You can check where devices like the Hexagon DSP are accessible from device SELinux policies.
android.googlesource.com/device/google/
QDSP is accessible to the camera, sensors and neural network HALs and CHRE (android.googlesource.com/platform/syste). Google Camera is the only app with direct access to it.
Conversation
Pixels have a dedicated SELinux domain for Google Camera extending the standard untrusted app domain with access to the Hexagon DSP (qdsp_device label) and Pixel Neural Core (airbrush_device). Neural Core is a TPU + IPU combo developed in some kind of collaboration with Samsung.
1
1
4
Kernel driver for airbrush is at android.googlesource.com/kernel/msm.git. Mostly developed by Samsung other than the thermal throttling portions.
In AOSP or the stock OS on Pixels, apps only have indirect access to QDSP or the Neural Core is via the high-level NN API: developer.android.com/ndk/guides/neu.
1
1
4
Since we don't have Google Camera in GrapheneOS like the stock OS, we've been considering removing the special SELinux domain for a while now. Can look back at our past tweets about it. It's useful for testing purposes but it's not something we intend to support or keep working.
2
9
Replying to
Google Camera may work right now but it isn't supported and it can't be expected to continue working. It's very likely to stop working regardless since it will probably end up with a hard dependency Play Services even if it currently works without it.
1
If we remove the SELinux domain, which is planned, it's not going to have the access it needs to QDSP or the Pixel Visual Core. Simply haven't gotten around to it yet. Little reason for us to make sacrifices to keep it mostly working when it'll end up breaking regardless anyway.
Isn't it more work to remove the SELinux domain than to just leave it ? What's the upside ?
1
Reduced attack surface since QDSP and the Pixel Neural Core will no longer be directly accessible to any app but rather only very indirectly via the OS abstractions. Hard to see why we should expose all this attack surface for something that's likely to stop working anyway.
1