aboutsummaryrefslogtreecommitdiff
path: root/rootdir/init.rc
diff options
context:
space:
mode:
Diffstat (limited to 'rootdir/init.rc')
-rw-r--r--rootdir/init.rc794
1 files changed, 794 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
new file mode 100644
index 0000000..75d8304
--- /dev/null
+++ b/rootdir/init.rc
@@ -0,0 +1,794 @@
+# Copyright (C) 2012 The Android Open Source Project
+#
+# IMPORTANT: Do not create world writable files or directories.
+# This is a common source of Android security bugs.
+#
+
+import /init.environ.rc
+import /init.usb.rc
+import /init.${ro.hardware}.rc
+import /init.usb.configfs.rc
+import /init.${ro.zygote}.rc
+import /init.trace.rc
+# Include CM's extra init file
+import /init.cm.rc
+import /init.modem.rc
+
+on early-init
+ # Set init and its forked children's oom_adj.
+ write /proc/1/oom_score_adj -1000
+
+ # Set the security context of /adb_keys if present.
+ restorecon /adb_keys
+
+ start ueventd
+
+on init
+ sysclktz 0
+
+ write /proc/bootprof "INIT: on init start"
+
+ # Backward compatibility.
+ symlink /system/etc /etc
+ symlink /sys/kernel/debug /d
+
+ # Link /vendor to /system/vendor for devices without a vendor partition.
+ symlink /system/vendor /vendor
+
+ # Create cgroup mount point for cpu accounting
+ mkdir /acct
+ mount cgroup none /acct cpuacct
+ mkdir /acct/uid
+
+ # Create cgroup mount point for memory
+ mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
+ mkdir /sys/fs/cgroup/memory 0750 root system
+ mount cgroup none /sys/fs/cgroup/memory memory
+ write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
+ chown root system /sys/fs/cgroup/memory/tasks
+ chmod 0660 /sys/fs/cgroup/memory/tasks
+ mkdir /sys/fs/cgroup/memory/sw 0750 root system
+ write /sys/fs/cgroup/memory/sw/memory.swappiness 100
+ write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
+ chown root system /sys/fs/cgroup/memory/sw/tasks
+ chmod 0660 /sys/fs/cgroup/memory/sw/tasks
+ chmod 0220 /sys/fs/cgroup/memory/cgroup.event_control
+
+ mkdir /system
+ mkdir /data 0771 system system
+ mkdir /cache 0770 system cache
+ mkdir /config 0500 root root
+
+ # Mount staging areas for devices managed by vold
+ # See storage config details at http://source.android.com/tech/storage/
+ mkdir /mnt 0755 root system
+ mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000
+ restorecon_recursive /mnt
+
+ # Directory for putting things only root should see.
+ mkdir /mnt/secure 0700 root root
+
+ # Directory for staging bindmounts
+ mkdir /mnt/secure/staging 0700 root root
+ mkdir /mnt/secure/asec 0700 root root
+ mkdir /mnt/asec 0755 root system
+ mkdir /mnt/obb 0755 root system
+ mkdir /mnt/media_rw 0750 root media_rw
+ mkdir /mnt/user 0755 root root
+ mkdir /mnt/user/0 0755 root root
+ mkdir /mnt/expand 0771 system system
+
+ # Storage views to support runtime permissions
+ mkdir /storage 0755 root root
+ mkdir /mnt/runtime 0700 root root
+ mkdir /mnt/runtime/default 0755 root root
+ mkdir /mnt/runtime/default/self 0755 root root
+ mkdir /mnt/runtime/read 0755 root root
+ mkdir /mnt/runtime/read/self 0755 root root
+ mkdir /mnt/runtime/write 0755 root root
+ mkdir /mnt/runtime/write/self 0755 root root
+
+ # Symlink to keep legacy apps working in multi-user world
+ symlink /storage/self/primary /sdcard
+ symlink /mnt/user/0/primary /mnt/runtime/default/self/primary
+
+ # memory control cgroup
+ mkdir /dev/memcg 0700 root system
+ mount cgroup none /dev/memcg memory
+
+ write /proc/sys/kernel/panic_on_oops 1
+ write /proc/sys/kernel/hung_task_timeout_secs 0
+ write /proc/cpu/alignment 4
+
+ # scheduler tunables
+ # Disable auto-scaling of scheduler tunables with hotplug. The tunables
+ # will vary across devices in unpredictable ways if allowed to scale with
+ # cpu cores.
