v811_spc009/device/generic/goldfish/sepolicy/common/createns.te

# Network namespace creation
type createns, domain;
type createns_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(createns)

allow createns self:capability { sys_admin net_raw setuid setgid };
allow createns varrun_file:dir { add_name search write };
allow createns varrun_file:file { create mounton open read write };

#Allow createns itself to be run by init in its own domain
domain_auto_trans(init, createns_exec, createns);
allow createns goldfish_setup:fd use;

set_prop(createns, vendor_qemu_prop);