From 51afbf583819f3bdfc96f3c66c9c3444803e792a Mon Sep 17 00:00:00 2001
From: Chia-chi Yeh <chiachi@android.com>
Date: Wed, 1 Jul 2009 07:06:47 +0800
Subject: [PATCH] rootdir: Modify init.rc to run mtpd/racoon as a non-root
 user.

Note that this change requires a new prebuilt kernel for AID_NET_ADMIN.
---
 rootdir/init.rc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 23ee1c8a5..ac066fad2 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -286,13 +286,17 @@ service installd /system/bin/installd
 service flash_recovery /system/bin/flash_image recovery /system/recovery.img
     oneshot
 
-service racoon /system/bin/racoon -F -f /etc/racoon/racoon.conf
+service racoon /system/bin/racoon
     socket racoon stream 600 system system
+    # racoon will setuid to vpn after getting necessary resources.
+    group net_admin keystore
     disabled
     oneshot
 
 service mtpd /system/bin/mtpd
     socket mtpd stream 600 system system
+    user vpn
+    group vpn net_admin net_raw
     disabled
     oneshot