Merge "Add permissions to allow iface up/down"

commit: 800a2c9f663d9bfb1d4be29eaea2ee72c27450b6 [log] [tgz]
author: Chris Weir <chrisweir@google.com> Tue Dec 13 00:18:00 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Dec 13 00:18:00 2022 +0000
tree: e2a0ce8263be36faa57fa79b3c254076507ff01e
parent: 64711e9de557fd77483f40e147bba2cb44915d0a [diff]
parent: 1bcbc0b667a65f668b9400a208ecd8206c7cfa98 [diff]
diff --git a/vendor/hal_can_socketcan.te b/vendor/hal_can_socketcan.te
index 7498788..12bb028 100644
--- a/vendor/hal_can_socketcan.te
+++ b/vendor/hal_can_socketcan.te

@@ -9,10 +9,12 @@
 allow hal_can_socketcan self:capability net_admin;
 allow hal_can_socketcan self:netlink_route_socket { create bind write nlmsg_write read };
 
-# Calling if_nametoindex(3) to open CAN sockets
+# See man page for netdevice(7) for more info on ioctls
 allow hal_can_socketcan self:udp_socket { create ioctl };
 allowxperm hal_can_socketcan self:udp_socket ioctl {
     SIOCGIFINDEX
+    SIOCGIFFLAGS
+    SIOCSIFFLAGS
 };
 
 # Communicating with SocketCAN interfaces and bringing them up/down
commit	800a2c9f663d9bfb1d4be29eaea2ee72c27450b6	[log] [tgz]
author	Chris Weir <chrisweir@google.com>	Tue Dec 13 00:18:00 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Dec 13 00:18:00 2022 +0000
tree	e2a0ce8263be36faa57fa79b3c254076507ff01e
parent	64711e9de557fd77483f40e147bba2cb44915d0a [diff]
parent	1bcbc0b667a65f668b9400a208ecd8206c7cfa98 [diff]