init: update permissions for VPN.
VPN no longer uses system properties to keep network parameters.
Besides, profiles are now stored and encrypted by keystore.
Change-Id: I7575f04f350b7d8d5ba7008eb874a72180d057e8
diff --git a/init/property_service.c b/init/property_service.c
index d2f174d..046b120 100644
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -75,8 +75,6 @@
{ "wlan.", AID_SYSTEM, 0 },
{ "dhcp.", AID_SYSTEM, 0 },
{ "dhcp.", AID_DHCP, 0 },
- { "vpn.", AID_SYSTEM, 0 },
- { "vpn.", AID_VPN, 0 },
{ "debug.", AID_SHELL, 0 },
{ "log.", AID_SHELL, 0 },
{ "service.adb.root", AID_SHELL, 0 },
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 2cc81c6..3055bbb 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -144,9 +144,8 @@
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keychain 0771 system system
- mkdir /data/misc/vpn 0770 system system
+ mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/systemkeys 0700 system system
- mkdir /data/misc/vpn/profiles 0770 system system
# give system access to wpa_supplicant.conf for backup and restore
mkdir /data/misc/wifi 0770 wifi wifi
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
@@ -461,8 +460,8 @@
service racoon /system/bin/racoon
class main
socket racoon stream 600 system system
- # racoon will setuid to vpn after getting necessary resources.
- group net_admin
+ # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
+ group vpn net_admin
disabled
oneshot