diff options
| author | Jorge Lucangeli Obes <jorgelo@google.com> | 2017-03-17 11:47:25 -0400 |
|---|---|---|
| committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2017-03-17 11:47:25 -0400 |
| commit | 510e6127af706b2ff03dd496842c77018966af27 (patch) | |
| tree | b811365f83e93be3f9aac51bdb6e8abf12f2be0e | |
| parent | 66c4c5b6b715f325a3f262f96148cbe2594aaed1 (diff) | |
| download | mtpd-510e6127af706b2ff03dd496842c77018966af27.tar.gz | |
mtpd: Run with NET_ADMIN.
pppd is forked off mtpd. While mtpd does not require CAP_NET_ADMIN
(see https://cs.corp.google.com/android/system/sepolicy/public/mtp.te?l=9),
pppd actually does
(see https://cs.corp.google.com/android/system/sepolicy/public/ppp.te?l=13),
so mtpd needs to get CAP_NET_ADMIN so that pppd gets it after fork.
Bug: 35100237
Test: Set up PPTP VPN using http://www.vpnbook.com/ on Marlin.
Test: Connect:
03-17 15:41:22.602 3809 3809 I mtpd : Starting pppd (pppox = 9)
03-17 15:41:22.628 3811 3811 I pppd : Using PPPoX (socket = 9)
03-17 15:41:22.637 3811 3811 I pppd : pppd 2.4.7 started by vpn, uid 1016
03-17 15:41:22.639 3811 3811 I pppd : Using interface ppp0
03-17 15:41:22.639 3811 3811 I pppd : Connect: ppp0 <-->
03-17 15:41:22.770 3811 3811 I pppd : CHAP authentication succeeded
03-17 15:41:22.909 3811 3811 I pppd : MPPE 128-bit stateless compression enabled
03-17 15:41:23.065 3811 3811 I pppd : local IP address 172.16.36.113
03-17 15:41:23.065 3811 3811 I pppd : remote IP address 172.16.36.1
03-17 15:41:23.065 3811 3811 I pppd : primary DNS address 8.8.8.8
03-17 15:41:23.065 3811 3811 I pppd : secondary DNS address 91.239.100.100
03-17 15:41:23.205 933 3808 D ConnectivityService: registerNetworkAgent NetworkAgentInfo{ ni{[type: V
PN[], state: CONNECTING/CONNECTING, reason: (unspecified), extra: (none), failover: false, available: fa
lse, roaming: false, metered: false]} network{104} nethandle{446693034718} lp{{InterfaceName: ppp0 Li
nkAddresses: [172.16.36.113/32,] Routes: [0.0.0.0/0 -> 0.0.0.0 ppp0,::/0 unreachable,] DnsAddresses: [8
.8.8.8,91.239.100.100,] Domains: MTU: 0}} nc{[ Transports: VPN Capabilities: INTERNET&NOT_RESTRICTED&T
RUSTED]} Score{0} everValidated{false} lastValidated{false} created{false} lingering{false} explicit
lySelected{false} acceptUnvalidated{false} everCaptivePortalDetected{false} lastCaptivePortalDetected{fa
lse} }
03-17 15:41:23.211 933 1251 D ConnectivityService: Adding iface ppp0 to network 104
Change-Id: I0c58960504fe518634eb09a64eba544b97228d0d
| -rw-r--r-- | mtpd.rc | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -3,6 +3,6 @@ service mtpd /system/bin/mtpd socket mtpd stream 600 system system user vpn group vpn inet - capabilities NET_RAW + capabilities NET_ADMIN NET_RAW disabled oneshot |