+ write /proc/sys/kernel/sched_tunable_scaling 0
+ write /proc/sys/kernel/sched_latency_ns 10000000
+ write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
+ write /proc/sys/kernel/sched_compat_yield 1
+ write /proc/sys/kernel/sched_child_runs_first 0
+
+ write /proc/sys/kernel/randomize_va_space 2
+ write /proc/sys/kernel/kptr_restrict 2
+ write /proc/sys/vm/mmap_min_addr 32768
+ write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
+ write /proc/sys/net/unix/max_dgram_qlen 300
+ write /proc/sys/kernel/sched_rt_runtime_us 950000
+ write /proc/sys/kernel/sched_rt_period_us 1000000
+
+ # reflect fwmark from incoming packets onto generated replies
+ write /proc/sys/net/ipv4/fwmark_reflect 1
+ write /proc/sys/net/ipv6/fwmark_reflect 1
+
+ # set fwmark on accepted sockets
+ write /proc/sys/net/ipv4/tcp_fwmark_accept 1
+
+ # disable icmp redirects
+ write /proc/sys/net/ipv4/conf/all/accept_redirects 0
+ write /proc/sys/net/ipv6/conf/all/accept_redirects 0
+
+ # Create cgroup mount points for process groups
+ mkdir /dev/cpuctl
+ mount cgroup none /dev/cpuctl cpu
+ chown system system /dev/cpuctl
+ chown system system /dev/cpuctl/tasks
+ chmod 0666 /dev/cpuctl/tasks
+ write /dev/cpuctl/cpu.shares 1024
+ write /dev/cpuctl/cpu.rt_runtime_us 950000
+ write /dev/cpuctl/cpu.rt_period_us 1000000
+
+ mkdir /dev/cpuctl/bg_non_interactive
+ chown system system /dev/cpuctl/bg_non_interactive/tasks
+ chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
+ # 5.0 %
+ write /dev/cpuctl/bg_non_interactive/cpu.shares 52
+ write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
+ write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
+
+ # sets up initial cpusets for ActivityManager
+ mkdir /dev/cpuset
+ mount cpuset none /dev/cpuset
+
+ # this ensures that the cpusets are present and usable, but the device's
+ # init.rc must actually set the correct cpus
+ mkdir /dev/cpuset/foreground
+ write /dev/cpuset/foreground/cpus 0
+ write /dev/cpuset/foreground/mems 0
+ mkdir /dev/cpuset/foreground/boost
+ write /dev/cpuset/foreground/boost/cpus 0
+ write /dev/cpuset/foreground/boost/mems 0
+ mkdir /dev/cpuset/background
+ write /dev/cpuset/background/cpus 0
+ write /dev/cpuset/background/mems 0
+
+ # system-background is for system tasks that should only run on
+ # little cores, not on bigs
+ # to be used only by init, so don't change system-bg permissions
+ mkdir /dev/cpuset/system-background
+ write /dev/cpuset/system-background/cpus 0
+ write /dev/cpuset/system-background/mems 0
+
+ # change permissions for all cpusets we'll touch at runtime
+ chown system system /dev/cpuset
+ chown system system /dev/cpuset/foreground
+ chown system system /dev/cpuset/foreground/boost
+ chown system system /dev/cpuset/background
+ chown system system /dev/cpuset/system-background
+ chown system system /dev/cpuset/tasks
+ chown system system /dev/cpuset/foreground/tasks
+ chown system system /dev/cpuset/foreground/boost/tasks
+ chown system system /dev/cpuset/background/tasks
+ chown system system /dev/cpuset/system-background/tasks
+
+ # set system-background to 0775 so SurfaceFlinger can touch it
+ chmod 0775 /dev/cpuset/system-background
+ chmod 0664 /dev/cpuset/foreground/tasks
+ chmod 0664 /dev/cpuset/foreground/boost/tasks
+ chmod 0664 /dev/cpuset/background/tasks
+ chmod 0664 /dev/cpuset/system-background/tasks
+ chmod 0664 /dev/cpuset/tasks
+
+
+ # qtaguid will limit access to specific data based on group memberships.
