Unlock iptables with SELinux policy
I am trying to customize Android so that it has a built in firewall. I
want to allow my Settings app to block different apps from using
mobile data and/or wifi.
My approach so far has been to add new selinux policy rules to allow
system level apps to interact with iptables. I have tried multiple
different policies, but here is what I currently have.
file_contexts
/system/bin/iptables u:object_r:iptables_exec:s0
system_app.te
type iptables_exec;
allow system_app iptables_exec:file { rx_file_perms };
I didn't define a new "domain" for iptables and I wasn't sure if I
needed to declare the system_app domain again, or if this would just
be appended to that.
Thanks in advance for any help. If anyone has any pointers on where to
look to get a better understanding of SELinux inside of android,
please let me know.
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
