diff options
author | Tobias Brunner <tobias@strongswan.org> | 2011-10-18 11:36:52 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2011-10-18 11:36:52 +0200 |
commit | bdbbab35b13928c74a55895f54f7b6457e6e762d (patch) | |
tree | fb696e502f1d13eb199d4865d80d894768c3c57e /src | |
parent | b9307badfe8d53e808c9b3ef689c1871547d7938 (diff) | |
download | strongswan-bdbbab35b13928c74a55895f54f7b6457e6e762d.tar.bz2 strongswan-bdbbab35b13928c74a55895f54f7b6457e6e762d.tar.xz |
pluto: Switch to user 'vpn' on Android.
Diffstat (limited to 'src')
-rw-r--r-- | src/charon/charon.c | 2 | ||||
-rw-r--r-- | src/pluto/plutomain.c | 21 |
2 files changed, 17 insertions, 6 deletions
diff --git a/src/charon/charon.c b/src/charon/charon.c index 9c6f47830..141403b89 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -41,7 +41,7 @@ #include <threading/thread.h> #ifdef ANDROID -#include <private/android_filesystem_config.h> +#include <private/android_filesystem_config.h> /* for AID_VPN */ #endif #ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */ diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index 20c9a07a5..6366b2982 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -81,6 +81,10 @@ #include "whack_attribute.h" #include "pluto.h" +#ifdef ANDROID +#include <private/android_filesystem_config.h> /* for AID_VPN */ +#endif + /** * Number of threads in the thread pool, if not specified in config. */ @@ -716,10 +720,10 @@ int main(int argc, char **argv) #ifdef IPSEC_GROUP { struct group group, *grp; - char buf[1024]; + char buf[1024]; if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 || - grp == NULL || setgid(grp->gr_gid) != 0) + grp == NULL || setgid(grp->gr_gid) != 0) { plog("unable to change daemon group"); abort(); @@ -729,15 +733,22 @@ int main(int argc, char **argv) #ifdef IPSEC_USER { struct passwd passwd, *pwp; - char buf[1024]; + char buf[1024]; if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || - pwp == NULL || setuid(pwp->pw_uid) != 0) + pwp == NULL || setuid(pwp->pw_uid) != 0) { plog("unable to change daemon user"); abort(); } - } + } +#endif +#ifdef ANDROID + if (setuid(AID_VPN) != 0) + { + plog("unable to change daemon user"); + abort(); + } #endif #ifdef CAPABILITIES_LIBCAP |