goldfish: mark netmgr as vendor_executes_system_violators. netmgr is part of vendor, so it's not allowed access to system_file. Adding vendor_executes_system_violators attribute to it. Bug: 111243627 Test: m selinux_policy Change-Id: I6e89b59a4f9e7ced2ece59b54ac565ca5d630bc6

commit: 940d5ca93d1fe9ee26c3f7295a196c8833b88023 [log] [tgz]
author: Tri Vo <trong@google.com> Tue Oct 30 15:01:52 2018 -0700
committer: Tri Vo <trong@google.com> Tue Oct 30 22:03:42 2018 +0000
tree: 188ec1aaa041d686dcf2e9cf52caf158e9c64a37
parent: aa1ec2400d836f4d5e71f5c15be03dfc0b184016 [diff]
diff --git a/sepolicy/common/netmgr.te b/sepolicy/common/netmgr.te
index 20eb00c..c14c6ff 100644
--- a/sepolicy/common/netmgr.te
+++ b/sepolicy/common/netmgr.te

@@ -17,5 +17,7 @@
 allow netmgr self:udp_socket { ioctl };
 allowxperm netmgr self:udp_socket ioctl { SIOCSIFADDR SIOCSIFNETMASK SIOCSIFBRDADDR };
 # Allow netmgr to run iptables to block and unblock network traffic
+# TODO(b/113124961): clean up this Treble violation.
+typeattribute netmgr vendor_executes_system_violators;
 allow netmgr system_file:file execute_no_trans;
 allow netmgr system_file:file lock;
commit	940d5ca93d1fe9ee26c3f7295a196c8833b88023	[log] [tgz]
author	Tri Vo <trong@google.com>	Tue Oct 30 15:01:52 2018 -0700
committer	Tri Vo <trong@google.com>	Tue Oct 30 22:03:42 2018 +0000
tree	188ec1aaa041d686dcf2e9cf52caf158e9c64a37
parent	aa1ec2400d836f4d5e71f5c15be03dfc0b184016 [diff]