+ # net_bw_acct grants impersonation of socket owners.
+ # net_bw_stats grants access to other apps' detailed tagged-socket stats.
+ chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
+ chown root net_bw_stats /proc/net/xt_qtaguid/stats
+
+ # Allow everybody to read the xt_qtaguid resource tracking misc dev.
+ # This is needed by any process that uses socket tagging.
+ chmod 0644 /dev/xt_qtaguid
+
+ # Create location for fs_mgr to store abbreviated output from filesystem
+ # checker programs.
+ mkdir /dev/fscklogs 0770 root system
+
+ # pstore/ramoops previous console log
+ mount pstore pstore /sys/fs/pstore
+ chown system log /sys/fs/pstore/console-ramoops
+ chmod 0440 /sys/fs/pstore/console-ramoops
+ chown system log /sys/fs/pstore/pmsg-ramoops-0
+ chmod 0440 /sys/fs/pstore/pmsg-ramoops-0
+
+ # enable armv8_deprecated instruction hooks
+ write /proc/sys/abi/swp 1
+
+ # ion device
+ chmod 0666 /dev/ion
+ chmod 0660 /sys/bus/platform/drivers/gsensor/cpsdata
+ chmod 0660 /sys/bus/platform/drivers/gsensor/cpsrange
+ chmod 0660 /sys/bus/platform/drivers/gsensor/cpsbandwidth
+ chmod 0660 /sys/bus/platform/drivers/gsensor/cpsopmode
+ chmod 0660 /sys/bus/platform/drivers/gsensor/fifo_mode
+ chmod 0660 /sys/bus/platform/drivers/gsensor/fifo_data_frame
+ chmod 0660 /sys/bus/platform/drivers/gsensor/fifo_framecount
+ chown system system /sys/bus/platform/drivers/gsensor/cpsdata
+ chown system system /sys/bus/platform/drivers/gsensor/cpsrange
+ chown system system /sys/bus/platform/drivers/gsensor/cpsbandwidth
+ chown system system /sys/bus/platform/drivers/gsensor/cpsopmode
+ chown system system /sys/bus/platform/drivers/gsensor/fifo_mode
+ chown system system /sys/bus/platform/drivers/gsensor/fifo_data_frame
+ chown system system /sys/bus/platform/drivers/gsensor/fifo_framecount
+
+ # add for mag
+ chmod 0660 /sys/bus/platform/drivers/msensor/rawdata
+ chown system system /sys/bus/platform/drivers/msensor/rawdata
+ chmod 0660 /sys/bus/platform/drivers/msensor/daemon
+ chown system system /sys/bus/platform/drivers/msensor/daemon
+
+ # add for gyro
+ chmod 0660 /sys/bus/platform/drivers/gyroscope/rawdata
+ chmod 0660 /sys/bus/platform/drivers/gyroscope/datarate
+ chmod 0660 /sys/bus/platform/drivers/gyroscope/range
+ chmod 0660 /sys/bus/platform/drivers/gyroscope/powermode
+ chmod 0660 /sys/bus/platform/drivers/gyroscope/fifo_mode
+ chmod 0660 /sys/bus/platform/drivers/gyroscope/fifo_data_frame
+ chmod 0660 /sys/bus/platform/drivers/gyroscope/fifo_framecount
+ chown system system /sys/bus/platform/drivers/gyroscope/rawdata
+ chown system system /sys/bus/platform/drivers/gyroscope/datarate
+ chown system system /sys/bus/platform/drivers/gyroscope/range
+ chown system system /sys/bus/platform/drivers/gyroscope/powermode
+ chown system system /sys/bus/platform/drivers/gyroscope/fifo_mode
+ chown system system /sys/bus/platform/drivers/gyroscope/fifo_data_frame
+ chown system system /sys/bus/platform/drivers/gyroscope/fifo_framecount
+
+# Healthd can trigger a full boot from charger mode by signaling this
+# property when the power button is held.
+on property:sys.boot_from_charger_mode=1
+ class_stop charger
+ trigger late-init
+
+# Load properties from /system/ + /factory after fs mount.
+on load_system_props_action
+ load_system_props
+
+on load_persist_props_action
+ load_persist_props
+ start logd
+ start logd-reinit
+
+# Indicate to fw loaders that the relevant mounts are up.
