private/clatd.te - platform/system/sepolicy - Git at Google

 # 464xlat daemon
 type clatd, domain, coredomain;
 type clatd_exec, system_file_type, exec_type, file_type;

 net_domain(clatd)

 # Access objects inherited from netd.
 allow clatd netd:fd use;
 allow clatd netd:packet_socket { read write };
 allow clatd netd:rawip_socket { read write };

 allow clatd self:netlink_route_socket nlmsg_write;
 allow clatd tun_device:chr_file rw_file_perms;
	# 464xlat daemon
	type clatd, domain, coredomain;
	type clatd_exec, system_file_type, exec_type, file_type;

	net_domain(clatd)

	# Access objects inherited from netd.
	allow clatd netd:fd use;
	allow clatd netd:packet_socket { read write };
	allow clatd netd:rawip_socket { read write };

	allow clatd self:netlink_route_socket nlmsg_write;
	allow clatd tun_device:chr_file rw_file_perms;