6 files changed, 108 insertions, 44 deletions
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index b2fe8cf..44e343c 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -6,13 +6,15 @@ include $(CLEAR_VARS)
 copy_from := \
 	etc/dbus.conf \
 	etc/init.goldfish.sh \
+	etc/ppp/ip-up \
+	etc/ppp/ip-down \
+	etc/ppp/peers/common \
+	etc/racoon/racoon.conf \
 	etc/hosts
 
 dont_copy := \
 	etc/init.gprs-pppd \
-	etc/ppp/chap-secrets \
-	etc/ppp/ip-down \
-	etc/ppp/ip-up
+	etc/ppp/chap-secrets
 
 copy_to := $(addprefix $(TARGET_OUT)/,$(copy_from))
 copy_from := $(addprefix $(LOCAL_PATH)/,$(copy_from))
diff --git a/rootdir/etc/ppp/ip-down b/rootdir/etc/ppp/ip-down
index 672fa1e..58d21e5 100755
--- a/rootdir/etc/ppp/ip-down
+++ b/rootdir/etc/ppp/ip-down
@@ -1,14 +1 @@
 #!/system/bin/sh
-case $1 in
-    ppp1)
-	echo 0 > /proc/sys/net/ipv4/ip_forward;
-	;;
-esac
-
-# Use interface name if linkname is not available
-NAME=${LINKNAME:-"$1"}
-
-/system/bin/setprop "net.$NAME.dns1" "$DNS1"
-/system/bin/setprop "net.$NAME.dns2" "$DNS2" 
-/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" 
-/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" 
diff --git a/rootdir/etc/ppp/ip-up b/rootdir/etc/ppp/ip-up
index cb2d577..8c8f12c 100755
--- a/rootdir/etc/ppp/ip-up
+++ b/rootdir/etc/ppp/ip-up
@@ -1,24 +1,33 @@
 #!/system/bin/sh
-case $1 in
-    ppp1)
-	/android/bin/iptables --flush;
-	/android/bin/iptables --table nat --flush;
-	/android/bin/iptables --delete-chain;
-	/android/bin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE;
-	/android/bin/iptables --append FORWARD --in-interface ppp1 -j ACCEPT;
-	echo 0 > /proc/sys/net/ipv4/ip_forward;
-	echo 1 > /proc/sys/net/ipv4/ip_forward;
-	;;
-    ppp0)
-        /system/bin/setprop "net.interfaces.defaultroute" "gprs"
-        ;;
-esac
 
 # Use interface name if linkname is not available
-NAME=${LINKNAME:-"$1"}
 
-/system/bin/setprop "net.$NAME.dns1" "$DNS1"
-/system/bin/setprop "net.$NAME.dns2" "$DNS2" 
-/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" 
-/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" 
+/system/bin/setprop "net.dns1" "$DNS1"
+/system/bin/setprop "net.dns2" "$DNS2"
+
+# Retrieve the default gateway from /proc/net/route
+RTAB=`cat /proc/net/route`
+flag=-1; i=0;
+for l in $RTAB; do
+    if (exp flag==1) then DGW=$l; flag=0; fi;
+    if (exp i%11 == 1) then
+        if (exp $l=="00000000") then flag=1; fi;
+    fi;
+    i=`exp i+1`;
+done
+FH=${DGW%????}
+LH=${DGW#????}
+A=`exp 0x${LH#??}`
+B=`exp 0x${LH%??}`
+C=`exp 0x${FH#??}`
+D=`exp 0x${FH%??}`
+GATEWAY="$A.$B.$C.$D"
+VPNSERVER=`getprop "net.vpn.server_ip"`
+
+# Protect the route to vpn server
+/system/bin/route add -net $VPNSERVER netmask 255.255.255.255 gw $GATEWAY
+
+# Route all traffic to vpn connection
+/system/bin/route add -net 0.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
+/system/bin/route add -net 128.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
 
diff --git a/rootdir/etc/ppp/peers/common b/rootdir/etc/ppp/peers/common
new file mode 100755
index 0000000..4183841
--- /dev/null
+++ b/rootdir/etc/ppp/peers/common
@@ -0,0 +1,10 @@
+ipcp-accept-local
+ipcp-accept-remote
+refuse-eap
+noccp
+noauth
+idle 1800
+mtu 1400
+mru 1400
+nodefaultroute
+usepeerdns
diff --git a/rootdir/etc/racoon/racoon.conf b/rootdir/etc/racoon/racoon.conf
new file mode 100644
index 0000000..eb50a2d
--- /dev/null
+++ b/rootdir/etc/racoon/racoon.conf
@@ -0,0 +1,35 @@
+#path certificate "";
+path certificate "/";
+
+sainfo anonymous {
+   encryption_algorithm aes, 3des;
+   authentication_algorithm hmac_sha1, hmac_md5;
+   compression_algorithm deflate;
+   lifetime time 3600 sec;
+}
+
+remote anonymous {
+   exchange_mode main;
+   doi ipsec_doi;
+   situation identity_only;
+   ike_frag on;
+   generate_policy on;
+   my_identifier asn1dn;
+   nat_traversal on; # always use NAT-T
+   ca_type x509 "ca.crt";
+   certificate_type x509 "user.crt" "user.key";
+   verify_identifier off;
+   verify_cert on;
+   nonce_size 16;
+   initial_contact on;
+   proposal_check obey;
+
+   proposal {
+      authentication_method rsasig;
+      hash_algorithm sha1;
+      encryption_algorithm 3des;
+      lifetime time 3600 sec;
+      dh_group 2;
+   }
+}
+
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 9853cc6..cf7d885 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -23,6 +23,7 @@ loglevel 3
     mkdir /system
     mkdir /data 0771 system system
     mkdir /cache 0770 system cache
+    mkdir /config 0500 root root
     mkdir /sqlite_stmt_journals 01777 root root
     mount tmpfs tmpfs /sqlite_stmt_journals size=4m
 
