sepolicy/policy/chromeos/startup/cros_conntrackd.te - mirrors/cros/chromiumos/platform2 - Git at Google

 type cros_conntrackd, domain, chromeos_domain;

 permissive cros_conntrackd;

 from_minijail_static(cros_conntrackd, cros_conntrackd_exec);

 log_writer(cros_conntrackd);

 allow cros_conntrackd self:capability { net_admin };
 allow cros_conntrackd self:netlink_netfilter_socket create_socket_perms_no_ioctl;

 filetrans_pattern(cros_conntrackd, cros_run_lock, cros_conntrackd_lock_file, file);
	type cros_conntrackd, domain, chromeos_domain;

	permissive cros_conntrackd;

	from_minijail_static(cros_conntrackd, cros_conntrackd_exec);

	log_writer(cros_conntrackd);

	allow cros_conntrackd self:capability { net_admin };
	allow cros_conntrackd self:netlink_netfilter_socket create_socket_perms_no_ioctl;

	filetrans_pattern(cros_conntrackd, cros_run_lock, cros_conntrackd_lock_file, file);