VPN reconnection fails after manually disabling VPN
am: a7ed60ec39
Change-Id: Iec10eb983ad2edaa417dd494505e8154f1fbb7a2
diff --git a/Android.mk b/Android.mk
index 3754c4d..788b0f2 100644
--- a/Android.mk
+++ b/Android.mk
@@ -59,18 +59,9 @@
LOCAL_STATIC_LIBRARIES := libipsec
-LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto
+LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto libkeystore-engine
-ifneq (,$(wildcard $(TOP)/external/boringssl/flavor.mk))
- include $(TOP)/external/boringssl/flavor.mk
-else
- include $(TOP)/external/openssl/flavor.mk
-endif
-ifeq ($(OPENSSL_FLAVOR),BoringSSL)
- LOCAL_SHARED_LIBRARIES += libkeystore-engine
-endif
-
-LOCAL_CFLAGS := -DANDROID_CHANGES -DHAVE_CONFIG_H -DHAVE_OPENSSL_ENGINE_H -D_BSD_SOURCE=1
+LOCAL_CFLAGS := -DANDROID_CHANGES -DHAVE_CONFIG_H -D_BSD_SOURCE=1
LOCAL_CFLAGS += -Wno-sign-compare -Wno-missing-field-initializers -Wno-unused-parameter -Wno-pointer-sign -Werror
@@ -95,7 +86,7 @@
src/libipsec/pfkey.c \
src/libipsec/ipsec_strerror.c
-LOCAL_CFLAGS := -DANDROID_CHANGES -DHAVE_CONFIG_H -DHAVE_OPENSSL_ENGINE_H
+LOCAL_CFLAGS := -DANDROID_CHANGES -DHAVE_CONFIG_H
LOCAL_CFLAGS += -Wno-sign-compare -Wno-missing-field-initializers -Wno-unused-parameter -Wno-pointer-sign -Werror
diff --git a/main.c b/main.c
index d7f10e0..01119f5 100644
--- a/main.c
+++ b/main.c
@@ -28,8 +28,6 @@
#ifdef ANDROID_CHANGES
-#include <openssl/engine.h>
-
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
@@ -160,22 +158,10 @@
{
#ifdef ANDROID_CHANGES
int control = android_get_control_and_arguments(&argc, &argv);
-#if !defined(OPENSSL_IS_BORINGSSL)
- ENGINE *engine;
-#endif
if (control != -1) {
pname = "%p";
monitor_fd(control, NULL);
-
-#if !defined(OPENSSL_IS_BORINGSSL)
- ENGINE_load_dynamic();
- engine = ENGINE_by_id("keystore");
- if (!engine || !ENGINE_init(engine)) {
- do_plog(LLV_ERROR, "ipsec-tools: cannot load keystore engine");
- exit(1);
- }
-#endif
}
#endif
@@ -216,12 +202,6 @@
}
}
-#if !defined(OPENSSL_IS_BORINGSSL)
- if (engine) {
- ENGINE_finish(engine);
- ENGINE_free(engine);
- }
-#endif
return 0;
}
diff --git a/racoon.rc b/racoon.rc
index 2d2a8f2..2feb5ae 100644
--- a/racoon.rc
+++ b/racoon.rc
@@ -2,6 +2,7 @@
class main
socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
- group vpn net_admin inet
+ group vpn inet
+ capabilities NET_ADMIN
disabled
oneshot