whitechapel/vendor/google/untrusted_app_all.te - device/google/gs101-sepolicy - Git at Google

 # Allows applications to discover the EdgeTPU service.
 allow untrusted_app_all edgetpu_service:service_manager find;

 # Allows applications to access the EdgeTPU device, except open, which is guarded
 # by the EdgeTPU service.
 allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };

 # Allows Exoplayer(and other applications) access to the vstream-secure DMA-BUF heap
 # for secure video playback
 allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;
	# Allows applications to discover the EdgeTPU service.
	allow untrusted_app_all edgetpu_service:service_manager find;

	# Allows applications to access the EdgeTPU device, except open, which is guarded
	# by the EdgeTPU service.
	allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };

	# Allows Exoplayer(and other applications) access to the vstream-secure DMA-BUF heap
	# for secure video playback
	allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;