From 141c4d9bf1bdcfd3fd115920adef493c76f30cbb Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Tue, 1 Jun 2021 22:00:12 +0530 Subject: [PATCH 1/3] Add lineageblocker to service_contexts Change-Id: Ia8ff99b91d7257f4d8d9b440f09a28ec02e49185 --- common/private/service.te | 1 + common/private/service_contexts | 1 + 2 files changed, 2 insertions(+) diff --git a/common/private/service.te b/common/private/service.te index 176fa6d..a44e570 100644 --- a/common/private/service.te +++ b/common/private/service.te @@ -6,3 +6,4 @@ type lineage_performance_service, system_api_service, system_server_service, ser type lineage_profile_service, system_api_service, system_server_service, service_manager_type; type lineage_trust_service, system_api_service, system_server_service, service_manager_type; type lineage_weather_service, system_api_service, system_server_service, service_manager_type; +type lineage_blocker_service, system_api_service, system_server_service, service_manager_type; \ No newline at end of file diff --git a/common/private/service_contexts b/common/private/service_contexts index 2eca653..37d8242 100644 --- a/common/private/service_contexts +++ b/common/private/service_contexts @@ -7,3 +7,4 @@ lineageweather u:object_r:lineage_weather_service:s0 profile u:object_r:lineage_profile_service:s0 adbroot_service u:object_r:adbroot_service:s0 +lineageblocker u:object_r:lineage_blocker_service:s0 \ No newline at end of file -- GitLab From d3541e8ad821402f9dbea00bd1b0520638c57c85 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Tue, 1 Jun 2021 22:00:12 +0530 Subject: [PATCH 2/3] Add lineageblocker to service_contexts Change-Id: Ia8ff99b91d7257f4d8d9b440f09a28ec02e49185 --- common/private/service.te | 1 + common/private/service_contexts | 1 + 2 files changed, 2 insertions(+) diff --git a/common/private/service.te b/common/private/service.te index 176fa6d..a44e570 100644 --- a/common/private/service.te +++ b/common/private/service.te @@ -6,3 +6,4 @@ type lineage_performance_service, system_api_service, system_server_service, ser type lineage_profile_service, system_api_service, system_server_service, service_manager_type; type lineage_trust_service, system_api_service, system_server_service, service_manager_type; type lineage_weather_service, system_api_service, system_server_service, service_manager_type; +type lineage_blocker_service, system_api_service, system_server_service, service_manager_type; \ No newline at end of file diff --git a/common/private/service_contexts b/common/private/service_contexts index 2eca653..37d8242 100644 --- a/common/private/service_contexts +++ b/common/private/service_contexts @@ -7,3 +7,4 @@ lineageweather u:object_r:lineage_weather_service:s0 profile u:object_r:lineage_profile_service:s0 adbroot_service u:object_r:adbroot_service:s0 +lineageblocker u:object_r:lineage_blocker_service:s0 \ No newline at end of file -- GitLab From 1d47786545eb4e36a0fe8acdc68b368775988dce Mon Sep 17 00:00:00 2001 From: Sooraj S Date: Thu, 3 Jun 2021 17:11:21 +0530 Subject: [PATCH 3/3] allow access to iptables for netd --- common/system/file_contexts | 1 + common/system/lineage_iptables.te | 5 +++++ common/system/netd.te | 1 + 3 files changed, 7 insertions(+) create mode 100644 common/system/lineage_iptables.te create mode 100644 common/system/netd.te diff --git a/common/system/file_contexts b/common/system/file_contexts index 8fc1e77..b42678b 100644 --- a/common/system/file_contexts +++ b/common/system/file_contexts @@ -1,2 +1,3 @@ # Trust /system/bin/hw/lineage\.trust@1\.0-service u:object_r:hal_lineage_trust_default_exec:s0 +/system/bin/iptables u:object_r:lineage_iptables_exec:s0 diff --git a/common/system/lineage_iptables.te b/common/system/lineage_iptables.te new file mode 100644 index 0000000..4110756 --- /dev/null +++ b/common/system/lineage_iptables.te @@ -0,0 +1,5 @@ +# iptables +type lineage_iptables, domain, coredomain; + +type lineage_iptables_exec, exec_type, system_file_type, file_type; +init_daemon_domain(lineage_iptables) diff --git a/common/system/netd.te b/common/system/netd.te new file mode 100644 index 0000000..fd5cd81 --- /dev/null +++ b/common/system/netd.te @@ -0,0 +1 @@ +allow netd lineage_iptables_exec:file { execute_no_trans execute read open getattr }; -- GitLab