1type hal_can_socketcan, domain; 2hal_server_domain(hal_can_socketcan, hal_can_controller) 3hal_server_domain(hal_can_socketcan, hal_can_bus) 4 5type hal_can_socketcan_exec, exec_type, vendor_file_type, file_type; 6init_daemon_domain(hal_can_socketcan) 7 8# Managing SocketCAN interfaces 9allow hal_can_socketcan self:capability net_admin; 10allow hal_can_socketcan self:netlink_route_socket { create bind write nlmsg_write read }; 11 12# See man page for netdevice(7) for more info on ioctls 13allow hal_can_socketcan self:udp_socket { create ioctl }; 14allowxperm hal_can_socketcan self:udp_socket ioctl { 15 SIOCGIFINDEX 16 SIOCGIFFLAGS 17 SIOCSIFFLAGS 18}; 19 20# Communicating with SocketCAN interfaces and bringing them up/down 21allow hal_can_socketcan self:can_socket { bind create read write ioctl setopt }; 22allowxperm hal_can_socketcan self:can_socket ioctl { 23 SIOCGIFFLAGS 24 SIOCSIFFLAGS 25}; 26 27# Un-publishing ICanBus interfaces 28allow hal_can_socketcan hidl_manager_hwservice:hwservice_manager find; 29 30allow hal_can_socketcan sysfs:dir r_dir_perms; 31 32allow hal_can_socketcan usb_serial_device:chr_file { ioctl read write open }; 33allowxperm hal_can_socketcan usb_serial_device:chr_file ioctl { 34 TCGETS 35 TCSETSW 36 TIOCGSERIAL 37 TIOCSSERIAL 38 TIOCSETD 39 SIOCGIFNAME 40}; 41