+on firmware_mounts_complete
+ rm /dev/.booting
+
+# Mount filesystems and start core system services.
+on late-init
+ trigger early-fs
+ trigger fs
+ trigger post-fs
+
+ # Load properties from /system/ + /factory after fs mount. Place
+ # this in another action so that the load will be scheduled after the prior
+ # issued fs triggers have completed.
+ trigger load_system_props_action
+
+ # Now we can mount /data. File encryption requires keymaster to decrypt
+ # /data, which in turn can only be loaded when system properties are present
+ trigger post-fs-data
+ trigger load_persist_props_action
+
+ # Remove a file to wake up anything waiting for firmware.
+ trigger firmware_mounts_complete
+
+ trigger early-boot
+ trigger boot
+
+
+on post-fs
+ # once everything is setup, no need to modify /
+ mount rootfs rootfs / ro remount
+ # Mount shared so changes propagate into child namespaces
+ mount rootfs rootfs / shared rec
+ # Mount default storage into root namespace
+ mount none /mnt/runtime/default /storage slave bind rec
+
+ # We chown/chmod /cache again so because mount is run as root + defaults
+ chown system cache /cache
+ chmod 0770 /cache
+ # We restorecon /cache in case the cache partition has been reset.
+ restorecon_recursive /cache
+
+ # Create /cache/recovery in case it's not there. It'll also fix the odd
+ # permissions if created by the recovery system.
+ mkdir /cache/recovery 0770 system cache
+
+ #change permissions on vmallocinfo so we can grab it from bugreports
+ chown root log /proc/vmallocinfo
+ chmod 0440 /proc/vmallocinfo
+
+ chown root log /proc/slabinfo
+ chmod 0440 /proc/slabinfo
+
+ #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
+ chown root system /proc/kmsg
+ chmod 0440 /proc/kmsg
+ chown root system /proc/sysrq-trigger
+ chmod 0220 /proc/sysrq-trigger
+ chown system log /proc/last_kmsg
+ chmod 0440 /proc/last_kmsg
+
+ # make the selinux kernel policy world-readable
+ chmod 0444 /sys/fs/selinux/policy
+
+ # create the lost+found directories, so as to enforce our permissions
+ mkdir /cache/lost+found 0770 root root
+
+on post-fs-data
+ # We chown/chmod /data again so because mount is run as root + defaults
+ chown system system /data
+ chmod 0771 /data
+ # We restorecon /data in case the userdata partition has been reset.
+ restorecon /data
+
+ # Emulated internal storage area
+ mkdir /data/media 0770 media_rw media_rw
+
+ # Make sure we have the device encryption key
+ start vold
+ installkey /data
+
+ # Start bootcharting as soon as possible after the data partition is
+ # mounted to collect more data.
+ mkdir /data/bootchart 0755 shell shell
+ bootchart_init
+
+ # Avoid predictable entropy pool. Carry over entropy from previous boot.
+ copy /data/system/entropy.dat /dev/urandom
+
+ # create basic filesystem structure
+ mkdir /data/misc 01771 system misc
+ mkdir /data/misc/adb 02750 system shell
+ mkdir /data/misc/bluedroid 02770 bluetooth net_bt_stack
+ # Fix the access permissions and group ownership for 'bt_config.conf'
+ chmod 0660 /data/misc/bluedroid/bt_config.conf
+ chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf
+ mkdir /data/misc/bluetooth 0770 system system
+ mkdir /data/misc/keystore 0700 keystore keystore
+ mkdir /data/misc/gatekeeper 0700 system system
+ mkdir /data/misc/keychain 0771 system system
+ mkdir /data/misc/net 0750 root shell
+ mkdir /data/misc/radio 0770 system radio
+ mkdir /data/misc/sms 0770 system radio
+ mkdir /data/misc/zoneinfo 0775 system system
+ mkdir /data/misc/vpn 0770 system vpn
+ mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
+ mkdir /data/misc/systemkeys 0700 system system
+ mkdir /data/misc/wifi 0770 wifi wifi
+ mkdir /data/misc/wifi/sockets 0770 wifi wifi
+ mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
+ mkdir /data/misc/ethernet 0770 system system
+ mkdir /data/misc/dhcp 0770 dhcp dhcp
+ mkdir /data/misc/user 0771 root root
+ mkdir /data/misc/perfprofd 0775 root root
+ # give system access to wpa_supplicant.conf for backup and restore
+ chmod 0660 /data/misc/wifi/wpa_supplicant.conf
+ mkdir /data/local 0751 root root
+ mkdir /data/misc/media 0700 media media
+ mkdir /data/misc/vold 0700 root root
+
+ # For security reasons, /data/local/tmp should always be empty.
