sepolicy/dhcpclient.te - device/generic/trusty - Git at Google

 # DHCP client
 type dhcpclient, domain;
 type dhcpclient_exec, exec_type, vendor_file_type, file_type;

 init_daemon_domain(dhcpclient)
 net_domain(dhcpclient)

 dontaudit dhcpclient kernel:system module_request;
 allow dhcpclient self:capability { net_admin net_raw };
 allow dhcpclient self:netlink_route_socket { ioctl write nlmsg_write };
 allow dhcpclient varrun_file:dir search;
 allow dhcpclient self:packet_socket { create bind write read };
 allowxperm dhcpclient self:netlink_route_socket ioctl { SIOCGIFFLAGS
                                                         SIOCSIFFLAGS
                                                         SIOCSIFMTU
                                                         SIOCGIFINDEX
                                                         SIOCGIFHWADDR };
	# DHCP client
	type dhcpclient, domain;
	type dhcpclient_exec, exec_type, vendor_file_type, file_type;

	init_daemon_domain(dhcpclient)
	net_domain(dhcpclient)

	dontaudit dhcpclient kernel:system module_request;
	allow dhcpclient self:capability { net_admin net_raw };
	allow dhcpclient self:netlink_route_socket { ioctl write nlmsg_write };
	allow dhcpclient varrun_file:dir search;
	allow dhcpclient self:packet_socket { create bind write read };
	allowxperm dhcpclient self:netlink_route_socket ioctl { SIOCGIFFLAGS
	SIOCSIFFLAGS
	SIOCSIFMTU
	SIOCGIFINDEX
	SIOCGIFHWADDR };