Alex Boyd wrote:
Unlock iptables with SELinux policy
I am trying to customize Android so that it has a built in firewall. I
want to allow my Settings app to block different apps from using
mobile data and/or wifi.
You probably want to modify netd to handle the firewalling and send a
message over its socket to tell it what to do. system_app isn't terribly
privileged and netd already manages iptables rules.
My approach so far has been to add new selinux policy rules to allow
system level apps to interact with iptables. I have tried multiple
different policies, but here is what I currently have.
file_contexts
/system/bin/iptables u:object_r:iptables_exec:s0
system_app.te
type iptables_exec;
allow system_app iptables_exec:file { rx_file_perms };
I didn't define a new "domain" for iptables and I wasn't sure if I
needed to declare the system_app domain again, or if this would just
be appended to that.
Thanks in advance for any help. If anyone has any pointers on where to
look to get a better understanding of SELinux inside of android,
please let me know.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
