From bdbbab35b13928c74a55895f54f7b6457e6e762d Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 18 Oct 2011 11:36:52 +0200
Subject: [PATCH] pluto: Switch to user 'vpn' on Android.

---
 src/charon/charon.c   |  2 +-
 src/pluto/plutomain.c | 21 ++++++++++++++++-----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/charon/charon.c b/src/charon/charon.c
index 9c6f47830b..141403b895 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -41,7 +41,7 @@
 #include <threading/thread.h>
 
 #ifdef ANDROID
-#include <private/android_filesystem_config.h>
+#include <private/android_filesystem_config.h> /* for AID_VPN */
 #endif
 
 #ifndef LOG_AUTHPRIV /* not defined on OpenSolaris */
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index 20c9a07a59..6366b2982d 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -81,6 +81,10 @@
 #include "whack_attribute.h"
 #include "pluto.h"
 
+#ifdef ANDROID
+#include <private/android_filesystem_config.h> /* for AID_VPN */
+#endif
+
 /**
  * Number of threads in the thread pool, if not specified in config.
  */
@@ -716,10 +720,10 @@ int main(int argc, char **argv)
 #ifdef IPSEC_GROUP
 	{
 		struct group group, *grp;
-	char buf[1024];
+		char buf[1024];
 
 		if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
-				grp == NULL || setgid(grp->gr_gid) != 0)
+			grp == NULL || setgid(grp->gr_gid) != 0)
 		{
 			plog("unable to change daemon group");
 			abort();
@@ -729,15 +733,22 @@ int main(int argc, char **argv)
 #ifdef IPSEC_USER
 	{
 		struct passwd passwd, *pwp;
-	char buf[1024];
+		char buf[1024];
 
 		if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
-				pwp == NULL || setuid(pwp->pw_uid) != 0)
+			pwp == NULL || setuid(pwp->pw_uid) != 0)
 		{
 			plog("unable to change daemon user");
 			abort();
 		}
-		}
+	}
+#endif
+#ifdef ANDROID
+	if (setuid(AID_VPN) != 0)
+	{
+		plog("unable to change daemon user");
+		abort();
+	}
 #endif
 
 #ifdef CAPABILITIES_LIBCAP
-- 
2.47.2