aboutsummaryrefslogtreecommitdiff
path: root/rootdir/meta_init.rc
diff options
context:
space:
mode:
Diffstat (limited to 'rootdir/meta_init.rc')
-rw-r--r--rootdir/meta_init.rc497
1 files changed, 497 insertions, 0 deletions
diff --git a/rootdir/meta_init.rc b/rootdir/meta_init.rc
new file mode 100644
index 0000000..bdadd70
--- /dev/null
+++ b/rootdir/meta_init.rc
@@ -0,0 +1,497 @@
+# Copyright (C) 2012 The Android Open Source Project
+#
+# IMPORTANT: Do not create world writable files or directories.
+# This is a common source of Android security bugs.
+#
+import /init.environ.rc
+import init.ssd.rc
+import init.no_ssd.rc
+import init.ssd_nomuser.rc
+import init.fon.rc
+import init.trustonic.rc
+
+on early-init
+ # Set init and its forked children's oom_adj.
+ write /proc/1/oom_score_adj -1000
+
+ # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
+ write /sys/fs/selinux/checkreqprot 0
+
+ # Set the security context for the init process.
+ # This should occur before anything else (e.g. ueventd) is started.
+ setcon u:r:init:s0
+
+ # Set the security context of /adb_keys if present.
+ restorecon /adb_keys
+
+ start ueventd
+
+# create mountpoints
+ mkdir /mnt 0775 root system
+
+on init
+ sysclktz 0
+
+loglevel 5
+ write /proc/bootprof "INIT: on init start"
+
+ # Backward compatibility.
+ symlink /system/etc /etc
+ symlink /sys/kernel/debug /d
+
+ # Link /vendor to /system/vendor for devices without a vendor partition.
+ symlink /system/vendor /vendor
+
+# Temp Backward compatibility
+ symlink /dev/block/platform/mtk-msdc.0/by-name/boot /dev/bootimg
+ symlink /dev/block/platform/mtk-msdc.0/by-name/recovery /dev/recovery
+ symlink /dev/block/platform/mtk-msdc.0/by-name/secro /dev/sec_ro
+ symlink /dev/block/platform/mtk-msdc.0/by-name/kb /dev/kb
+ symlink /dev/block/platform/mtk-msdc.0/by-name/dkb /dev/dkb
+ symlink /dev/block/platform/mtk-msdc.0/by-name/seccfg /dev/seccfg
+ symlink /dev/block/platform/mtk-msdc.0/by-name/proinfo /dev/pro_info
+ symlink /dev/block/platform/mtk-msdc.0/by-name/nvram /dev/nvram
+ symlink /dev/block/platform/mtk-msdc.0/by-name/para /dev/misc
+ symlink /dev/block/platform/mtk-msdc.0/by-name/logo /dev/logo
+# Create cgroup mount point for cpu accounting
+ mkdir /acct
+ mount cgroup none /acct cpuacct
+ mkdir /acct/uid
+
+ mkdir /system
+ mkdir /data 0771 system system
+ mkdir /cache 0770 system cache
+ mkdir /config 0500 root root
+
+ # Mount staging areas for devices managed by vold
+ # See storage config details at http://source.android.com/tech/storage/
+ mkdir /mnt 0755 root system
+ mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000
+ restorecon_recursive /mnt
+ # Support legacy paths
+ symlink /sdcard /mnt/sdcard
+
+
+ mkdir /mnt/secure 0700 root root
+ mkdir /mnt/secure/asec 0700 root root
+ mkdir /mnt/asec 0755 root system
+ mkdir /mnt/obb 0755 root system
+ mkdir /mnt/media_rw 0750 root media_rw
+ mkdir /mnt/user 0755 root root
+ mkdir /mnt/user/0 0755 root root
+ mkdir /mnt/expand 0771 system system
+
+ # Storage views to support runtime permissions
+ mkdir /storage 0755 root root
+ mkdir /mnt/runtime 0700 root root
+ mkdir /mnt/runtime/default 0755 root root
+ mkdir /mnt/runtime/default/self 0755 root root
+ mkdir /mnt/runtime/read 0755 root root
+ mkdir /mnt/runtime/read/self 0755 root root
+ mkdir /mnt/runtime/write 0755 root root
+ mkdir /mnt/runtime/write/self 0755 root root
+
+ # Symlink to keep legacy apps working in multi-user world
+ symlink /storage/self/primary /sdcard
+ symlink /mnt/user/0/primary /mnt/runtime/default/self/primary
+
+ write /proc/sys/kernel/panic_on_oops 1
+ write /proc/sys/kernel/hung_task_timeout_secs 0
+ write /proc/cpu/alignment 4
+ write /proc/sys/kernel/sched_latency_ns 10000000
+ write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
+ write /proc/sys/kernel/sched_compat_yield 1
+
+#INTERNAL_START
+ mkdir /protect_f 0771 system system
+ mkdir /protect_s 0771 system system
+ #create mountpoint for persist partition
+ mkdir /persist 0771 system system
+ #Create nvdata mount point
+ mkdir /nvdata 0771 system system
+
+ #Create CIP mount point
+ mkdir /custom
+
+ # See storage config details at http://source.android.com/tech/storage/
+ mkdir /mnt/shell 0700 shell shell
+ mkdir /mnt/media_rw 0700 media_rw media_rw
+ mkdir /storage 0751 root sdcard_r
+
+ mkdir /mnt/cd-rom 0000 system system
+
+
+# Healthd can trigger a full boot from charger mode by signaling this
+# property when the power button is held.
