init: update permissions for VPN.

VPN no longer uses system properties to keep network parameters. Besides, profiles are now stored and encrypted by keystore. Change-Id: I7575f04f350b7d8d5ba7008eb874a72180d057e8

init: update permissions for VPN.
9bb4d411 · Chia-chi Yeh · ea744141 · 9bb4d411 · 9bb4d411
Commit 9bb4d411 authored Jul 9, 2011 by Chia-chi Yeh
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -75,8 +75,6 @@ struct {
    { "wlan.",            AID_SYSTEM,   0 },
    { "dhcp.",            AID_SYSTEM,   0 },
    { "dhcp.",            AID_DHCP,     0 },
-    { "vpn.",             AID_SYSTEM,   0 },
-    { "vpn.",             AID_VPN,      0 },
    { "debug.",           AID_SHELL,    0 },
    { "log.",             AID_SHELL,    0 },
    { "service.adb.root", AID_SHELL,    0 },

--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -144,9 +144,8 @@ on post-fs-data
    mkdir /data/misc/bluetooth 0770 system system
    mkdir /data/misc/keystore 0700 keystore keystore
    mkdir /data/misc/keychain 0771 system system
-    mkdir /data/misc/vpn 0770 system system
+    mkdir /data/misc/vpn 0770 system vpn
    mkdir /data/misc/systemkeys 0700 system system
-    mkdir /data/misc/vpn/profiles 0770 system system
    # give system access to wpa_supplicant.conf for backup and restore
    mkdir /data/misc/wifi 0770 wifi wifi
    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
@@ -461,8 +460,8 @@ service flash_recovery /system/etc/install-recovery.sh
 service racoon /system/bin/racoon
    class main
    socket racoon stream 600 system system
-    # racoon will setuid to vpn after getting necessary resources.
+    # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
-    group net_admin
+    group vpn net_admin
    disabled
    oneshot