Allow system_server to talk to netlink directly.
This is needed for http://ag/512212 to work.
Bug: 15409819
Change-Id: If91fc6891d7ce04060362c6cde8c57462394c4e8
diff --git a/system_server.te b/system_server.te
index d7453ad..e6167f1 100644
--- a/system_server.te
+++ b/system_server.te
@@ -70,6 +70,9 @@
# Use generic netlink sockets.
allow system_server self:netlink_socket create_socket_perms;
+# Set and get routes directly via netlink.
+allow system_server self:netlink_route_socket nlmsg_write;
+
# Kill apps.
allow system_server appdomain:process { sigkill signal };