+on property:sys.boot_from_charger_mode=1
+ class_stop charger
+ trigger late-init
+
+# Load properties from /system/ + /factory after fs mount.
+on load_all_props_action
+ load_system_props
+ load_persist_props
+
+# Mount filesystems and start core system services.
+on late-init
+ trigger early-fs
+ trigger fs
+ trigger post-fs
+ trigger post-fs-data
+
+ # Load properties from /system/ + /factory after fs mount. Place
+ # this in another action so that the load will be scheduled after the prior
+ # issued fs triggers have completed.
+ trigger load_all_props_action
+
+ trigger early-boot
+ trigger boot
+
+on fs
+ write /proc/bootprof "INIT:Mount_START"
+ mount_all /fstab.mt6735
+
+ #change partition permissions
+ exec /system/bin/chmod 0640 /dev/block/platform/mtk-msdc.0/by-name/boot
+ exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/boot
+ exec /system/bin/chmod 0640 /dev/block/platform/mtk-msdc.0/by-name/recovery
+ exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/recovery
+ exec /system/bin/chmod 0640 /dev/block/platform/mtk-msdc.0/by-name/secro
+ exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/secro
+ exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/seccfg
+ exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/seccfg
+ exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/proinfo
+ exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/proinfo
+ exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/otp
+ exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/otp
+ exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/nvram
+ exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/nvram
+ exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/para
+ exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/para
+ exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/logo
+ exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/logo
+ write /proc/bootprof "INIT:Mount_END"
+
+on post-fs
+ # once everything is setup, no need to modify /
+ mount rootfs rootfs / ro remount
+
+ # We chown/chmod /cache again so because mount is run as root + defaults
+ chown system cache /cache
+ chmod 0770 /cache
+ # We restorecon /cache in case the cache partition has been reset.
+ restorecon_recursive /cache
+
+ #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
+ chown root system /proc/kmsg
+ chmod 0440 /proc/kmsg
+
+ # make the selinux kernel policy world-readable
+ chmod 0444 /sys/fs/selinux/policy
+
+ # create the lost+found directories, so as to enforce our permissions
+ mkdir /cache/lost+found 0770 root root
+
+#INTERNAL_START
+ chown system system /protect_f
+ chmod 0770 /protect_f
+
+ chown system system /protect_s
+ chmod 0770 /protect_s
+
+ chown system system /persist
+ chmod 0770 /persist
+
+ chown system system /custom
+ chmod 0770 /custom
+#INTERNAL_END
+
+on post-fs-data
+ # We chown/chmod /data again so because mount is run as root + defaults
+ chown system system /data
+ chmod 0771 /data
+ # We restorecon /data in case the userdata partition has been reset.
+ restorecon /data
+
+ # create basic filesystem structure
+ chown root system /nvdata
+ chmod 2770 /nvdata
+ symlink /nvdata /data/nvram
+
+ # Set SELinux security contexts on upgrade or policy update.
