[PATCH external/sepolicy] Add iptables script to policy

Joshua Brindle <jbrindle@xxxxxxxxxx> · Sat, 16 Jun 2012 14:56:34 -0400

Signed-off-by: Joshua Brindle <jbrindle@xxxxxxxxxx>
---
 Android.mk          |   13 +++++++++++++
 iptables-selinux.sh |   18 ++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100755 iptables-selinux.sh

diff --git a/Android.mk b/Android.mk
index 68f4c69..0b744b0 100644
--- a/Android.mk
+++ b/Android.mk
@@ -85,4 +85,17 @@ $(property_contexts): $(LOCAL_PATH)/property_contexts $(LOCAL_POLICY_PC)
 property_contexts :=
 ##################################
 
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := iptables-selinux.sh
+LOCAL_SRC_FILES := $(LOCAL_MODULE)
+LOCAL_MODULE_CLASS := EXECUTABLES
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_EXECUTABLES)
+
+include $(BUILD_PREBUILT)
+
+##################################
+
 endif #ifeq ($(HAVE_SELINUX),true)
diff --git a/iptables-selinux.sh b/iptables-selinux.sh
new file mode 100755
index 0000000..e9ac7d1
--- /dev/null
+++ b/iptables-selinux.sh
@@ -0,0 +1,18 @@
+#!/system/bin/sh
+
+IPTABLES="/system/bin/iptables"
+
+#$IPTABLES -t mangle -A INPUT -i wlan0 -j SECMARK --selctx u:object_r:packet:s0
+#$IPTABLES -t mangle -A INPUT -i lo -j SECMARK --selctx u:object_r:lo_packet:s0
+#$IPTABLES -t mangle -A INPUT -i ppp0 -j SECMARK --selctx u:object_r:ppp0_packet:s0
+#$IPTABLES -t mangle -A INPUT -i ppp1 -j SECMARK --selctx u:object_r:ppp1_packet:s0
+#$IPTABLES -t mangle -A INPUT -i ppp2 -j SECMARK --selctx u:object_r:ppp2_packet:s0
+#$IPTABLES -t mangle -A INPUT -i ppp3 -j SECMARK --selctx u:object_r:ppp3_packet:s0
+
+#$IPTABLES -t mangle -A OUTPUT -o wlan0 -j SECMARK --selctx u:object_r:packet:s0
+#$IPTABLES -t mangle -A OUTPUT -o lo -j SECMARK --selctx u:object_r:lo_packet:s0
+#$IPTABLES -t mangle -A OUTPUT -o ppp0 -j SECMARK --selctx u:object_r:ppp0_packet:s0
+#$IPTABLES -t mangle -A OUTPUT -o ppp1 -j SECMARK --selctx u:object_r:ppp1_packet:s0
+#$IPTABLES -t mangle -A OUTPUT -o ppp2 -j SECMARK --selctx u:object_r:ppp2_packet:s0
+#$IPTABLES -t mangle -A OUTPUT -o ppp3 -j SECMARK --selctx u:object_r:ppp3_packet:s0
+
-- 
1.7.9.5


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.





