aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2011-10-18 11:36:52 +0200
committerTobias Brunner <tobias@strongswan.org>2011-10-18 11:36:52 +0200
commitbdbbab35b13928c74a55895f54f7b6457e6e762d (patch)
treefb696e502f1d13eb199d4865d80d894768c3c57e /src
parentb9307badfe8d53e808c9b3ef689c1871547d7938 (diff)
downloadstrongswan-bdbbab35b13928c74a55895f54f7b6457e6e762d.tar.bz2
strongswan-bdbbab35b13928c74a55895f54f7b6457e6e762d.tar.xz
pluto: Switch to user 'vpn' on Android.
Diffstat (limited to 'src')
-rw-r--r--src/charon/charon.c2
-rw-r--r--src/pluto/plutomain.c21
2 files changed, 17 insertions, 6 deletions
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 9c6f47830..141403b89 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -41,7 +41,7 @@
#include <threading/thread.h>
#ifdef ANDROID
-#include <private/android_filesystem_config.h>
+#include <private/android_filesystem_config.h> /* for AID_VPN */
#endif
#ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index 20c9a07a5..6366b2982 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -81,6 +81,10 @@
#include "whack_attribute.h"
#include "pluto.h"
+#ifdef ANDROID
+#include <private/android_filesystem_config.h> /* for AID_VPN */
+#endif
+
/**
* Number of threads in the thread pool, if not specified in config.
*/
@@ -716,10 +720,10 @@ int main(int argc, char **argv)
#ifdef IPSEC_GROUP
{
struct group group, *grp;
- char buf[1024];
+ char buf[1024];
if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
- grp == NULL || setgid(grp->gr_gid) != 0)
+ grp == NULL || setgid(grp->gr_gid) != 0)
{
plog("unable to change daemon group");
abort();
@@ -729,15 +733,22 @@ int main(int argc, char **argv)
#ifdef IPSEC_USER
{
struct passwd passwd, *pwp;
- char buf[1024];
+ char buf[1024];
if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
- pwp == NULL || setuid(pwp->pw_uid) != 0)
+ pwp == NULL || setuid(pwp->pw_uid) != 0)
{
plog("unable to change daemon user");
abort();
}
- }
+ }
+#endif
+#ifdef ANDROID
+ if (setuid(AID_VPN) != 0)
+ {
+ plog("unable to change daemon user");
+ abort();
+ }
#endif
#ifdef CAPABILITIES_LIBCAP