diff options
| -rw-r--r-- | include/private/android_filesystem_config.h | 10 | ||||
| -rw-r--r-- | init/builtins.c | 4 | ||||
| -rw-r--r-- | init/devices.c | 3 | ||||
| -rw-r--r-- | init/property_service.c | 2 | ||||
| -rw-r--r-- | rootdir/Android.mk | 9 | ||||
| -rwxr-xr-x | rootdir/etc/init.gprs-pppd | 23 | ||||
| -rw-r--r-- | rootdir/etc/ppp/chap-secrets | 2 | ||||
| -rwxr-xr-x | rootdir/etc/ppp/ip-down | 1 | ||||
| -rwxr-xr-x | rootdir/etc/ppp/ip-up | 33 | ||||
| -rwxr-xr-x | rootdir/etc/ppp/peers/common | 10 | ||||
| -rw-r--r-- | rootdir/etc/racoon/racoon.conf | 35 | ||||
| -rw-r--r-- | rootdir/init.rc | 12 | ||||
| -rw-r--r-- | toolbox/mount.c | 2 | ||||
| -rw-r--r-- | toolbox/route.c | 185 | ||||
| -rwxr-xr-x | vold/format.c | 13 | ||||
| -rw-r--r-- | vold/uevent.c | 3 |
16 files changed, 111 insertions, 236 deletions
diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h index 1a14842..ad4bd74 100644 --- a/include/private/android_filesystem_config.h +++ b/include/private/android_filesystem_config.h @@ -62,6 +62,7 @@ #define AID_NET_BT 3002 /* bluetooth: create sco, rfcomm or l2cap sockets */ #define AID_INET 3003 /* can create AF_INET and AF_INET6 sockets */ #define AID_NET_RAW 3004 /* can create raw INET sockets */ +#define AID_NET_ADMIN 3005 /* can configure interfaces and routing tables. */ #define AID_MISC 9998 /* access to misc storage */ #define AID_NOBODY 9999 @@ -101,6 +102,7 @@ static struct android_id_info android_ids[] = { { "keystore", AID_KEYSTORE, }, { "inet", AID_INET, }, { "net_raw", AID_NET_RAW, }, + { "net_admin", AID_NET_ADMIN, }, { "misc", AID_MISC, }, { "nobody", AID_NOBODY, }, }; @@ -135,7 +137,7 @@ static struct fs_path_config android_dirs[] = { { 00750, AID_ROOT, AID_SHELL, "sbin" }, { 00755, AID_ROOT, AID_SHELL, "system/bin" }, { 00755, AID_ROOT, AID_SHELL, "system/xbin" }, - { 00777, AID_ROOT, AID_ROOT, "system/etc/ppp" }, /* REMOVE */ + { 00755, AID_ROOT, AID_ROOT, "system/etc/ppp" }, { 00777, AID_ROOT, AID_ROOT, "sdcard" }, { 00755, AID_ROOT, AID_ROOT, 0 }, }; @@ -147,20 +149,18 @@ static struct fs_path_config android_dirs[] = { ** and will allow partial matches. */ static struct fs_path_config android_files[] = { - { 00555, AID_ROOT, AID_ROOT, "system/etc/ppp/ip-up" }, - { 00555, AID_ROOT, AID_ROOT, "system/etc/ppp/ip-down" }, { 00440, AID_ROOT, AID_SHELL, "system/etc/init.goldfish.rc" }, { 00550, AID_ROOT, AID_SHELL, "system/etc/init.goldfish.sh" }, { 00440, AID_ROOT, AID_SHELL, "system/etc/init.trout.rc" }, { 00550, AID_ROOT, AID_SHELL, "system/etc/init.ril" }, { 00550, AID_ROOT, AID_SHELL, "system/etc/init.testmenu" }, - { 00550, AID_ROOT, AID_SHELL, "system/etc/init.gprs-pppd" }, { 00550, AID_DHCP, AID_SHELL, "system/etc/dhcpcd/dhcpcd-run-hooks" }, { 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/dbus.conf" }, { 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/main.conf" }, { 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/input.conf" }, { 00440, AID_BLUETOOTH, AID_BLUETOOTH, "system/etc/bluez/audio.conf" }, - { 00440, AID_RADIO, AID_AUDIO, "/system/etc/AudioPara4.csv" }, + { 00440, AID_RADIO, AID_AUDIO, "system/etc/AudioPara4.csv" }, + { 00555, AID_ROOT, AID_ROOT, "system/etc/ppp/*" }, { 