Hi all,
Has anyone created rules to support AnyConnect VPN app yet? I see the following
rules in seandroid 4.2 branch
#
# 3rd party VPN clients that have seinfo=vpn in mac_permissions.xml
# This is a more secure alternative to allowing untrusted_app access
# to create a VPN tunnel.
type vpn_app, domain;
app_domain(vpn_app)
net_domain(vpn_app)
allow vpn_app tun_device:chr_file rw_file_perms;
allow vpn_app system_data_file:file { execute open };
allow vpn_app qtaguid_device:chr_file r_file_perms;
allow vpn_app vpn_app_data_file:dir create_dir_perms;
allow vpn_app vpn_app_data_file:notdevfile_class_set create_file_perms;
allow vpn_app vpn_app:netlink_route_socket write;
However, I don't think this is completed since any connect app need to
configure iptable.
Thanks,
Tai
