From a24687197d69ac677d176dbc41d5cfd65d1afc44 Mon Sep 17 00:00:00 2001
From: Chia-chi Yeh <chiachi@android.com>
Date: Mon, 8 Aug 2011 10:11:40 -0700
Subject: init.rc: add inet permission to VPN daemons explicitly.

Racoon still needs it after dropping root privilege, or pure IPSec VPN
will fail. Mtpd works without it because net_raw implies inet. However
it would be better to set all of them clearly without the assumption.

Change-Id: I50762af2c25ec9cc559e528c7b14f469494fd553
---
 rootdir/init.rc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'rootdir')

diff --git a/rootdir/init.rc b/rootdir/init.rc
index f843824..4d446c8 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -487,7 +487,7 @@ service racoon /system/bin/racoon
     class main
     socket racoon stream 600 system system
     # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
-    group vpn net_admin
+    group vpn net_admin inet
     disabled
     oneshot
 
@@ -495,7 +495,7 @@ service mtpd /system/bin/mtpd
     class main
     socket mtpd stream 600 system system
     user vpn
-    group vpn net_admin net_raw
+    group vpn net_admin inet net_raw
     disabled
     oneshot
 
-- 
cgit v1.1