+ # Do not place files or directories in /data/local/tmp
+ mkdir /data/local/tmp 0771 shell shell
+ mkdir /data/data 0771 system system
+ mkdir /data/app-private 0771 system system
+ mkdir /data/app-asec 0700 root root
+ mkdir /data/app-lib 0771 system system
+ mkdir /data/app 0771 system system
+ mkdir /data/property 0700 root root
+ mkdir /data/tombstones 0771 system system
+
+ # create dalvik-cache, so as to enforce our permissions
+ mkdir /data/dalvik-cache 0771 root root
+ mkdir /data/dalvik-cache/profiles 0711 system system
+
+ # create resource-cache and double-check the perms
+ mkdir /data/resource-cache 0771 system system
+ chown system system /data/resource-cache
+ chmod 0771 /data/resource-cache
+
+ # create the lost+found directories, so as to enforce our permissions
+ mkdir /data/lost+found 0770 root root
+
+ # create directory for DRM plug-ins - give drm the read/write access to
+ # the following directory.
+ mkdir /data/drm 0770 drm drm
+
+ # create directory for MediaDrm plug-ins - give drm the read/write access to
+ # the following directory.
+ mkdir /data/mediadrm 0770 mediadrm mediadrm
+
+ mkdir /data/adb 0700 root root
+
+ # symlink to bugreport storage location
+ symlink /data/data/com.android.shell/files/bugreports /data/bugreports
+
+ # Separate location for storing security policy files on data
+ mkdir /data/security 0711 system system
+
+ # Create all remaining /data root dirs so that they are made through init
+ # and get proper encryption policy installed
+ mkdir /data/backup 0700 system system
+ mkdir /data/media 0770 media_rw media_rw
+ mkdir /data/ss 0700 system system
+ mkdir /data/system 0775 system system
+ mkdir /data/system/heapdump 0700 system system
+ mkdir /data/user 0711 system system
+
+ # add for mediaserver data
+ mkdir /data/mediaserver 0775 media media
+ restorecon /data/mediaserver
+
+ setusercryptopolicies /data/user
+
+ # Reload policy from /data/security if present.
+ setprop selinux.reload_policy 1
+
+ # Set SELinux security contexts on upgrade or policy update.
+ restorecon_recursive /data
+ restorecon /data/data
+ restorecon /data/user
+ restorecon /data/user/0
+
+ # Check any timezone data in /data is newer than the copy in /system, delete if not.
+ exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo
+
+ # If there is no fs-post-data action in the init.<device>.rc file, you
+ # must uncomment this line, otherwise encrypted filesystems
+ # won't work.
+ # Set indication (checked by vold) that we have finished this action
+ #setprop vold.post_fs_data_done 1
+
+on boot
+ # basic network init
+ ifup lo
+ hostname localhost
+ domainname localdomain
+
+ # set RLIMIT_NICE to allow priorities from 19 to -20
+ setrlimit 13 40 40
+
+ # Memory management. Basic kernel parameters, and allow the high
+ # level system server to be able to adjust the kernel OOM driver
+ # parameters to match how it is managing things.
+ write /proc/sys/vm/overcommit_memory 1
+ write /proc/sys/vm/min_free_order_shift 4
+ chown root system /sys/module/lowmemorykiller/parameters/adj
+ chmod 0664 /sys/module/lowmemorykiller/parameters/adj
+ chown root system /sys/module/lowmemorykiller/parameters/minfree
+ chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
+
+ # Tweak background writeout
+ write /proc/sys/vm/dirty_expire_centisecs 200
+ write /proc/sys/vm/dirty_background_ratio 5
+
+ # Permissions for System Server and daemons.
