can.te - Android社区 - https://www.androidos.net.cn/

# CAN service
type can, domain;
type can_exec, exec_type, file_type;

# Started by init
init_daemon_domain(can)

allow can self:capability net_admin;

allow can self:netlink_route_socket nlmsg_write;

allow can shell_exec:file r_file_perms;

# Allow execution of /system/bin/ip.
allow can system_file:file rx_file_perms;

# Allow can operations
allow can self:capability { net_raw };