From 3cce0d592d0596c7d964d5e9df75f8b046af6c57 Mon Sep 17 00:00:00 2001
From: cachiusa <70309181+cachiusa@users.noreply.github.com>
Date: Sat, 16 Mar 2024 09:54:00 +0700
Subject: [PATCH] Add nethunter.root template (#1445)

This app requires DAC_OVERRIDE, DAC_READ_SEARCH, SYS_PTRACE, SYS_ADMIN
(for /data/local r/w) and SYS_CHROOT, SETGID (to run chroot and run it's
processes)

Devices with NetHunter installed is already considered compromised due
to lack of security features(like SELinux), therefore users are advised
not to store private data

It's not really worth restricting more capabilities of the app.
---
 website/docs/public/templates/nethunter.root | 22 ++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 website/docs/public/templates/nethunter.root

diff --git a/website/docs/public/templates/nethunter.root b/website/docs/public/templates/nethunter.root
new file mode 100644
index 00000000..ee5e201e
--- /dev/null
+++ b/website/docs/public/templates/nethunter.root
@@ -0,0 +1,22 @@
+{
+    "id":"nethunter.root",
+    "name":"Kali NetHunter",
+    "author":"cachiusa",
+    "description":"Required permissions for Kali NetHunter app to chroot",
+    "namespace":"INHERITED",
+    "uid":0,
+    "gid":0,
+    "groups":[
+        "ROOT"
+    ],
+    "capabilities":[
+        "CAP_DAC_OVERRIDE",
+        "CAP_DAC_READ_SEARCH",
+        "CAP_SYS_CHROOT",
+        "CAP_SYS_PTRACE",
+        "CAP_SYS_ADMIN"
+        "CAP_SETGID",
+    ],
+    "context":"u:r:su:s0",
+    "rules":[""]
+}