+ chown radio system /sys/android_power/state
+ chown radio system /sys/android_power/request_state
+ chown radio system /sys/android_power/acquire_full_wake_lock
+ chown radio system /sys/android_power/acquire_partial_wake_lock
+ chown radio system /sys/android_power/release_wake_lock
+ chown system system /sys/power/autosleep
+ chown system system /sys/power/state
+ chown system system /sys/power/wakeup_count
+ chown radio system /sys/power/wake_lock
+ chown radio system /sys/power/wake_unlock
+ chmod 0660 /sys/power/state
+ chmod 0660 /sys/power/wake_lock
+ chmod 0660 /sys/power/wake_unlock
+
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
+
+ # Assume SMP uses shared cpufreq policy for all CPUs
+ chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
+ chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
+
+ chown system system /sys/class/timed_output/vibrator/enable
+ chown system system /sys/class/leds/keyboard-backlight/brightness
+ chown system system /sys/class/leds/lcd-backlight/brightness
+ chown system system /sys/class/leds/torch-light/brightness
+ chown system system /sys/class/leds/button-backlight/brightness
+ chown system system /sys/class/leds/jogball-backlight/brightness
+ chown system system /sys/class/leds/red/brightness
+ chown system system /sys/class/leds/green/brightness
+ chown system system /sys/class/leds/blue/brightness
+ chown system system /sys/class/leds/red/device/grpfreq
+ chown system system /sys/class/leds/red/device/grppwm
+ chown system system /sys/class/leds/red/device/blink
+ chown system system /sys/class/timed_output/vibrator/enable
+ chown system system /sys/module/sco/parameters/disable_esco
+ chown system system /sys/kernel/ipv4/tcp_wmem_min
+ chown system system /sys/kernel/ipv4/tcp_wmem_def
+ chown system system /sys/kernel/ipv4/tcp_wmem_max
+ chown system system /sys/kernel/ipv4/tcp_rmem_min
+ chown system system /sys/kernel/ipv4/tcp_rmem_def
+ chown system system /sys/kernel/ipv4/tcp_rmem_max
+ chown root radio /proc/cmdline
+
+ # Define default initial receive window size in segments.
+ setprop net.tcp.default_init_rwnd 60
+
+ class_start core
+
+on nonencrypted
+ class_start main
+ class_start late_start
+
+on property:vold.decrypt=trigger_default_encryption
+ start defaultcrypto
+
+on property:vold.decrypt=trigger_encryption
+ start surfaceflinger
+ start encrypt
+
+on property:sys.init_log_level=*
+ loglevel ${sys.init_log_level}
+
+on charger
+ class_start charger
+
+on property:vold.decrypt=trigger_reset_main
+ class_reset main
+
+on property:vold.decrypt=trigger_load_persist_props
+ load_persist_props
+
+on property:vold.decrypt=trigger_post_fs_data
+ trigger post-fs-data
+
+on property:vold.decrypt=trigger_restart_min_framework
+ class_start main
+
+on property:vold.decrypt=trigger_restart_framework
+ class_start main
+ class_start late_start
+
+on property:vold.decrypt=trigger_shutdown_framework
+ class_reset late_start
+ class_reset main
+
+on property:sys.powerctl=*
+ powerctl ${sys.powerctl}
+
+# system server cannot write to /proc/sys files,
+# and chown/chmod does not work for /proc/sys/ entries.
+# So proxy writes through init.
+on property:sys.sysctl.extra_free_kbytes=*
+ write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
+
+# "tcp_default_init_rwnd" Is too long!
+on property:sys.sysctl.tcp_def_init_rwnd=*
+ write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
+
+
+## Daemon processes to be run by init.
