Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket.
This fixes the build error:
=====
libsepol.report_assertion_extended_permissions: neverallowxperm on line 166 of system/sepolicy/domain.te (or line 9201 of policy.conf) violated by
allow dumpstate dumpstate:netlink_tcpdiag_socket { ioctl };
libsepol.check_assertions: 1 neverallow failures occurred
=====
Which is caused, in AOSP and downstream branches, by
I123e5d40955358665800fe3b86cd5f8dbaeb8717.
Test: builds.
Change-Id: I925dec63df7c3a0f731b18093a8ac5c70167c970
1 file changed