                u:object_r:device_config_configuration_prop:s0
 persist.device_config.connectivity.                 u:object_r:device_config_connectivity_prop:s0
+persist.device_config.edgetpu_native.               u:object_r:device_config_edgetpu_native_prop:s0
 persist.device_config.input_native_boot.            u:object_r:device_config_input_native_boot_prop:s0
 persist.device_config.lmkd_native.                  u:object_r:device_config_lmkd_native_prop:s0
 persist.device_config.media_native.                 u:object_r:device_config_media_native_prop:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@ -739,6 +739,7 @@ set_prop(system_server, ctl_gsid_prop)
 set_prop(system_server, cppreopt_prop)

 # server configurable flags properties
+set_prop(system_server, device_config_edgetpu_native_prop)
 set_prop(system_server, device_config_input_native_boot_prop)
 set_prop(system_server, device_config_netd_native_prop)
 set_prop(system_server, device_config_nnapi_native_prop)
@ -1296,6 +1297,7 @@ neverallow {
  device_config_lmkd_native_prop
  device_config_netd_native_prop
  device_config_nnapi_native_prop
+  device_config_edgetpu_native_prop
  device_config_runtime_native_boot_prop
  device_config_runtime_native_prop
  device_config_media_native_prop
--- a/public/property.te
+++ b/public/property.te
@ -66,6 +66,7 @@ system_restricted_prop(bq_config_prop)
 system_restricted_prop(build_bootimage_prop)
 system_restricted_prop(build_prop)
 system_restricted_prop(device_config_camera_native_prop)
+system_restricted_prop(device_config_edgetpu_native_prop)
 system_restricted_prop(device_config_nnapi_native_prop)
 system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)