Conversation

Pixels have a dedicated SELinux domain for Google Camera extending the standard untrusted app domain with access to the Hexagon DSP (qdsp_device label) and Pixel Neural Core (airbrush_device). Neural Core is a TPU + IPU combo developed in some kind of collaboration with Samsung.
1
4
Kernel driver for airbrush is at android.googlesource.com/kernel/msm.git. Mostly developed by Samsung other than the thermal throttling portions. In AOSP or the stock OS on Pixels, apps only have indirect access to QDSP or the Neural Core is via the high-level NN API: developer.android.com/ndk/guides/neu.
1
4
Since we don't have Google Camera in GrapheneOS like the stock OS, we've been considering removing the special SELinux domain for a while now. Can look back at our past tweets about it. It's useful for testing purposes but it's not something we intend to support or keep working.
2
9
Replying to
Google Camera may work right now but it isn't supported and it can't be expected to continue working. It's very likely to stop working regardless since it will probably end up with a hard dependency Play Services even if it currently works without it.
1
Reduced attack surface since QDSP and the Pixel Neural Core will no longer be directly accessible to any app but rather only very indirectly via the OS abstractions. Hard to see why we should expose all this attack surface for something that's likely to stop working anyway.
1