+##
+service ueventd /sbin/ueventd
+ class core
+ critical
+ seclabel u:r:ueventd:s0
+
+service logd /system/bin/logd
+ class core
+ socket logd stream 0666 logd logd
+ socket logdr seqpacket 0666 logd logd
+ socket logdw dgram 0222 logd logd
+ group root system
+
+
+service healthd /sbin/healthd
+ class core
+ critical
+ seclabel u:r:healthd:s0
+ group root system
+
+service console /system/bin/sh
+ class core
+ console
+ disabled
+ user shell
+ group shell log
+ seclabel u:r:shell:s0
+
+on property:ro.debuggable=1
+ start console
+
+# adbd is controlled via property triggers in init.<platform>.usb.rc
+service adbd /sbin/adbd --root_seclabel=u:r:su:s0
+ class core
+ socket adbd stream 660 system system
+ disabled
+ seclabel u:r:adbd:s0
+
+# adbd on at boot in emulator
+on property:ro.kernel.qemu=1
+ start adbd
+
+service lmkd /system/bin/lmkd
+ class core
+ critical
+ socket lmkd seqpacket 0660 system system
+
+service servicemanager /system/bin/servicemanager
+ class core
+ user system
+ group system
+ critical
+ onrestart restart healthd
+ onrestart restart zygote
+ onrestart restart media
+ onrestart restart surfaceflinger
+ onrestart restart drm
+
+service vold /system/bin/vold \
+ --blkid_context=u:r:blkid:s0 --blkid_untrusted_context=u:r:blkid_untrusted:s0 \
+ --fsck_context=u:r:fsck:s0 --fsck_untrusted_context=u:r:fsck_untrusted:s0
+ class core
+ socket vold stream 0660 root mount
+ socket cryptd stream 0660 root mount
+ ioprio be 2
+
+service netd /system/bin/netd
+ class main
+ socket netd stream 0660 root system
+ socket dnsproxyd stream 0660 root inet
+ socket mdns stream 0660 root system
+ socket fwmarkd stream 0660 root inet
+
+service debuggerd /system/bin/debuggerd
+ class main
+
+service debuggerd64 /system/bin/debuggerd64
+ class main
+
+#service ril-daemon /system/bin/rild
+# class main
+# socket rild stream 660 root radio
+# socket sap_uim_socket1 stream 660 bluetooth bluetooth
+# socket rild-debug stream 660 radio system
+# user root
+# group radio cache inet misc audio log qcom_diag
+
+service surfaceflinger /system/bin/surfaceflinger
+ class core
+ user system
+ group graphics drmrpc
+ onrestart restart zygote
+
+service drm /system/bin/drmserver
+ class main
+ user drm
+ group drm system inet drmrpc sdcard_rw media_rw
+
+service media /system/bin/mediaserver
+ class main
+ user root
+ group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm media sdcard_r system net_bt_stack
+ ioprio rt 4
+
+# One shot invocation to deal with encrypted volume.
+service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
+ disabled
+ oneshot
+ # vold will set vold.decrypt to trigger_restart_framework (default
+ # encryption) or trigger_restart_min_framework (other encryption)
+
+# One shot invocation to encrypt unencrypted volumes
+service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default noui
+ disabled
+ oneshot
+ # vold will set vold.decrypt to trigger_restart_framework (default
+ # encryption)
+
+service bootanim /system/bin/bootanimation
+ class core
+ user graphics
+ group graphics media audio
+ disabled
+ oneshot
+
+service gatekeeperd /system/bin/gatekeeperd /data/misc/gatekeeper
+ class late_start
+ user system
+
+service installd /system/bin/installd
+ class main
+ socket installd stream 600 system system
+
+service flash_recovery /system/bin/install-recovery.sh
+ class main
+ oneshot
+ disabled
+
+# update recovery if enabled
+on property:persist.sys.recovery_update=true
+ start flash_recovery
+
+service racoon /system/bin/racoon
+ class main
+ socket racoon stream 600 system system
+ # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
+ group vpn net_admin inet
+ disabled
+ oneshot
+
+service mtpd /system/bin/mtpd
+ class main
+ socket mtpd stream 600 system system
+ user vpn
+ group vpn net_admin inet net_raw
+ disabled
+ oneshot
+
+service keystore /system/bin/keystore /data/misc/keystore
+ class main
+ user keystore
+ group keystore drmrpc
+
+service dumpstate /system/bin/dumpstate -s
+ class main
+ socket dumpstate stream 0660 shell log
+ disabled
+ oneshot
+
+service mdnsd /system/bin/mdnsd
+ class main
+ user mdnsr
+ group inet net_raw
+ socket mdnsd stream 0660 mdnsr inet
+ disabled
+ oneshot
+
+service uncrypt /system/bin/uncrypt
+ class main
+ disabled
+ oneshot
+
+service pre-recovery /system/bin/uncrypt --reboot
+ class main
+ disabled
+ oneshot
+
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-13 23:15:14 +0000