1type hal_can_socketcan, domain; 2hal_server_domain(hal_can_socketcan, hal_can_controller) 3hal_server_domain(hal_can_socketcan, hal_can_bus) 4 5type hal_can_socketcan_exec, exec_type, vendor_file_type, file_type; 6init_daemon_domain(hal_can_socketcan) 7 8# Managing SocketCAN interfaces 9allow hal_can_socketcan self:capability net_admin; 10allow hal_can_socketcan self:netlink_route_socket { create bind write nlmsg_write read }; 11 12# Calling if_nametoindex(3) to open CAN sockets 13allow hal_can_socketcan self:udp_socket { create ioctl }; 14allowxperm hal_can_socketcan self:udp_socket ioctl { 15 SIOCGIFINDEX 16}; 17 18# Communicating with SocketCAN interfaces and bringing them up/down 19allow hal_can_socketcan self:can_socket { bind create read write ioctl setopt }; 20allowxperm hal_can_socketcan self:can_socket ioctl { 21 SIOCGIFFLAGS 22 SIOCSIFFLAGS 23}; 24 25# Un-publishing ICanBus interfaces 26allow hal_can_socketcan hidl_manager_hwservice:hwservice_manager find; 27 28allow hal_can_socketcan sysfs:dir r_dir_perms; 29 30allow hal_can_socketcan usb_serial_device:chr_file { ioctl read write open }; 31allowxperm hal_can_socketcan usb_serial_device:chr_file ioctl { 32 TCGETS 33 TCSETSW 34 TIOCGSERIAL 35 TIOCSSERIAL 36 TIOCSETD 37 SIOCGIFNAME 38}; 39