From ad66e2bf765124d4181fb72c4e8c8a496ff34bba Mon Sep 17 00:00:00 2001
From: Aayush Gupta <aayushgupta219@gmail.com>
Date: Thu, 21 Jan 2021 10:46:01 +0530
Subject: [PATCH] non_plat: netd: suppress dir write to /system

Based on: https://review.lineageos.org/c/LineageOS/android_system_sepolicy/+/302134

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Ibf9e78f53d79304d70eddd16063bfedae3d0c05f
---
 non_plat/netd.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/non_plat/netd.te b/non_plat/netd.te
index 36eabde..8a09fb9 100644
--- a/non_plat/netd.te
+++ b/non_plat/netd.te
@@ -1,2 +1,6 @@
 allow netd mtkimsmddomain:fd use;
 allow netd mtkimsmddomain:{ tcp_socket udp_socket} { read write getopt setopt };
+
+# Acquire advisory lock on /system/etc/xtables.lock. If this file doesn't
+# exist, suppress the denial.
+dontaudit netd system_file:dir write;