diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index a4351aca7..459062682 100644
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@@ -50,6 +50,7 @@
 #define AID_DHCP          1014  /* dhcp client */
 #define AID_SDCARD_RW     1015  /* external storage write access */
 #define AID_VPN           1016  /* vpn system */
+#define AID_KEYSTORE      1017  /* keystore subsystem */
 
 #define AID_SHELL         2000  /* adb and debug shell user */
 #define AID_CACHE         2001  /* cache access */
@@ -97,7 +98,8 @@ static struct android_id_info android_ids[] = {
     { "net_bt",    AID_NET_BT, },
     { "sdcard_rw", AID_SDCARD_RW, },
     { "vpn",       AID_VPN, },
-    { "inet",      AID_INET, }, 
+    { "keystore",  AID_KEYSTORE, },
+    { "inet",      AID_INET, },
     { "net_raw",   AID_NET_RAW, },
     { "misc",      AID_MISC, },
     { "nobody",    AID_NOBODY, },
diff --git a/rootdir/init.rc b/rootdir/init.rc
index e16a3f0fa..9d764d22e 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -54,7 +54,7 @@ loglevel 3
 
 # mount mtd partitions
     # Mount /system rw first to give the filesystem a chance to save a checkpoint
-    mount yaffs2 mtd@system /system 
+    mount yaffs2 mtd@system /system
     mount yaffs2 mtd@system /system ro remount
 
     # We chown/chmod /data again so because mount is run as root + defaults
@@ -74,6 +74,9 @@ loglevel 3
 # create basic filesystem structure
     mkdir /data/misc 01771 system misc
     mkdir /data/misc/hcid 0770 bluetooth bluetooth
+    mkdir /data/misc/keystore 0770 keystore keystore
+    mkdir /data/misc/vpn 0770 system system
+    mkdir /data/misc/vpn/profiles 0770 system system
     mkdir /data/local 0771 shell shell
     mkdir /data/local/tmp 0771 shell shell
     mkdir /data/data 0771 system system
@@ -284,3 +287,19 @@ service installd /system/bin/installd
 
 service flash_recovery /system/bin/flash_image recovery /system/recovery.img
     oneshot
+
+service racoon /system/bin/racoon -F -f /etc/racoon/racoon.conf
+    socket racoon stream 600 system system
+    disabled
+    oneshot
+
+service mtpd /system/bin/mtpd
+    socket mtpd stream 600 system system
+    disabled
+    oneshot
+
+service keystore /system/bin/keystore
+    user keystore
+    group keystore
+    socket keystore stream 666
+