| service netd /system/bin/netd |
| class main |
| capabilities CHOWN DAC_OVERRIDE DAC_READ_SEARCH FOWNER IPC_LOCK KILL NET_ADMIN NET_BIND_SERVICE NET_RAW SETUID SETGID |
| user root |
| group root net_admin |
| # apparently some older kernels do not honour CAP_IPC_LOCK for eBPF map allocation |
| rlimit memlock 1073741824 1073741824 |
| socket dnsproxyd stream 0660 root inet |
| socket mdns stream 0660 root system |
| socket fwmarkd stream 0660 root inet |
| onrestart restart zygote |
| onrestart restart zygote_secondary |
| # b/121354779: netd itself is not updatable, but on startup it dlopen()s the resolver library |
| # from the DNS resolver APEX. Mark it as updatable so init won't start it until all APEX |
| # packages are ready. |
| updatable |
| |
| # Moved from external/android-clat/vendor-464xlat.rc. Since |
| # clatd is modularized and shipped in apex, migrate the |
| # clat vendor property to netd. |
| # |
| # Certain vendors disable 464xlat by setting a vendor property. |
| # The connectivity code in the Tethering APEX needs to disable |
| # 464xlat when the property is set, but it is only allowed to |
| # access non-vendor system properties. So copy the property to |
| # a property available to system APIs in android.sysprop. |
| # |
| # Arguably this script should live close to the code that uses |
| # it, but scrips in APEXes are not allowed to use "on property". |
| # So put it here close to clatd, which is at least related to |
| # 464xlat. |
| on property:persist.vendor.net.doxlat=true |
| setprop net.464xlat.cellular.enabled true |
| |
| on property:persist.vendor.net.doxlat=false |
| setprop net.464xlat.cellular.enabled false |
