dontaudit sensors self:capability net_raw

The kernel code does a permission check of both net_bind_service and
net_raw, and allows access if either one returns true.
It does the net_raw check first, triggering an SELinux denial.
No need to audit.

Addresses the following denial:

  avc: denied { net_raw } for pid=272 comm="sensors.qcom" capability=13 scontext=u:r:sensors:s0 tcontext=u:r:sensors:s0 tclass=capability permissive=0

Bug: 18417109
Change-Id: I1519371b81ca3d061042ff2e9eb2afc5927c65b1
diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te
index bac2d54..000b31d 100644
--- a/sepolicy/sensors.te
+++ b/sepolicy/sensors.te
@@ -8,6 +8,13 @@
 # drop privileges
 allow sensors self:capability { dac_override sys_nice chown setuid setgid net_bind_service};
 
+# b/18417109
+# The kernel code does a permission check of both net_bind_service and
+# net_raw, and allows access if either one returns true.
+# It does the net_raw check first, triggering an SELinux denial.
+# No need to audit
+dontaudit sensors self:capability net_raw;
+
 allow sensors persist_sensors_file:dir setattr;
 
 allow sensors shared_log_device:chr_file rw_file_perms;