@@ -50,11 +51,11 @@ loglevel 3
     mkdir /dev/cpuctl/bg_non_interactive
     chown system system /dev/cpuctl/bg_non_interactive/tasks
     chmod 0777 /dev/cpuctl/bg_non_interactive/tasks
-    write /dev/cpuctl/bg_non_interactive/cpu.shares 1024
+    write /dev/cpuctl/bg_non_interactive/cpu.shares 1
 
 # mount mtd partitions
     # Mount /system rw first to give the filesystem a chance to save a checkpoint
-    mount yaffs2 mtd@system /system 
+    mount yaffs2 mtd@system /system
     mount yaffs2 mtd@system /system ro remount
 
     # We chown/chmod /data again so because mount is run as root + defaults
@@ -73,7 +74,10 @@ loglevel 3
 
 # create basic filesystem structure
     mkdir /data/misc 01771 system misc
-    mkdir /data/misc/hcid 0770 bluetooth bluetooth
+    mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
+    mkdir /data/misc/keystore 0770 keystore keystore
+    mkdir /data/misc/vpn 0770 system system
+    mkdir /data/misc/vpn/profiles 0770 system system
     mkdir /data/local 0771 shell shell
     mkdir /data/local/tmp 0771 shell shell
     mkdir /data/data 0771 system system
@@ -105,14 +109,12 @@ on boot
 # set RLIMIT_NICE to allow priorities from 19 to -20
     setrlimit 13 40 40
 
-# Set timeout value for rmnet stats.
-    write /sys/devices/virtual/net/rmnet0/timeout_suspend 5000000
-
 # Define the oom_adj values for the classes of processes that can be
 # killed by the kernel.  These are used in ActivityManagerService.
     setprop ro.FOREGROUND_APP_ADJ 0
     setprop ro.VISIBLE_APP_ADJ 1
     setprop ro.SECONDARY_SERVER_ADJ 2
+    setprop ro.BACKUP_APP_ADJ 2
     setprop ro.HOME_APP_ADJ 4
     setprop ro.HIDDEN_APP_MIN_ADJ 7
     setprop ro.CONTENT_PROVIDER_ADJ 14
@@ -123,6 +125,7 @@ on boot
     setprop ro.FOREGROUND_APP_MEM 1536
     setprop ro.VISIBLE_APP_MEM 2048
     setprop ro.SECONDARY_SERVER_MEM 4096
+    setprop ro.BACKUP_APP_MEM 4096
     setprop ro.HOME_APP_MEM 4096
     setprop ro.HIDDEN_APP_MEM 5120
     setprop ro.CONTENT_PROVIDER_MEM 5632
@@ -252,16 +255,18 @@ service bootanim /system/bin/bootanimation
     disabled
     oneshot
 
-service dbus /system/bin/dbus-daemon --system --nofork
+#STOPSHIP: Remove logwrapper before production
+service dbus /system/bin/logwrapper /system/bin/dbus-daemon --system --nofork
     socket dbus stream 660 bluetooth bluetooth
     user bluetooth
     group bluetooth net_bt_admin
 
-service hcid /system/bin/hcid -s -n -f /etc/bluez/hcid.conf
+#STOPSHIP: Remove logwrapper and -d option before production
+service bluetoothd /system/bin/logwrapper /system/bin/bluetoothd -d -n
     socket bluetooth stream 660 bluetooth bluetooth
     socket dbus_bluetooth stream 660 bluetooth bluetooth
     # init.rc does not yet support applying capabilities, so run as root and
-    # let hcid drop uid to bluetooth with the right linux capabilities
+    # let bluetoothd drop uid to bluetooth with the right linux capabilities
     group bluetooth net_bt_admin misc
     disabled
 
@@ -282,3 +287,19 @@ service installd /system/bin/installd
 
 service flash_recovery /system/bin/flash_image recovery /system/recovery.img
     oneshot
+
+service racoon /system/bin/racoon -F -f /etc/racoon/racoon.conf
+    socket racoon stream 600 system system
+    disabled
+    oneshot
+
+service mtpd /system/bin/mtpd
+    socket mtpd stream 600 system system
+    disabled
+    oneshot
+
+service keystore /system/bin/keystore
+    user keystore
+    group keystore
+    socket keystore stream 666
+