1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
|
# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#
import /init.environ.rc
import init.ssd.rc
import init.no_ssd.rc
import init.ssd_nomuser.rc
import init.fon.rc
import init.trustonic.rc
on early-init
# Set init and its forked children's oom_adj.
write /proc/1/oom_score_adj -1000
# Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
write /sys/fs/selinux/checkreqprot 0
# Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started.
setcon u:r:init:s0
# Set the security context of /adb_keys if present.
restorecon /adb_keys
start ueventd
# create mountpoints
mkdir /mnt 0775 root system
on init
sysclktz 0
loglevel 5
# Backward compatibility.
symlink /system/etc /etc
symlink /sys/kernel/debug /d
# Link /vendor to /system/vendor for devices without a vendor partition.
symlink /system/vendor /vendor
# Temp Backward compatibility
symlink /dev/block/platform/mtk-msdc.0/by-name/boot /dev/bootimg
symlink /dev/block/platform/mtk-msdc.0/by-name/recovery /dev/recovery
symlink /dev/block/platform/mtk-msdc.0/by-name/secro /dev/sec_ro
symlink /dev/block/platform/mtk-msdc.0/by-name/kb /dev/kb
symlink /dev/block/platform/mtk-msdc.0/by-name/dkb /dev/dkb
symlink /dev/block/platform/mtk-msdc.0/by-name/seccfg /dev/seccfg
symlink /dev/block/platform/mtk-msdc.0/by-name/proinfo /dev/pro_info
symlink /dev/block/platform/mtk-msdc.0/by-name/nvram /dev/nvram
symlink /dev/block/platform/mtk-msdc.0/by-name/para /dev/misc
symlink /dev/block/platform/mtk-msdc.0/by-name/logo /dev/logo
# Create cgroup mount point for cpu accounting
mkdir /acct
mount cgroup none /acct cpuacct
mkdir /acct/uid
mkdir /system
mkdir /data 0771 system system
mkdir /cache 0770 system cache
mkdir /config 0500 root root
mkdir /protect_f 0771 system system
mkdir /protect_s 0771 system system
#create mountpoint for persist partition
mkdir /persist 0771 system system
#Create nvdata mount point
mkdir /nvdata 0771 system system
#Create CIP mount point
mkdir /custom
# See storage config details at http://source.android.com/tech/storage/
mkdir /mnt/shell 0700 shell shell
mkdir /mnt/media_rw 0700 media_rw media_rw
mkdir /storage 0751 root sdcard_r
mkdir /mnt/cd-rom 0000 system system
# Directory for putting things only root should see.
mkdir /mnt/secure 0700 root root
# Directory for staging bindmounts
mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
mkdir /mnt/secure/asec 0700 root root
# Secure container public mount points.
mkdir /mnt/asec 0700 root system
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# Filesystem image public mount points.
mkdir /mnt/obb 0700 root system
mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
# Healthd can trigger a full boot from charger mode by signaling this
# property when the power button is held.
on property:sys.boot_from_charger_mode=1
class_stop charger
trigger late-init
# Load properties from /system/ + /factory after fs mount.
on load_all_props_action
load_system_props
load_persist_props
# Mount filesystems and start core system services.
on late-init
trigger early-fs
trigger fs
trigger post-fs
trigger post-fs-data
# Load properties from /system/ + /factory after fs mount. Place
# this in another action so that the load will be scheduled after the prior
# issued fs triggers have completed.
trigger load_all_props_action
trigger early-boot
trigger boot
on fs
write /proc/bootprof "INIT:Mount_START"
mount_all /fstab.mt6735
#change partition permissions
exec /system/bin/chmod 0640 /dev/block/platform/mtk-msdc.0/by-name/boot
exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/boot
exec /system/bin/chmod 0640 /dev/block/platform/mtk-msdc.0/by-name/recovery
exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/recovery
exec /system/bin/chmod 0640 /dev/block/platform/mtk-msdc.0/by-name/secro
exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/secro
exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/seccfg
exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/seccfg
exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/proinfo
exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/proinfo
exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/otp
exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/otp
exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/nvram
exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/nvram
exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/para
exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/para
exec /system/bin/chmod 0660 /dev/block/platform/mtk-msdc.0/by-name/logo
exec /system/bin/chown root:system /dev/block/platform/mtk-msdc.0/by-name/logo
write /proc/bootprof "INIT:Mount_END"
