rootdir: Modify init.rc to run mtpd/racoon as a non-root user. Note that this change requires a new prebuilt kernel for AID_NET_ADMIN.

commit: 51afbf583819f3bdfc96f3c66c9c3444803e792a [log] [tgz]
author: Chia-chi Yeh <chiachi@android.com> Wed Jul 01 07:06:47 2009 +0800
committer: Chia-chi Yeh <chiachi@android.com> Wed Jul 01 07:06:47 2009 +0800
tree: 51f2d528ffe88cb2da51ef9621f9a0bb36dcc3f9
parent: 383688b52fb19b9c4d98bb1a660febc880d0e268 [diff] [blame]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 23ee1c8..ac066fa 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -286,13 +286,17 @@
 service flash_recovery /system/bin/flash_image recovery /system/recovery.img
     oneshot
 
-service racoon /system/bin/racoon -F -f /etc/racoon/racoon.conf
+service racoon /system/bin/racoon
     socket racoon stream 600 system system
+    # racoon will setuid to vpn after getting necessary resources.
+    group net_admin keystore
     disabled
     oneshot
 
 service mtpd /system/bin/mtpd
     socket mtpd stream 600 system system
+    user vpn
+    group vpn net_admin net_raw
     disabled
     oneshot
commit	51afbf583819f3bdfc96f3c66c9c3444803e792a	[log] [tgz]
author	Chia-chi Yeh <chiachi@android.com>	Wed Jul 01 07:06:47 2009 +0800
committer	Chia-chi Yeh <chiachi@android.com>	Wed Jul 01 07:06:47 2009 +0800
tree	51f2d528ffe88cb2da51ef9621f9a0bb36dcc3f9
parent	383688b52fb19b9c4d98bb1a660febc880d0e268 [diff] [blame]