From: Quentin Swain <qsw...@tresys.com> Added vpn_contexts used to define labels used for applying security context to inbound and outbound SPD policies created for IPSec connections.
Change-Id: I7c64677ff29abaaa3f0c6d901584e2bd81ab3dbb --- Android.mk | 12 ++++++++++++ vpn_contexts | 12 ++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 vpn_contexts diff --git a/Android.mk b/Android.mk index fca366f..d6714ea 100644 --- a/Android.mk +++ b/Android.mk @@ -185,4 +185,16 @@ include $(BUILD_PREBUILT) ################################## +################################## +include $(CLEAR_VARS) + +LOCAL_MODULE := vpn_contexts +LOCAL_SRC_FILES := $(LOCAL_MODULE) +LOCAL_MODULE_CLASS := ETC +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/security + +include $(BUILD_PREBUILT) + +################################## endif #ifeq ($(HAVE_SELINUX),true) diff --git a/vpn_contexts b/vpn_contexts new file mode 100644 index 0000000..6749265 --- /dev/null +++ b/vpn_contexts @@ -0,0 +1,12 @@ +# All entries use the format: <traffic-direction> \t <endpoint-ip> \t <context> +# The contexts must be valid SElinux context or the Kernel will not create the +# labeled SPD policies. SAs created for traffic matching the policies will +# contain the label of the matching SPD policy. If there are no matching +# entries then the SPD entry will default to u:object_r:unlabeled:s0 context +# Lines beginning with # are comments +# defined in ipsec.h +# IPSEC_DIR_INBOUND = 1 +# IPSEC_DIR_OUTBOUND = 2 +# Sample policies: +#1 10.1.12.212 u:object_r:lo_packet:s0 +#2 10.1.12.212 u:object_r:lo_packet:s0 -- 1.7.11.7 -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
