summaryrefslogtreecommitdiffstats
path: root/rootdir
diff options
context:
space:
mode:
authorChia-chi Yeh <chiachi@android.com>2011-08-08 10:11:40 -0700
committerChia-chi Yeh <chiachi@android.com>2011-08-08 10:11:40 -0700
commita24687197d69ac677d176dbc41d5cfd65d1afc44 (patch)
tree54ab46a8dc1d8e1cc0fc1b396a9344a32ecb5127 /rootdir
parent0842f08b915bb2041ac50107bb821c87d7f68db6 (diff)
downloadsystem_core-a24687197d69ac677d176dbc41d5cfd65d1afc44.zip
system_core-a24687197d69ac677d176dbc41d5cfd65d1afc44.tar.gz
system_core-a24687197d69ac677d176dbc41d5cfd65d1afc44.tar.bz2
init.rc: add inet permission to VPN daemons explicitly.
Racoon still needs it after dropping root privilege, or pure IPSec VPN will fail. Mtpd works without it because net_raw implies inet. However it would be better to set all of them clearly without the assumption. Change-Id: I50762af2c25ec9cc559e528c7b14f469494fd553
Diffstat (limited to 'rootdir')
-rw-r--r--rootdir/init.rc4
1 files changed, 2 insertions, 2 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index f843824..4d446c8 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -487,7 +487,7 @@ service racoon /system/bin/racoon
class main
socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
- group vpn net_admin
+ group vpn net_admin inet
disabled
oneshot
@@ -495,7 +495,7 @@ service mtpd /system/bin/mtpd
class main
socket mtpd stream 600 system system
user vpn
- group vpn net_admin net_raw
+ group vpn net_admin inet net_raw
disabled
oneshot