type cros_conntrackd, domain, chromeos_domain; | |
permissive cros_conntrackd; | |
from_minijail_static(cros_conntrackd, cros_conntrackd_exec); | |
log_writer(cros_conntrackd); | |
allow cros_conntrackd self:capability { net_admin }; | |
allow cros_conntrackd self:netlink_netfilter_socket create_socket_perms_no_ioctl; | |
filetrans_pattern(cros_conntrackd, cros_run_lock, cros_conntrackd_lock_file, file); |