From 7168a974be2fc27cb4e09744981f5b5a52374c75 Mon Sep 17 00:00:00 2001
From: cachiusa <70309181+cachiusa@users.noreply.github.com>
Date: Sat, 16 Mar 2024 09:54:00 +0700
Subject: [PATCH] Add nethunter.root template (#1445)

This app requires DAC_OVERRIDE, DAC_READ_SEARCH, SYS_PTRACE, SYS_ADMIN
(for /data/local r/w) and SYS_CHROOT, SETGID (to run chroot and run it's
processes)

Devices with NetHunter installed is already considered compromised due
to lack of security features(like SELinux), therefore users are advised
not to store private data

It's not really worth restricting more capabilities of the app.
---
 website/docs/public/templates/nethunter.root | 22 ++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 website/docs/public/templates/nethunter.root

diff --git a/website/docs/public/templates/nethunter.root b/website/docs/public/templates/nethunter.root
new file mode 100644
index 00000000..ee5e201e
--- /dev/null
+++ b/website/docs/public/templates/nethunter.root
@@ -0,0 +1,22 @@
+{
+    "id":"nethunter.root",
+    "name":"Kali NetHunter",
+    "author":"cachiusa",
+    "description":"Required permissions for Kali NetHunter app to chroot",
+    "namespace":"INHERITED",
+    "uid":0,
+    "gid":0,
+    "groups":[
+        "ROOT"
+    ],
+    "capabilities":[
+        "CAP_DAC_OVERRIDE",
+        "CAP_DAC_READ_SEARCH",
+        "CAP_SYS_CHROOT",
+        "CAP_SYS_PTRACE",
+        "CAP_SYS_ADMIN"
+        "CAP_SETGID",
+    ],
+    "context":"u:r:su:s0",
+    "rules":[""]
+}