Initial commit — FlipperDroid v0.1.0-poc

KernelSU module + Flipper Zero FAP that bridges both devices into a
unified pentesting platform over USB CDC serial / BT rfcomm.

Android side: bridge daemon, WebUI (:8089), bind mount namespace
isolation stealth engine. Flipper side: proper FAP with 4-view GUI,
GPIO/SubGHz/IR/file command handlers, async event streaming.

sepolicy/flipperdroid.rule

@@ -0,0 +1,37 @@
+# FlipperDroid SELinux rules
+# For enforcing mode — KernelSU can set permissive globally
+
+# USB serial device access (ttyACM for Flipper Zero CDC)
+allow su tty_device chr_file { open read write ioctl getattr }
+allow su serial_device chr_file { open read write ioctl getattr }
+
+# Bluetooth rfcomm
+allow su bluetooth_device chr_file { open read write ioctl getattr }
+allow su rfcomm_device chr_file { open read write ioctl getattr }
+
+# USB sysfs enumeration
+allow su sysfs_usb dir { search read open getattr }
+allow su sysfs_usb file { read open getattr }
+
+# Network socket for WebUI
+allow su self tcp_socket { create bind listen accept read write getattr setopt }
+
+# proc/sys for CPU sharing
+allow su proc file { read open getattr }
+allow su sysfs dir { search read open getattr }
+allow su sysfs file { read write open getattr }
+
+# Stealth — namespace isolation bind mounts
+allow su proc dir { search read open getattr mounton }
+allow su proc file { read open getattr mounton }
+allow su tmpfs dir { search read open getattr mounton }
+allow su tmpfs file { read write open getattr mounton }
+allow su self capability { sys_admin sys_ptrace }
+
+# nsenter into other process mount namespaces
+allow su domain dir { search getattr }
+allow su domain file { read open getattr }
+
+# iptables for port hiding
+allow su self rawip_socket { create bind read write getattr setopt }
+allow su self netlink_netfilter_socket { create bind read write }