on post-fs
# once everything is setup, no need to modify /
mount rootfs rootfs / ro remount
# We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache
chmod 0770 /cache
# We restorecon /cache in case the cache partition has been reset.
restorecon_recursive /cache
chown system system /protect_f
chmod 0770 /protect_f
chown system system /protect_s
chmod 0770 /protect_s
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg
chmod 0440 /proc/kmsg
# make the selinux kernel policy world-readable
chmod 0444 /sys/fs/selinux/policy
# create the lost+found directories, so as to enforce our permissions
mkdir /cache/lost+found 0770 root root
on post-fs-data
# We chown/chmod /data again so because mount is run as root + defaults
chown system system /data
chmod 0771 /data
# We restorecon /data in case the userdata partition has been reset.
restorecon /data
chown system system /persist
chmod 0771 /persist
# create basic filesystem structure
#mkdir /data/nvram 2770 root system
# We chown/chmod /nvdata again so because mount is run as root + defaults
chown root system /nvdata
chmod 2770 /nvdata
symlink /nvdata /data/nvram
# Set SELinux security contexts on upgrade or policy update.
restorecon_recursive /nvdata
mkdir /data/misc 01771 system misc
mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/systemkeys 0700 system system
# give system access to wpa_supplicant.conf for backup and restore
mkdir /data/misc/wifi 0770 wifi wifi
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
chmod 0660 /data/misc/wifi/p2p_supplicant.conf
mkdir /data/local 0751 root root
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app-asec 0700 root root
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
mkdir /data/ssh 0750 root shell
mkdir /data/ssh/empty 0700 root root
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770
# double check the perms, in case lost+found already exists, and set owner
chown root root /data/lost+found
chmod 0770 /data/lost+found
# H264 Decoder
chmod 777 /dev/MT6516_H264_DEC
# Internal SRAM Driver
chmod 777 /dev/MT6516_Int_SRAM
# MM QUEUE Driver
chmod 777 /dev/MT6516_MM_QUEUE
# MPEG4 Decoder
chmod 777 /dev/MT6516_MP4_DEC
# MPEG4 Encoder
chmod 777 /dev/MT6516_MP4_ENC
# OpenCORE proxy config
chmod 0666 /data/http-proxy-cfg
# OpenCORE player config
chmod 0666 /etc/player.cfg
# WiFi
mkdir /data/misc/wifi 0770 system wifi
mkdir /data/misc/wifi/sockets 0770 system wifi
mkdir /data/misc/dhcp 0770 dhcp dhcp
chown dhcp dhcp /data/misc/dhcp
chmod 0660 /sys/class/rfkill/rfkill1/state
chown system system /sys/class/rfkill/rfkill1/state
# Turn off wifi by default
write /sys/class/rfkill/rfkill1/state 0
#otp
chmod 0660 /dev/otp
chown root system /dev/otp
# Touch Panel
chown system system /sys/touchpanel/calibration
chmod 0660 /sys/touchpanel/calibration
chmod 0664 /dev/pmem_multimedia
chmod 0664 /dev/mt6516-isp
chmod 0664 /dev/mt6516-IDP
chmod 0664 /dev/mt9p012
chmod 0664 /dev/mt6516_jpeg
# RTC
mkdir /data/misc/rtc 0770 system system
# M4U
#insmod /system/lib/modules/m4u.ko
#mknod /dev/M4U_device c 188 0
chmod 0444 /dev/M4U_device
# Sensor
chmod 0666 /dev/sensor
# GPIO
chmod 0666 /dev/mtgpio
# Android SEC related device nodes
chmod 0660 /dev/sec
chown root system /dev/sec
# device info interface
chmod 0440 /dev/devmap
chown root system /dev/devmap
chmod 0666 /dev/exm0
# Separate location for storing security policy files on data
mkdir /data/security 0711 system system
# Reload policy from /data/security if present.
setprop selinux.reload_policy 1
# Set SELinux security contexts on upgrade or policy update.
restorecon_recursive /data
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# Set indication (checked by vold) that we have finished this action
setprop vold.post_fs_data_done 1
on boot
# basic network init
ifup lo
hostname localhost
domainname localdomain
class_start default
class_start core
on nonencrypted
class_start main
class_start late_start
on property:vold.decrypt=trigger_default_encryption
start defaultcrypto
on property:vold.decrypt=trigger_encryption
start surfaceflinger
start encrypt
on property:vold.decrypt=trigger_reset_main
class_reset main
on property:vold.decrypt=trigger_load_persist_props
load_persist_props
on property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data
on property:vold.decrypt=trigger_restart_min_framework
class_start main
on property:vold.decrypt=trigger_restart_framework
start nvram_daemon
class_start main
class_start late_start
start permission_check
on property:vold.decrypt=trigger_shutdown_framework
class_reset late_start
class_reset main
service ueventd /sbin/ueventd
class core
critical
seclabel u:r:ueventd:s0
service logd /system/bin/logd
class core
socket logd stream 0666 logd logd
socket logdr seqpacket 0666 logd logd
socket logdw dgram 0222 logd logd
seclabel u:r:logd:s0
service console /system/bin/sh
class core
console
disabled
user shell
group shell log
seclabel u:r:shell:s0
on property:sys.powerctl=*
powerctl ${sys.powerctl}
on property:ro.debuggable=1
start console
# adbd is controlled via property triggers in init.<platform>.usb.rc
service adbd /sbin/adbd --root_seclabel=u:r:su:s0
class core
socket adbd stream 660 system system
disabled
seclabel u:r:adbd:s0
service vold /system/bin/vold
class core
socket vold stream 0660 root mount
ioprio be 2
# One shot invocation to deal with encrypted volume.
service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
disabled
oneshot
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption) or trigger_restart_min_framework (other encryption)
# One shot invocation to encrypt unencrypted volumes
service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
disabled
oneshot
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption)
service meta_tst /vendor/bin/meta_tst
service nvram_daemon /vendor/bin/nvram_daemon
class main
user root
group system
oneshot
service debuggerd /system/bin/debuggerd
class main
service debuggerd64 /system/bin/debuggerd64
class main
#mass_storage,adb,acm
on property:ro.boot.usbconfig=0
write /sys/class/android_usb/android0/iSerial $ro.serialno
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 0e8d
write /sys/class/android_usb/android0/idProduct 2006
write /sys/class/android_usb/android0/f_acm/instances 1
write /sys/class/android_usb/android0/functions mass_storage,adb,acm
write /sys/class/android_usb/android0/enable 1
start adbd
#acm
on property:ro.boot.usbconfig=1
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/iSerial " "
write /sys/class/android_usb/android0/idVendor 0e8d
write /sys/class/android_usb/android0/idProduct 2007
write /sys/class/android_usb/android0/f_acm/instances 1
write /sys/class/android_usb/android0/functions acm
write /sys/class/android_usb/android0/bDeviceClass 02
write /sys/class/android_usb/android0/enable 1
|