+ restorecon_recursive /nvdata
+
+ mkdir /data/misc 01771 system misc
+ mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
+ mkdir /data/misc/bluedroid 02770 bluetooth net_bt_stack
+ # Fix the access permissions and group ownership for 'bt_config.conf'
+ chmod 0660 /data/misc/bluedroid/bt_config.conf
+ chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf
+ mkdir /data/misc/bluetooth 0770 system system
+ mkdir /data/misc/keystore 0700 keystore keystore
+ mkdir /data/misc/keychain 0771 system system
+ mkdir /data/misc/vpn 0770 system vpn
+ mkdir /data/misc/systemkeys 0700 system system
+ mkdir /data/misc/wifi 0770 wifi wifi
+ mkdir /data/misc/wifi/sockets 0770 wifi wifi
+ mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
+ mkdir /data/misc/ethernet 0770 system system
+ mkdir /data/misc/dhcp 0770 dhcp dhcp
+ mkdir /data/misc/user 0771 root root
+ mkdir /data/misc/perfprofd 0775 root root
+ # give system access to wpa_supplicant.conf for backup and restore
+ mkdir /data/misc/wifi 0770 wifi wifi
+ chmod 0660 /data/misc/wifi/wpa_supplicant.conf
+ chmod 0660 /data/misc/wifi/p2p_supplicant.conf
+ mkdir /data/local 0751 root root
+ mkdir /data/misc/media 0700 media media
+ mkdir /data/misc/vold 0700 root root
+
+ # For security reasons, /data/local/tmp should always be empty.
+ # Do not place files or directories in /data/local/tmp
+ mkdir /data/local/tmp 0771 shell shell
+ mkdir /data/data 0771 system system
+ mkdir /data/app-private 0771 system system
+ mkdir /data/app-asec 0700 root root
+ mkdir /data/app 0771 system system
+ mkdir /data/property 0700 root root
+ mkdir /data/tombstones 0771 system system
+ mkdir /data/ssh 0750 root shell
+ mkdir /data/ssh/empty 0700 root root
+
+ # create the lost+found directories, so as to enforce our permissions
+ mkdir /data/lost+found 0770
+
+ # double check the perms, in case lost+found already exists, and set owner
+ chown root root /data/lost+found
+ chmod 0770 /data/lost+found
+
+ # H264 Decoder
+ chmod 777 /dev/MT6516_H264_DEC
+
+ # Internal SRAM Driver
+ chmod 777 /dev/MT6516_Int_SRAM
+
+ # MM QUEUE Driver
+ chmod 777 /dev/MT6516_MM_QUEUE
+
+ # MPEG4 Decoder
+ chmod 777 /dev/MT6516_MP4_DEC
+
+ # MPEG4 Encoder
+ chmod 777 /dev/MT6516_MP4_ENC
+
+ # OpenCORE proxy config
+ chmod 0666 /data/http-proxy-cfg
+
+ # OpenCORE player config
+ chmod 0666 /etc/player.cfg
+
+ # WiFi
+ mkdir /data/misc/wifi 0770 system wifi
+ mkdir /data/misc/wifi/sockets 0770 system wifi
+ mkdir /data/misc/dhcp 0770 dhcp dhcp
+ chown dhcp dhcp /data/misc/dhcp
+ #give system access to rfkill device node
+ chmod 0660 /sys/class/rfkill/rfkill1/state
+ chown system system /sys/class/rfkill/rfkill1/state
+ # Turn off wifi by default
+ write /sys/class/rfkill/rfkill1/state 0
+
+ #otp
+ chmod 0660 /dev/otp
+ chown root system /dev/otp
+
+ # Touch Panel
+ chown system system /sys/touchpanel/calibration
+ chmod 0660 /sys/touchpanel/calibration
+
+ chmod 0777 /dev/pmem_multimedia
+ chmod 0777 /dev/mt6516-isp
+ chmod 0777 /dev/mt6516-IDP
+ chmod 0777 /dev/mt9p012
+ chmod 0777 /dev/mt6516_jpeg
+ # RTC
+ mkdir /data/misc/rtc 0770 system system
+
+
+ # M4U
+ #insmod /system/lib/modules/m4u.ko
+ #mknod /dev/M4U_device c 188 0
+ chmod 0444 /dev/M4U_device
+
+ # Sensor
+ chmod 0666 /dev/sensor
+
+ # GPIO
+ chmod 0666 /dev/mtgpio
+
+ # Android SEC related device nodes
+ chmod 0660 /dev/sec
+ chown root system /dev/sec
+
+ # device info interface
+ chmod 0440 /dev/devmap
+ chown root system /dev/devmap
+
+
+ #change partition permission
+ exec /system/etc/partition_permission.sh
+
+ chmod 0666 /dev/exm0
+
+ # Separate location for storing security policy files on data
+ mkdir /data/security 0711 system system
+
+ # Reload policy from /data/security if present.
+ setprop selinux.reload_policy 1
+
+ # Set SELinux security contexts on upgrade or policy update.
