From 70d4fc2243721a54cd177959e05cf81b54c4e226 Mon Sep 17 00:00:00 2001
From: Joshua Brindle <jbrindle@tresys.com>
Date: Wed, 20 Jun 2012 11:58:01 -0400
Subject: [PATCH] Add selinux network script to policy

Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
---
 Android.mk         | 13 +++++++++++++
 selinux-network.sh | 17 +++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100755 selinux-network.sh

diff --git a/Android.mk b/Android.mk
index 68f4c69a2..002a65601 100644
--- a/Android.mk
+++ b/Android.mk
@@ -85,4 +85,17 @@ $(property_contexts): $(LOCAL_PATH)/property_contexts $(LOCAL_POLICY_PC)
 property_contexts :=
 ##################################
 
+##################################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := selinux-network.sh
+LOCAL_SRC_FILES := $(LOCAL_MODULE)
+LOCAL_MODULE_CLASS := EXECUTABLES
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_PATH := $(TARGET_OUT_EXECUTABLES)
+
+include $(BUILD_PREBUILT)
+
+##################################
+
 endif #ifeq ($(HAVE_SELINUX),true)
diff --git a/selinux-network.sh b/selinux-network.sh
new file mode 100755
index 000000000..d6fe527f3
--- /dev/null
+++ b/selinux-network.sh
@@ -0,0 +1,17 @@
+#!/system/bin/sh
+
+IPTABLES="/system/bin/iptables"
+
+#$IPTABLES -t security -A INPUT -i wlan0 -j SECMARK --selctx u:object_r:packet:s0
+#$IPTABLES -t security -A INPUT -i lo -j SECMARK --selctx u:object_r:lo_packet:s0
+#$IPTABLES -t security -A INPUT -i ppp0 -j SECMARK --selctx u:object_r:ppp0_packet:s0
+#$IPTABLES -t security -A INPUT -i ppp1 -j SECMARK --selctx u:object_r:ppp1_packet:s0
+#$IPTABLES -t security -A INPUT -i ppp2 -j SECMARK --selctx u:object_r:ppp2_packet:s0
+#$IPTABLES -t security -A INPUT -i ppp3 -j SECMARK --selctx u:object_r:ppp3_packet:s0
+
+#$IPTABLES -t security -A OUTPUT -o wlan0 -j SECMARK --selctx u:object_r:packet:s0
+#$IPTABLES -t security -A OUTPUT -o lo -j SECMARK --selctx u:object_r:lo_packet:s0
+#$IPTABLES -t security -A OUTPUT -o ppp0 -j SECMARK --selctx u:object_r:ppp0_packet:s0
+#$IPTABLES -t security -A OUTPUT -o ppp1 -j SECMARK --selctx u:object_r:ppp1_packet:s0
+#$IPTABLES -t security -A OUTPUT -o ppp2 -j SECMARK --selctx u:object_r:ppp2_packet:s0
+#$IPTABLES -t security -A OUTPUT -o ppp3 -j SECMARK --selctx u:object_r:ppp3_packet:s0
-- 
GitLab