00644, AID_SYSTEM, AID_SYSTEM, "data/app/*" }, { 00644, AID_SYSTEM, AID_SYSTEM, "data/app-private/*" }, { 00644, AID_APP, AID_APP, "data/data/*" }, diff --git a/init/builtins.c b/init/builtins.c index 93ce6e8..16601ce 100644 --- a/init/builtins.c +++ b/init/builtins.c @@ -49,7 +49,7 @@ static int write_file(const char *path, const char *value) fd = open(path, O_WRONLY|O_CREAT, 0622); if (fd < 0) - return -1; + return -errno; len = strlen(value); @@ -59,7 +59,7 @@ static int write_file(const char *path, const char *value) close(fd); if (ret < 0) { - return -1; + return -errno; } else { return 0; } diff --git a/init/devices.c b/init/devices.c index 9b341d6..e76d354 100644 --- a/init/devices.c +++ b/init/devices.c @@ -140,7 +140,8 @@ static struct perms_ devperms[] = { { "/dev/qmi2", 0640, AID_RADIO, AID_RADIO, 0 }, /* CDMA radio interface MUX */ { "/dev/ts0710mux", 0640, AID_RADIO, AID_RADIO, 1 }, - { "/dev/tun", 0640, AID_VPN , AID_VPN, 0 }, + { "/dev/ppp", 0660, AID_RADIO, AID_VPN, 0 }, + { "/dev/tun", 0640, AID_VPN, AID_VPN, 0 }, { NULL, 0, 0, 0, 0 }, }; diff --git a/init/property_service.c b/init/property_service.c index 48ca3ea..23a8821 100644 --- a/init/property_service.c +++ b/init/property_service.c @@ -67,6 +67,8 @@ struct { { "wlan.", AID_SYSTEM }, { "dhcp.", AID_SYSTEM }, { "dhcp.", AID_DHCP }, + { "vpn.", AID_SYSTEM }, + { "vpn.", AID_VPN }, { "debug.", AID_SHELL }, { "log.", AID_SHELL }, { "service.adb.root", AID_SHELL }, diff --git a/rootdir/Android.mk b/rootdir/Android.mk index 44e343c..e66b1c3 100644 --- a/rootdir/Android.mk +++ b/rootdir/Android.mk @@ -6,16 +6,9 @@ include $(CLEAR_VARS) copy_from := \ etc/dbus.conf \ etc/init.goldfish.sh \ - etc/ppp/ip-up \ - etc/ppp/ip-down \ - etc/ppp/peers/common \ - etc/racoon/racoon.conf \ + etc/ppp/ip-up-vpn \ etc/hosts -dont_copy := \ - etc/init.gprs-pppd \ - etc/ppp/chap-secrets - copy_to := $(addprefix $(TARGET_OUT)/,$(copy_from)) copy_from := $(addprefix $(LOCAL_PATH)/,$(copy_from)) diff --git a/rootdir/etc/init.gprs-pppd b/rootdir/etc/init.gprs-pppd deleted file mode 100755 index 521eec9..0000000 --- a/rootdir/etc/init.gprs-pppd +++ /dev/null @@ -1,23 +0,0 @@ -#!/system/bin/sh -# An unforunate wrapper script -# so that the exit code of pppd may be retrieved - - -# this is a workaround for issue #651747 -#trap "/system/bin/sleep 1;exit 0" TERM - - -PPPD_PID= - -/system/bin/setprop "net.gprs.ppp-exit" "" - -/system/bin/log -t pppd "Starting pppd" - -/system/bin/pppd $* - -PPPD_EXIT=$? -PPPD_PID=$! - -/system/bin/log -t pppd "pppd exited with $PPPD_EXIT" - -/system/bin/setprop "net.gprs.ppp-exit" "$PPPD_EXIT" diff --git a/rootdir/etc/ppp/chap-secrets b/rootdir/etc/ppp/chap-secrets deleted file mode 100644 index 6546b0f..0000000 --- a/rootdir/etc/ppp/chap-secrets +++ /dev/null @@ -1,2 +0,0 @@ -* * bogus - diff --git a/rootdir/etc/ppp/ip-down b/rootdir/etc/ppp/ip-down deleted file mode 100755 index 58d21e5..0000000 --- a/rootdir/etc/ppp/ip-down +++ /dev/null @@ -1 +0,0 @@ -#!/system/bin/sh diff --git a/rootdir/etc/ppp/ip-up b/rootdir/etc/ppp/ip-up deleted file mode 100755 index 8c8f12c..0000000 --- a/rootdir/etc/ppp/ip-up +++ /dev/null @@ -1,33 +0,0 @@ -#!