am fb69c2e2: Merge "init.rc: setup qtaguid group ownership of ctrl and stat files"

* commit 'fb69c2e2577e056bb7a054343a9f6d781cedbf3d':
  init.rc: setup qtaguid group ownership of ctrl and stat files
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 1a671f5..871a1f7 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -120,6 +120,12 @@
     write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
     write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
 
+# qtaguid will limit access to specific data based on group memberships.
+#   net_bw_acct grants impersonation of socket owners.
+#   net_bw_stats grants access to other apps' detailed tagged-socket stats.
+    chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
+    chown root net_bw_stats /proc/net/xt_qtaguid/stats
+
 # Allow everybody to read the xt_qtaguid resource tracking misc dev.
 # This is needed by any process that uses socket tagging.
     chmod 0644 /dev/xt_qtaguid