Modify SEPolicy to support SLCAN
SLCAN setup requires certain ioctls and read/write operations to certain tty's. This change allows the HAL to set up SLCAN devices while complying with SEPolicy. In addition to adding support for SLCAN, I've also included permissions for using setsockopt. In order for the CAN HAL receive error frames from the CAN bus controller, we need to first set the error mask and filter via setsockopt. Test: manual Bug: 144458917 Bug: 144513919 Change-Id: I63a48ad6677a22f05d50d665a81868011c027898
This commit is contained in:
parent
d494872641
commit
cd40aa0ab7
@ -36,6 +36,7 @@
|
|||||||
system_jvmti_agent_prop
|
system_jvmti_agent_prop
|
||||||
system_passwd_file
|
system_passwd_file
|
||||||
timezonedetector_service
|
timezonedetector_service
|
||||||
|
usb_serial_device
|
||||||
userspace_reboot_prop
|
userspace_reboot_prop
|
||||||
userspace_reboot_exported_prop
|
userspace_reboot_exported_prop
|
||||||
vendor_apex_file
|
vendor_apex_file
|
||||||
|
@ -164,6 +164,8 @@
|
|||||||
/dev/tty u:object_r:owntty_device:s0
|
/dev/tty u:object_r:owntty_device:s0
|
||||||
/dev/tty[0-9]* u:object_r:tty_device:s0
|
/dev/tty[0-9]* u:object_r:tty_device:s0
|
||||||
/dev/ttyS[0-9]* u:object_r:serial_device:s0
|
/dev/ttyS[0-9]* u:object_r:serial_device:s0
|
||||||
|
/dev/ttyUSB[0-9]* u:object_r:usb_serial_device:s0
|
||||||
|
/dev/ttyACM[0-9]* u:object_r:usb_serial_device:s0
|
||||||
/dev/tun u:object_r:tun_device:s0
|
/dev/tun u:object_r:tun_device:s0
|
||||||
/dev/uhid u:object_r:uhid_device:s0
|
/dev/uhid u:object_r:uhid_device:s0
|
||||||
/dev/uinput u:object_r:uhid_device:s0
|
/dev/uinput u:object_r:uhid_device:s0
|
||||||
|
@ -7,3 +7,6 @@ allow hal_can_controller_client hal_can_controller_hwservice:hwservice_manager f
|
|||||||
binder_call(hal_can_bus_client, hal_can_bus_server)
|
binder_call(hal_can_bus_client, hal_can_bus_server)
|
||||||
add_hwservice(hal_can_bus_server, hal_can_bus_hwservice)
|
add_hwservice(hal_can_bus_server, hal_can_bus_hwservice)
|
||||||
allow hal_can_bus_client hal_can_bus_hwservice:hwservice_manager find;
|
allow hal_can_bus_client hal_can_bus_hwservice:hwservice_manager find;
|
||||||
|
|
||||||
|
# USB serial type for SLCAN
|
||||||
|
type usb_serial_device, dev_type;
|
||||||
|
12
vendor/hal_can_socketcan.te
vendored
12
vendor/hal_can_socketcan.te
vendored
@ -16,7 +16,7 @@ allowxperm hal_can_socketcan self:udp_socket ioctl {
|
|||||||
};
|
};
|
||||||
|
|
||||||
# Communicating with SocketCAN interfaces and bringing them up/down
|
# Communicating with SocketCAN interfaces and bringing them up/down
|
||||||
allow hal_can_socketcan self:can_socket { bind create read write ioctl };
|
allow hal_can_socketcan self:can_socket { bind create read write ioctl setopt };
|
||||||
allowxperm hal_can_socketcan self:can_socket ioctl {
|
allowxperm hal_can_socketcan self:can_socket ioctl {
|
||||||
SIOCGIFFLAGS
|
SIOCGIFFLAGS
|
||||||
SIOCSIFFLAGS
|
SIOCSIFFLAGS
|
||||||
@ -24,3 +24,13 @@ allowxperm hal_can_socketcan self:can_socket ioctl {
|
|||||||
|
|
||||||
# Un-publishing ICanBus interfaces
|
# Un-publishing ICanBus interfaces
|
||||||
allow hal_can_socketcan hidl_manager_hwservice:hwservice_manager find;
|
allow hal_can_socketcan hidl_manager_hwservice:hwservice_manager find;
|
||||||
|
|
||||||
|
allow hal_can_socketcan usb_serial_device:chr_file { ioctl read write open };
|
||||||
|
allowxperm hal_can_socketcan usb_serial_device:chr_file ioctl {
|
||||||
|
TCGETS
|
||||||
|
TCSETSW
|
||||||
|
TIOCGSERIAL
|
||||||
|
TIOCSSERIAL
|
||||||
|
TIOCSETD
|
||||||
|
SIOCGIFNAME
|
||||||
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user