common/netd.te - fp2-dev/device/qcom/sepolicy - Gitiles

 #Policies for IPv6 tethering
 allow netd netd:capability { setgid setuid };
 allow netd netd:packet_socket { create bind setopt read ioctl };

 dontaudit netd self:capability sys_module;

 #needed for ipt_TCPMSS and ip6t_TCPMSS
 allow netd kernel:system module_request;
 unix_socket_connect(netd, cnd, cnd)

 allow netd wfdservice:fd use;
 allow netd wfdservice:tcp_socket rw_socket_perms;
	#Policies for IPv6 tethering
	allow netd netd:capability { setgid setuid };
	allow netd netd:packet_socket { create bind setopt read ioctl };

	dontaudit netd self:capability sys_module;

	#needed for ipt_TCPMSS and ip6t_TCPMSS
	allow netd kernel:system module_request;
	unix_socket_connect(netd, cnd, cnd)

	allow netd wfdservice:fd use;
	allow netd wfdservice:tcp_socket rw_socket_perms;