sepolicy/common/ipv6proxy.te - device/generic/goldfish - Git at Google

 # IPv6 proxying
 type ipv6proxy, domain;
 type ipv6proxy_exec, exec_type, vendor_file_type, file_type;

 init_daemon_domain(ipv6proxy)
 net_domain(ipv6proxy)

 # Allow ipv6proxy to be run by execns in its own domain
 domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
 allow ipv6proxy execns:fd use;

 allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
 allow ipv6proxy self:packet_socket { bind create read };
 allow ipv6proxy self:netlink_route_socket nlmsg_write;
 allow ipv6proxy varrun_file:dir search;
 allowxperm ipv6proxy self:udp_socket ioctl { SIOCSIFFLAGS SIOCGIFHWADDR };
	# IPv6 proxying
	type ipv6proxy, domain;
	type ipv6proxy_exec, exec_type, vendor_file_type, file_type;

	init_daemon_domain(ipv6proxy)
	net_domain(ipv6proxy)

	# Allow ipv6proxy to be run by execns in its own domain
	domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
	allow ipv6proxy execns:fd use;

	allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
	allow ipv6proxy self:packet_socket { bind create read };
	allow ipv6proxy self:netlink_route_socket nlmsg_write;
	allow ipv6proxy varrun_file:dir search;
	allowxperm ipv6proxy self:udp_socket ioctl { SIOCSIFFLAGS SIOCGIFHWADDR };