diff options
author | Chia-chi Yeh <chiachi@android.com> | 2011-08-08 10:11:40 -0700 |
---|---|---|
committer | Chia-chi Yeh <chiachi@android.com> | 2011-08-08 10:11:40 -0700 |
commit | a24687197d69ac677d176dbc41d5cfd65d1afc44 (patch) | |
tree | 54ab46a8dc1d8e1cc0fc1b396a9344a32ecb5127 /rootdir | |
parent | 0842f08b915bb2041ac50107bb821c87d7f68db6 (diff) | |
download | system_core-a24687197d69ac677d176dbc41d5cfd65d1afc44.zip system_core-a24687197d69ac677d176dbc41d5cfd65d1afc44.tar.gz system_core-a24687197d69ac677d176dbc41d5cfd65d1afc44.tar.bz2 |
init.rc: add inet permission to VPN daemons explicitly.
Racoon still needs it after dropping root privilege, or pure IPSec VPN
will fail. Mtpd works without it because net_raw implies inet. However
it would be better to set all of them clearly without the assumption.
Change-Id: I50762af2c25ec9cc559e528c7b14f469494fd553
Diffstat (limited to 'rootdir')
-rw-r--r-- | rootdir/init.rc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index f843824..4d446c8 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -487,7 +487,7 @@ service racoon /system/bin/racoon class main socket racoon stream 600 system system # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. - group vpn net_admin + group vpn net_admin inet disabled oneshot @@ -495,7 +495,7 @@ service mtpd /system/bin/mtpd class main socket mtpd stream 600 system system user vpn - group vpn net_admin net_raw + group vpn net_admin inet net_raw disabled oneshot |