platform_system_sepolicy/vendor/hal_can_socketcan.te
chrisweir 05e9a6545c Enable CAN HAL to scan /sys/devices for USB CAN
CAN HAL needs access to /sys/devices to search for USB serial numbers
for SocketCAN devices and for USB serial devices.

Bug: 142654031
Test: Manual + VTS
Change-Id: I3d9bff94f8d8f936f7d859c01b9ff920fcbc5130
2020-03-17 12:10:07 -07:00

38 lines
1.2 KiB
Text

type hal_can_socketcan, domain;
hal_server_domain(hal_can_socketcan, hal_can_controller)
hal_server_domain(hal_can_socketcan, hal_can_bus)
type hal_can_socketcan_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_can_socketcan)
# Managing SocketCAN interfaces
allow hal_can_socketcan self:capability net_admin;
allow hal_can_socketcan self:netlink_route_socket { create bind write nlmsg_write read };
# Calling if_nametoindex(3) to open CAN sockets
allow hal_can_socketcan self:udp_socket { create ioctl };
allowxperm hal_can_socketcan self:udp_socket ioctl {
SIOCGIFINDEX
};
# Communicating with SocketCAN interfaces and bringing them up/down
allow hal_can_socketcan self:can_socket { bind create read write ioctl setopt };
allowxperm hal_can_socketcan self:can_socket ioctl {
SIOCGIFFLAGS
SIOCSIFFLAGS
};
# Un-publishing ICanBus interfaces
allow hal_can_socketcan hidl_manager_hwservice:hwservice_manager find;
allow hal_can_socketcan sysfs:dir r_dir_perms;
allow hal_can_socketcan usb_serial_device:chr_file { ioctl read write open };
allowxperm hal_can_socketcan usb_serial_device:chr_file ioctl {
TCGETS
TCSETSW
TIOCGSERIAL
TIOCSSERIAL
TIOCSETD
SIOCGIFNAME
};