/system/bin/sh - -# Use interface name if linkname is not available - -/system/bin/setprop "net.dns1" "$DNS1" -/system/bin/setprop "net.dns2" "$DNS2" - -# Retrieve the default gateway from /proc/net/route -RTAB=`cat /proc/net/route` -flag=-1; i=0; -for l in $RTAB; do - if (exp flag==1) then DGW=$l; flag=0; fi; - if (exp i%11 == 1) then - if (exp $l=="00000000") then flag=1; fi; - fi; - i=`exp i+1`; -done -FH=${DGW%????} -LH=${DGW#????} -A=`exp 0x${LH#??}` -B=`exp 0x${LH%??}` -C=`exp 0x${FH#??}` -D=`exp 0x${FH%??}` -GATEWAY="$A.$B.$C.$D" -VPNSERVER=`getprop "net.vpn.server_ip"` - -# Protect the route to vpn server -/system/bin/route add -net $VPNSERVER netmask 255.255.255.255 gw $GATEWAY - -# Route all traffic to vpn connection -/system/bin/route add -net 0.0.0.0 netmask 128.0.0.0 gw $IPREMOTE -/system/bin/route add -net 128.0.0.0 netmask 128.0.0.0 gw $IPREMOTE - diff --git a/rootdir/etc/ppp/peers/common b/rootdir/etc/ppp/peers/common deleted file mode 100755 index 4183841..0000000 --- a/rootdir/etc/ppp/peers/common +++ /dev/null @@ -1,10 +0,0 @@ -ipcp-accept-local -ipcp-accept-remote -refuse-eap -noccp -noauth -idle 1800 -mtu 1400 -mru 1400 -nodefaultroute -usepeerdns diff --git a/rootdir/etc/racoon/racoon.conf b/rootdir/etc/racoon/racoon.conf deleted file mode 100644 index eb50a2d..0000000 --- a/rootdir/etc/racoon/racoon.conf +++ /dev/null @@ -1,35 +0,0 @@ -#path certificate ""; -path certificate "/"; - -sainfo anonymous { - encryption_algorithm aes, 3des; - authentication_algorithm hmac_sha1, hmac_md5; - compression_algorithm deflate; - lifetime time 3600 sec; -} - -remote anonymous { - exchange_mode main; - doi ipsec_doi; - situation identity_only; - ike_frag on; - generate_policy on; - my_identifier asn1dn; - nat_traversal on; # always use NAT-T - ca_type x509 "ca.crt"; - certificate_type x509 "user.crt" "user.key"; - verify_identifier off; - verify_cert on; - nonce_size 16; - initial_contact on; - proposal_check obey; - - proposal { - authentication_method rsasig; - hash_algorithm sha1; - encryption_algorithm 3des; - lifetime time 3600 sec; - dh_group 2; - } -} - diff --git a/rootdir/init.rc b/rootdir/init.rc index 47acd15..062957a 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -34,6 +34,7 @@ loglevel 3 write /proc/cpu/alignment 4 write /proc/sys/kernel/sched_latency_ns 10000000 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 + write /proc/sys/kernel/sched_compat_yield 1 # Create cgroup mount points for process groups mkdir /dev/cpuctl @@ -78,6 +79,11 @@ loglevel 3 mkdir /data/misc/keystore 0770 keystore keystore mkdir /data/misc/vpn 0770 system system mkdir /data/misc/vpn/profiles 0770 system system + mkdir /data/misc/wifi 0770 wifi system + chown wifi system /data/misc/wifi + touch /data/misc/wifi/wpa_supplicant.conf + chmod 0660 /data/misc/wifi/wpa_supplicant.conf + chown wifi system /data/misc/wifi/wpa_supplicant.conf mkdir /data/local 0771 shell shell mkdir /data/local/tmp 0771 shell shell mkdir /data/data 0771 system system @@ -288,13 +294,17 @@ service installd /system/bin/installd service flash_recovery /system/bin/flash_image recovery /system/recovery.img oneshot -service racoon /system/bin/racoon -F -f /etc/racoon/racoon.conf +service racoon /system/bin/racoon