non_plat: Label ipsec_mon binary and grant required permissions

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I0bb583b380590ef753fbdd949e92a34f505b6ce1

non_plat/file_contexts

@@ -707,3 +707,6 @@
 
 # Keymaster
 /dev/ut_keymaster u:object_r:ut_keymaster_device:s0
+
+#Ipsec
+/(system\/vendor|vendor)/bin/ipsec_mon u:object_r:ipsec_mon_exec:s0

non_plat/ipsec_mon.te

@@ -0,0 +1,22 @@
+type ipsec_mon_exec , exec_type, file_type, vendor_file_type;
+type ipsec_mon, domain;
+
+domain_auto_trans(init,ipsec_mon_exec,ipsec_mon)
+
+allow ipsec_mon self:netlink_xfrm_socket { write bind create read nlmsg_read nlmsg_write};
+allow ipsec_mon ims_ipsec_data_file:dir { write add_name search };
+allow ipsec_mon ims_ipsec_data_file:file { setattr read create getattr write ioctl open append };
+allow ipsec_mon init:unix_stream_socket connectto;
+allow ipsec_mon self:key_socket { write read create setopt };
+
+allow ipsec_mon self:capability { net_admin net_raw };
+allow ipsec_mon self:udp_socket { create ioctl };
+allow ipsec_mon self:netlink_route_socket { write read create nlmsg_read bind connect nlmsg_write};
+allowxperm ipsec_mon self:udp_socket ioctl { SIOCDEVPRIVATE_2 };
+allow ipsec_mon devpts:chr_file { open read write };
+allow ipsec_mon proc_net:file { open write };
+
+set_prop(ipsec_mon, mtk_network_prop)
+
+allowxperm ipsec_mon self:udp_socket ioctl SIOCDEVPRIVATE;
+dontaudit ipsec_mon kernel:system  module_request;

non_plat/netutils_wrapper.te

@@ -0,0 +1,6 @@
+allow netutils_wrapper ipsec_mon:fd use;
+
+allow netutils_wrapper ipsec_mon: {
+    netlink_route_socket
+    netlink_xfrm_socket
+} { read write };

non_plat/property.te

@@ -332,3 +332,6 @@ type vendor_wifi_version, property_type;
 
 # MTK camera property
 type mtk_camera_prop, property_type, mtk_core_property_type;
+
+# MTK network property
+type mtk_network_prop, property_type, mtk_core_property_type;