+ restorecon_recursive /data
+
+ # If there is no fs-post-data action in the init.<device>.rc file, you
+ # must uncomment this line, otherwise encrypted filesystems
+ # won't work.
+ # Set indication (checked by vold) that we have finished this action
+ setprop vold.post_fs_data_done 1
+
+on boot
+
+
+# basic network init
+ ifup lo
+ hostname localhost
+ domainname localdomain
+
+ class_start default
+ class_start core
+
+on nonencrypted
+ class_start main
+ class_start late_start
+
+on property:vold.decrypt=trigger_default_encryption
+ start defaultcrypto
+
+on property:vold.decrypt=trigger_encryption
+ start surfaceflinger
+ start encrypt
+
+on property:vold.decrypt=trigger_reset_main
+ class_reset main
+
+on property:vold.decrypt=trigger_load_persist_props
+ load_persist_props
+
+on property:vold.decrypt=trigger_post_fs_data
+ trigger post-fs-data
+
+on property:vold.decrypt=trigger_restart_min_framework
+ class_start main
+
+on property:vold.decrypt=trigger_restart_framework
+ start nvram_daemon
+ class_start main
+ class_start late_start
+ start permission_check
+
+on property:vold.decrypt=trigger_shutdown_framework
+ class_reset late_start
+ class_reset main
+
+service ueventd /sbin/ueventd
+ class core
+ critical
+ seclabel u:r:ueventd:s0
+
+service logd /system/bin/logd
+ class core
+ socket logd stream 0666 logd logd
+ socket logdr seqpacket 0666 logd logd
+ socket logdw dgram 0222 logd logd
+ seclabel u:r:logd:s0
+
+service console /system/bin/sh
+ class core
+ console
+ disabled
+ user shell
+ group shell log
+ seclabel u:r:shell:s0
+
+on property:sys.powerctl=*
+ powerctl ${sys.powerctl}
+
+on property:ro.debuggable=1
+ start console
+
+# adbd is controlled via property triggers in init.<platform>.usb.rc
+service adbd /sbin/adbd --root_seclabel=u:r:su:s0
+ class core
+ socket adbd stream 660 system system
+ disabled
+ seclabel u:r:adbd:s0
+
+service vold /system/bin/vold
+ class core
+ socket vold stream 0660 root mount
+ ioprio be 2
+
+service debuggerd /system/bin/debuggerd
+ class main
+
+service debuggerd64 /system/bin/debuggerd64
+ class main
+
+# One shot invocation to deal with encrypted volume.
+service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
+ disabled
+ oneshot
+ # vold will set vold.decrypt to trigger_restart_framework (default
+ # encryption) or trigger_restart_min_framework (other encryption)
+
+# One shot invocation to encrypt unencrypted volumes
+service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
+ disabled
+ oneshot
+ # vold will set vold.decrypt to trigger_restart_framework (default
+ # encryption)
+
+service meta_tst /system/bin/meta_tst
+
+service nvram_daemon /system/bin/nvram_daemon
+ class main
+ user root
+ group system
+ oneshot
+
+service mobile_log_d /system/bin/mobile_log_d
+ class main
+
+on property:ro.boot.mblogenable=0
+ stop mobile_log_d
+
+on property:ro.boot.mblogenable=1
+ start mobile_log_d
+
+#mass_storage,adb,acm
+on property:ro.boot.usbconfig=0
+ write /sys/class/android_usb/android0/iSerial $ro.serialno
+ write /sys/class/android_usb/android0/enable 0
+ write /sys/class/android_usb/android0/idVendor 0e8d
+ write /sys/class/android_usb/android0/idProduct 2006
+ write /sys/class/android_usb/android0/f_acm/instances 1
+ write /sys/class/android_usb/android0/functions mass_storage,adb,acm
+ write /sys/class/android_usb/android0/enable 1
+ start adbd
+
+#acm
+on property:ro.boot.usbconfig=1
+ write /sys/class/android_usb/android0/enable 0
+ write /sys/class/android_usb/android0/iSerial " "
+ write /sys/class/android_usb/android0/idVendor 0e8d
+ write /sys/class/android_usb/android0/idProduct 2007
+ write /sys/class/android_usb/android0/f_acm/instances 1
+ write /sys/class/android_usb/android0/functions acm
+ write /sys/class/android_usb/android0/bDeviceClass 02
+ write /sys/class/android_usb/android0/enable 1
generated by cgit v1.2.3 (git 2.39.1) at 2026-03-13 23:13:56 +0000