platform_system_sepolicy/private/clatd.te

# 464xlat daemon
type clatd, domain, coredomain;
type clatd_exec, system_file_type, exec_type, file_type;

net_domain(clatd)

# Access objects inherited from netd.
allow clatd netd:fd use;
allow clatd netd:packet_socket { read write };
allow clatd netd:rawip_socket { read write };

allow clatd self:netlink_route_socket nlmsg_write;
allow clatd tun_device:chr_file rw_file_perms;