You can check where devices like the Hexagon DSP are accessible from device SELinux policies.
android.googlesource.com/device/google/
QDSP is accessible to the camera, sensors and neural network HALs and CHRE (android.googlesource.com/platform/syste). Google Camera is the only app with direct access to it.
Conversation
Pixels have a dedicated SELinux domain for Google Camera extending the standard untrusted app domain with access to the Hexagon DSP (qdsp_device label) and Pixel Neural Core (airbrush_device). Neural Core is a TPU + IPU combo developed in some kind of collaboration with Samsung.
1
1
4
Kernel driver for airbrush is at android.googlesource.com/kernel/msm.git. Mostly developed by Samsung other than the thermal throttling portions.
In AOSP or the stock OS on Pixels, apps only have indirect access to QDSP or the Neural Core is via the high-level NN API: developer.android.com/ndk/guides/neu.
1
1
4
Since we don't have Google Camera in GrapheneOS like the stock OS, we've been considering removing the special SELinux domain for a while now. Can look back at our past tweets about it. It's useful for testing purposes but it's not something we intend to support or keep working.
2
9
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
Replying to
microG won't work without being built into the OS. The most it would do is make apps think that Play Services is available but it's not going to work. GrapheneOS doesn't and won't support microG. Google Camera may work right now but it isn't supported and it can't be expected.
1
This Tweet was deleted by the Tweet author. Learn more
Replying to
You aren't using GrapheneOS, so what does or doesn't work isn't relevant. Even if you started from the official GrapheneOS releases, you modified the OS and made substantial changes incompatible with the core security features like verified boot and the official update system.
1
This Tweet was deleted by the Tweet author. Learn more
Replying to
No, you aren't using GrapheneOS. You created a derivative of GrapheneOS with substantial modifications. It's not GrapheneOS and you aren't a GrapheneOS user. You're responding to a thread about SELinux policies when you don't use our SELinux policies. It's really not relevant.
You can use the Auditor app to confirm that you aren't running GrapheneOS. If you want to use GrapheneOS, you'll need to redo the installation process. You used GrapheneOS as the base to create an incompatible derivative OS with substantially weaker security. It's not GrapheneOS.
1
You're already heavily altering our SELinux policies, so just change them further. It's likely that your device will end up soft bricked with your data lost since our changes do not take downstream derivatives into account. You've made your own OS and it's your responsibility.