socket racoon stream 600 system system + # racoon will setuid to vpn after getting necessary resources. + group net_admin keystore disabled oneshot service mtpd /system/bin/mtpd socket mtpd stream 600 system system + user vpn + group vpn net_admin net_raw disabled oneshot diff --git a/toolbox/mount.c b/toolbox/mount.c index 395c943..472c952 100644 --- a/toolbox/mount.c +++ b/toolbox/mount.c @@ -226,7 +226,7 @@ int mount_main(int argc, char *argv[]) { char *type = NULL; int c; - int loop; + int loop = 0; progname = argv[0]; rwflag = MS_VERBOSE; diff --git a/toolbox/route.c b/toolbox/route.c index 2fd7108..4f66201 100644 --- a/toolbox/route.c +++ b/toolbox/route.c @@ -1,130 +1,103 @@ +/* + * Copyright (c) 2009, The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google, Inc. nor the names of its contributors + * may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ #include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <stdarg.h> - -#include <errno.h> #include <string.h> -#include <ctype.h> - +#include <errno.h> +#include <sys/ioctl.h> +#include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> -#include <linux/if.h> -#include <linux/sockios.h> #include <arpa/inet.h> #include <linux/route.h> -static void die(const char *fmt, ...) -{ - va_list p; - - va_start(p, fmt); - fprintf(stderr,"error(%s): ", strerror(errno)); - fprintf(stderr, fmt, p); - va_end(p); - exit(-1); +static inline int set_address(const char *address, struct sockaddr *sa) { + return inet_aton(address, &((struct sockaddr_in *)sa)->sin_addr); } -static inline void init_sockaddr_in(struct sockaddr_in *sin, const char *addr) -{ - sin->sin_family = AF_INET; - sin->sin_port = 0; - sin->sin_addr.s_addr = inet_addr(addr); -} - -#define ADVANCE(argc, argv) do { argc--, argv++; } while(0) -#define EXPECT_NEXT(argc, argv) do { \ - ADVANCE(argc, argv); \ - if (0 == argc) { \ - errno = EINVAL; \ - die("expecting one more argument"); \ - } \ -} while(0) - /* current support the following routing entries */ /* route add default dev wlan0 */ -/* route add default gw 192.168.20.1 dev wlan0 */ -/* route add net 192.168.1.1 netmask 255.255.255.0 gw 172.24.192.10 */ +/* route add default gw 192.168.1.1 dev wlan0 */ +/* route add -net 192.168.1.2 netmask 255.255.255.0 gw 192.168.1.1 */ int route_main(int argc, char *argv[]) { - struct ifreq ifr; - int s,i; - struct rtentry rt; - struct sockaddr_in ina; - - if (!argc) - return 0; - - strncpy(ifr.ifr_name, argv[0], IFNAMSIZ); - ifr.ifr_name[IFNAMSIZ-1] = 0; - ADVANCE(argc, argv); + struct rtentry rt = { + .rt_dst = {.sa_family = AF_INET}, + .rt_genmask = {.sa_family = AF_INET}, + .rt_gateway = {.sa_family = AF_INET}, + }; - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - die("cannot open control socket\n"); - } - - while(argc > 0){ - if (!strcmp(argv[0], "add")) { - EXPECT_NEXT(argc, argv); - if (!strcmp(argv[0], "default")) { - EXPECT_NEXT(argc, argv); - memset((char *) &rt, 0, sizeof(struct rtentry)); - rt.rt_dst.sa_family = AF_INET; - if(!strcmp(argv[0], "dev")) { - EXPECT_NEXT(argc, argv); - rt.rt_flags = RTF_UP | RTF_HOST; - rt.rt_dev = argv[0]; - if (ioctl(s, SIOCADDRT, &rt) < 0) - die("SIOCADDRT\n"); - } else if (!strcmp(argv[0], "gw")) { - EXPECT_NEXT(argc, argv); - rt.rt_flags = RTF_UP | RTF_GATEWAY; - init_sockaddr_in((struct sockaddr_in *)&(rt.rt_genmask), "0.0.0.0"); - if(isdigit(argv[0][0])) { - init_sockaddr_in((struct sockaddr_in *)&(rt.rt_gateway), argv[0]); - } else { - die("expecting an IP address for parameter \"gw\"\n"); - } - EXPECT_NEXT(argc, argv); - if (!strcmp(argv[0], "dev")) { - EXPECT_NEXT(argc, argv); - rt.rt_dev = argv[0]; - if (ioctl(s, SIOCADDRT, &rt) < 0) { - die("SIOCADDRT\n"); - } - } - } - } else { - char keywords[3][10] = { "-net", "netmask", "gw" }; - struct sockaddr_in *paddr[3] = { &rt.rt_dst, &rt.rt_genmask, &rt.rt_gateway }; - int k = 0; + errno = EINVAL; + if (argc > 2 && !strcmp(argv[1], "add")) { + if (!strcmp(argv[2], "default")) { + /* route add default dev wlan0 */ + if (argc > 4 && !strcmp(argv[3], "dev")) { + rt.rt_flags = RTF_UP | RTF_HOST; + rt.rt_dev = argv[4]; + errno = 0; + goto apply; + } - memset((char *) &rt, 0, sizeof(struct rtentry)); + /* route add default gw 192.168.1.1 dev wlan0 */ + if (argc > 6 && !strcmp(argv[3], "gw") && !strcmp(argv[5], "dev")) { rt.rt_flags = RTF_UP | RTF_GATEWAY; - do { - if (!strcmp(argv[0], keywords[k])) { - EXPECT_NEXT(argc, argv); - if (isdigit(argv[0][0])) { - init_sockaddr_in(paddr[k], argv[0]); - } else { - die("expecting an IP/MASK address for parameter %s\n", keywords[k]); - } - if (k < 2) - EXPECT_NEXT(argc, argv); - } else { - die("expecting keyword(s)\n"); - } - } while (++k < 3); - - if (ioctl(s, SIOCADDRT, &rt) < 0) { - die("SIOCADDRT\n"); + rt.rt_dev = argv[6]; + if (set_address(argv[4], &rt.rt_gateway)) { + errno = 0; } + goto apply; } } - ADVANCE(argc, argv); + + /* route add -net 192.168.1.2 netmask 255.255.255.0 gw 192.168.1.1 */ + if (argc > 7 && !strcmp(argv[2], "-net") && + !strcmp(argv[4], "netmask") && !strcmp(argv[6], "gw")) { + rt.rt_flags = RTF_UP | RTF_GATEWAY; + if (set_address(argv[3], &rt.rt_dst) && + set_address(argv[5], &rt.rt_genmask) && + set_address(argv[7], &rt.rt_gateway)) { + errno = 0; + } + goto apply; + } } - return 0; +apply: + if (!errno) { + int s = socket(AF_INET, SOCK_DGRAM, 0); + if (s != -1 && (ioctl(s, SIOCADDRT, &rt) != -1 || errno == EEXIST)) { + return 0; + } + } + puts(strerror(errno)); + return errno; } diff --git a/vold/format.c b/vold/format.c index a1faf7a..d4e2327 100755 --- a/vold/format.c +++ b/vold/format.c @@ -39,12 +39,13 @@ int format_partition(blkdev_t *part, char *type) if (!strcmp(type, FORMAT_TYPE_FAT32)) { char *args[6]; args[0] = MKDOSFS_PATH; - args[1] = "-c 32"; - args[2] = "-n 2"; - args[3] = "-O android"; - args[4] = devpath; - args[5] = NULL; - rc = logwrap(5, args, 1); + args[1] = "-F 32"; + args[2] = "-c 32"; + args[3] = "-n 2"; + args[4] = "-O android"; + args[5] = devpath; + args[6] = NULL; + rc = logwrap(6, args, 1); } else { char *args[7]; args[0] = MKE2FS_PATH; diff --git a/vold/uevent.c b/vold/uevent.c index cfb5786..66e70c5 100644 --- a/vold/uevent.c +++ b/vold/uevent.c @@ -272,8 +272,7 @@ static int handle_switch_event(struct uevent *event) else door_open = false; volmgr_safe_mode(low_batt || door_open); - } else - LOG_VOL("handle_switch_event(): Ignoring switch '%s'", name); + } return 0; } |