# Allows applications to discover the EdgeTPU service. | |
allow untrusted_app_all edgetpu_service:service_manager find; | |
# Allows applications to access the EdgeTPU device, except open, which is guarded | |
# by the EdgeTPU service. | |
allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map }; | |
# Allows Exoplayer(and other applications) access to the vstream-secure DMA-BUF heap | |
# for secure video playback | |
allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms; |