private/policy_capabilities - LeafOS-Project/android_system_sepolicy - Gitiles

 # Enable new networking controls.
 policycap network_peer_controls;

 # Enable open permission check.
 policycap open_perms;

 # Enable separate security classes for
 # all network address families previously
 # mapped to the socket class and for
 # ICMP and SCTP sockets previously mapped
 # to the rawip_socket class.
 policycap extended_socket_class;

 # Enable NoNewPrivileges support.  Requires libsepol 2.7+
 # and kernel 4.14 (estimated).
 #
 # Checks enabled;
 # process2: nnp_transition, nosuid_transition
 #
 policycap nnp_nosuid_transition;
	# Enable new networking controls.
	policycap network_peer_controls;

	# Enable open permission check.
	policycap open_perms;

	# Enable separate security classes for
	# all network address families previously
	# mapped to the socket class and for
	# ICMP and SCTP sockets previously mapped
	# to the rawip_socket class.
	policycap extended_socket_class;

	# Enable NoNewPrivileges support. Requires libsepol 2.7+
	# and kernel 4.14 (estimated).
	#
	# Checks enabled;
	# process2: nnp_transition, nosuid_transition
	#
	policycap nnp_nosuid_transition;