On Saturday, June 16, 2012 02:56:36 PM Joshua Brindle wrote: > Change-Id: I47100243b04d9629d44c8962eafeacabdcd0e6d2 > > Signed-off-by: Joshua Brindle <jbrindle@xxxxxxxxxx> > --- > rootdir/init.rc | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/rootdir/init.rc b/rootdir/init.rc > index 7131095..bd4bc81 100644 > --- a/rootdir/init.rc > +++ b/rootdir/init.rc > @@ -372,6 +372,10 @@ service console /system/bin/sh > user shell > group log > > +service netlabels /system/bin/iptables-selinux.sh > + class core > + oneshot I don't know much about Android development or the boot process, but I wonder if it would make sense to either change the name of the service or the script it executes. While the script seems aptly named for its current functionality, the service name might become a problem if an Android user ever needs to enable NetLabel support. I would suggest either changing the service name to reflect the secmark/iptables nature of the script or changing the name of the script to something more generic, e.g. selinux-network.sh, so that it is less awkward if the script grows at some point to contain secmark labeling rules, NetLabel configuration, labeled IPsec, etc. -- paul moore www.paul-moore.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
