Suppress spurious denial

Addresses:
avc: denied { sys_resource } for comm="ip6tables" capability=24
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netutils_wrapper:s0
tclass=capability

Bug: 77905989
Test: build and flash taimen-userdebug
Change-Id: Ic5d7c96152b96b55255eeec00b19948f38c1923c

private/netutils_wrapper.te

@@ -33,3 +33,9 @@ domain_auto_trans({
     -coredomain
     -appdomain
 }, netutils_wrapper_exec, netutils_wrapper)
+
+# suppress spurious denials
+dontaudit netutils_wrapper self:global_capability_class_set sys_resource;
+
+# netutils wrapper may only use the following capabilities.
+neverallow netutils_wrapper self:global_capability_class_set ~{ net_admin net_raw };