commit 1f75d709c10f49d2e2390b888e766bcfd17da860
author Chung-yih Wang <cywang@google.com> Mon Jun 01 19:04:05 2009 +0800
committer Chung-yih Wang <cywang@google.com> Tue Jun 09 10:49:39 2009 +0800
tree e7bb7cc6ab121661fcb9e0f21b6e55f6b6b7390c
parent 17df71e0b277372de1d915c168c07c8877e82395

Add VPN and Keystore services and data directories.

-- changed the default mode to 0770 for keystore with the new user 'keystore'.
-- add the keystore service providing the basic key lookup/install/remove, but
  only keystore user can access the key content.

include/private/android_filesystem_config.h

diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index a4351ac..4590626 100644
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@@ -50,6 +50,7 @@
 #define AID_DHCP          1014  /* dhcp client */
 #define AID_SDCARD_RW     1015  /* external storage write access */
 #define AID_VPN           1016  /* vpn system */
+#define AID_KEYSTORE      1017  /* keystore subsystem */
 
 #define AID_SHELL         2000  /* adb and debug shell user */
 #define AID_CACHE         2001  /* cache access */
@@ -97,7 +98,8 @@
     { "net_bt",    AID_NET_BT, },
     { "sdcard_rw", AID_SDCARD_RW, },
     { "vpn",       AID_VPN, },
-    { "inet",      AID_INET, }, 
+    { "keystore",  AID_KEYSTORE, },
+    { "inet",      AID_INET, },
     { "net_raw",   AID_NET_RAW, },
     { "misc",      AID_MISC, },
     { "nobody",    AID_NOBODY, },

rootdir/init.rc

diff --git a/rootdir/init.rc b/rootdir/init.rc
index e16a3f0..9d764d2 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -54,7 +54,7 @@
 
 # mount mtd partitions
     # Mount /system rw first to give the filesystem a chance to save a checkpoint
-    mount yaffs2 mtd@system /system 
+    mount yaffs2 mtd@system /system
     mount yaffs2 mtd@system /system ro remount
 
     # We chown/chmod /data again so because mount is run as root + defaults
@@ -74,6 +74,9 @@
 # create basic filesystem structure
     mkdir /data/misc 01771 system misc
     mkdir /data/misc/hcid 0770 bluetooth bluetooth
+    mkdir /data/misc/keystore 0770 keystore keystore
+    mkdir /data/misc/vpn 0770 system system
+    mkdir /data/misc/vpn/profiles 0770 system system
     mkdir /data/local 0771 shell shell
     mkdir /data/local/tmp 0771 shell shell
     mkdir /data/data 0771 system system
@@ -284,3 +287,19 @@
 
 service flash_recovery /system/bin/flash_image recovery /system/recovery.img
     oneshot
+
+service racoon /system/bin/racoon -F -f /etc/racoon/racoon.conf
+    socket racoon stream 600 system system
+    disabled
+    oneshot
+
+service mtpd /system/bin/mtpd
+    socket mtpd stream 600 system system
+    disabled
+    oneshot
+
+service keystore /system/bin/keystore
+    user keystore
+    group keystore
+    socket keystore stream 666
+