I am trying to build a custom ROM for Android that has a built in firewall. In doing this I want to allow my Settings app to block different apps from using mobile data and/or wifi.
My approach so far has been to add new selinux policy rules to allow system level apps to interact with iptables. I have tried multiple different policies, but here is what I currently have.
file_contexts
system_app.te
I didn't define a new "domain" for iptables and I wasn't sure if I needed to declare the system_app domain again, or if this would just be appended to that.
Thanks in advance for any help. If anyone has any pointers on where to look to get a better understanding of SELinux inside of android, please let me know.
My approach so far has been to add new selinux policy rules to allow system level apps to interact with iptables. I have tried multiple different policies, but here is what I currently have.
file_contexts
Code:
/system/bin/iptables u:object_r:iptables_exec:s0Code:
type iptables_exec;
allow system_app iptables_exec:file { rx_file_perms };Thanks in advance for any help. If anyone has any pointers on where to look to get a better understanding of SELinux inside of android, please let me know.