diff options
author | Przemyslaw Szczepaniak <pszczepaniak@google.com> | 2019-05-09 10:23:20 +0100 |
---|---|---|
committer | Przemyslaw Szczepaniak <pszczepaniak@google.com> | 2019-05-17 14:15:51 +0000 |
commit | f7ae900b9b7ca5de13f8d3a6b11b8ca403997d48 (patch) | |
tree | 0285e664d2175c824306a0bae714ba9a4e2b634d | |
parent | 4dba419192d06a78eec68a5d83f408be426cead1 (diff) | |
download | ml-f7ae900b9b7ca5de13f8d3a6b11b8ca403997d48.tar.gz |
Document how to use NNAPI Vendor extension allowlist.
Test: N/A
Bug: 132147842
Change-Id: I62641ebd5f9e516d1d940076c95d62a515016772
-rw-r--r-- | nn/extensions/README.md | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/nn/extensions/README.md b/nn/extensions/README.md index 2b5d13cef..b50d6a51c 100644 --- a/nn/extensions/README.md +++ b/nn/extensions/README.md @@ -8,10 +8,24 @@ by supporting corresponding vendor extensions. Note that extensions do not modify behavior of existing operations. -TODO(pszczepaniak): Which apps can use vendor extensions? - This document explains how to create and use extensions. +## Extensions usage allowlist + +Vendor extensions can only be used by explicitly specified Android apps and +native binaries on the /product, /vendor, /odm, and /data partitions. It's not possible to +specify an app or a native binary located on the /system partition. + +The allowlist is stored in `/vendor/etc/nnapi_extensions_app_allowlist`, and contains +a list of Android apps and binaries permitted to use NNAPI vendor extensions. +Each line of the file contains a new entry. If an entry is prefixed by '/', +then it's a native binary path (e.g. '/data/foo'). If not, it's a name of an Android +app package (e.g. 'com.foo.bar'). + +Allowlist is enforced from the NNAPI runtime shared library. It protects +against accidental usage, but not against deliberate circumvention by directly +using the NNAPI driver HAL interface. + ## Vendor extension definition The vendor is expected to create and maintain a header file with the |