-
Notifications
You must be signed in to change notification settings - Fork 0
/
init.rc
executable file
·981 lines (826 loc) · 31.9 KB
/
init.rc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#
import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.trace.rc
import /init.container.rc
import /init.carrier.rc
on early-init
# Set init and its forked children's oom_adj.
write /proc/1/oom_adj -16
write /sys/block/mmcblk0/queue/scheduler noop
# Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started.
setcon u:r:init:s0
start ueventd
# create mountpoints
mkdir /mnt 0775 root system
# Allow system UID to setenforce and set booleans.
chown system system /sys/fs/selinux/enforce
chown -R system system /sys/fs/selinux/booleans
chown system system /sys/fs/selinux/commit_pending_bools
on init
ffu
setenforce 0
sysclktz 0
loglevel 3
# for audit message
chown system system /proc/avc_msg
chmod 0660 /proc/avc_msg
# Vibetonz
export VIBE_PIPE_PATH /dev/pipes
mkdir /dev/pipes 0771 vibe vibe
restorecon /dev/pipes
# Backward compatibility
symlink /system/etc /etc
symlink /sys/kernel/debug /d
# Right now vendor lives on the same filesystem as system,
# but someday that may change.
symlink /system/vendor /vendor
# Create cgroup mount point for cpu accounting
mkdir /acct
mount cgroup none /acct cpuacct
mkdir /acct/uid
# Create cgroup mount point for memory
mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
mkdir /sys/fs/cgroup/memory 0750 root system
mount cgroup none /sys/fs/cgroup/memory memory
write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/tasks
chmod 0660 /sys/fs/cgroup/memory/tasks
mkdir /sys/fs/cgroup/memory/sw 0750 root system
write /sys/fs/cgroup/memory/sw/memory.swappiness 100
write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/sw/tasks
chmod 0660 /sys/fs/cgroup/memory/sw/tasks
mkdir /.system
mkdir /system
mkdir /data 0771 system system
mkdir /cache 0770 system cache
mkdir /config 0500 root root
# See storage config details at http://source.android.com/tech/storage/
# [ SEC_MM_DRM
mkdir /mnt/shell 0750 shell shell
# ]
mkdir /mnt/media_rw 0700 media_rw media_rw
mkdir /storage 0751 root sdcard_r
# Directory for putting things only root should see.
mkdir /mnt/secure 0700 root root
# Create private mountpoint so we can MS_MOVE from staging
mount tmpfs tmpfs /mnt/secure mode=0700,uid=0,gid=0
# Create mountpoint so Dalvik can mark as slave in zygotes.
# And this allow CIFS mounting and other app databases.
mkdir /mnt/shell/emulated 0700 shell shell
mount tmpfs tmpfs /storage mode=0751,uid=0,gid=1028
mount tmpfs tmpfs /mnt/shell/emulated mode=0700,uid=0,gid=0
# Directory for staging bindmounts
mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
mkdir /mnt/secure/asec 0700 root root
mount tmpfs tmpfs /mnt/secure/asec mode=0700,uid=0,gid=0
# Secure container public mount points.
mkdir /mnt/asec 0700 root system
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# Filesystem image public mount points.
mkdir /mnt/obb 0700 root system
mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/kernel/dmesg_restrict 1
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
write /proc/sys/kernel/sched_rt_runtime_us 950000
write /proc/sys/kernel/sched_rt_period_us 1000000
# Create cgroup mount points for process groups
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
chown system system /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0660 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
write /dev/cpuctl/cpu.rt_runtime_us 950000
write /dev/cpuctl/cpu.rt_period_us 1000000
mkdir /dev/cpuctl/apps
chown system system /dev/cpuctl/apps/tasks
chmod 0666 /dev/cpuctl/apps/tasks
write /dev/cpuctl/apps/cpu.shares 1024
write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
write /dev/cpuctl/apps/cpu.rt_period_us 1000000
mkdir /dev/cpuctl/apps/bg_non_interactive
chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
# 5.0 %
write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.
chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
chown root net_bw_stats /proc/net/xt_qtaguid/stats
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
chmod 0644 /dev/xt_qtaguid
# Create location for fs_mgr to store abbreviated output from filesystem
# checker programs.
mkdir /dev/fscklogs 0770 root system
# To sync between sdcard & installd
setprop installd.sdcard_manipulate_done 0
on post-fs
# once everything is setup, no need to modify /
mount rootfs rootfs / ro remount
# mount shared so changes propagate into child namespaces
mount rootfs rootfs / shared rec
mount tmpfs tmpfs /mnt/secure private rec
mount tmpfs tmpfs /mnt/secure/asec shared rec
# We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache
chmod 0770 /cache
# We restorecon /cache in case the cache partition has been reset.
restorecon /cache
# This may have been created by the recovery system with odd permissions
chown system cache /cache/recovery
chmod 0770 /cache/recovery
# This may have been created by the recovery system with the wrong context.
restorecon /cache/recovery
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
chown root log /proc/slabinfo
chmod 0440 /proc/slabinfo
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg
chmod 0440 /proc/kmsg
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
chown system log /proc/last_kmsg
chmod 0440 /proc/last_kmsg
# create the lost+found directories, so as to enforce our permissions
mkdir /cache/lost+found 0770 root root
on post-fs-data
# Reload SE Android Policy
setprop selinux.reload_policy 1
# We chown/chmod /data again so because mount is run as root + defaults
chown system system /data
chmod 0771 /data
# We restorecon /data in case the userdata partition has been reset.
restorecon /data
# Avoid predictable entropy pool. Carry over entropy from previous boot.
copy /data/system/entropy.dat /dev/frandom
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
mkdir /data/dontpanic 0750 root log
# Collect apanic data, free resources and re-arm trigger
copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console
copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads
write /proc/apanic_console 1
# create basic filesystem structure
mkdir /data/misc 01771 system misc
mkdir /data/misc/audit 02775 audit system
mkdir /data/misc/adb 02750 system shell
mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/radio 0771 system radio
mkdir /data/misc/sms 0770 system radio
mkdir /data/misc/zoneinfo 0775 system system
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/jack 0770 jack system
mkdir /data/local 0751 root root
mkdir /data/misc/media 0700 media media
# icd
check_icd
chown system system /dev/icd
chmod 0644 /dev/icd
chown system system /dev/icdr
chmod 0644 /dev/icdr
chown system system /dev/tzic
#SideSync
chown system system /dev/android_ssusbcon
chmod 0660 /dev/android_ssusbcon
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app-asec 0700 root root
mkdir /data/app-lib 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0755 root root
mkdir /data/ssh 0750 root shell
mkdir /data/ssh/empty 0700 root root
mkdir /data/system 0775 system system
mkdir /data/system/container 0700 system system
restorecon -R /data/system
# SA, System SW, SAMSUNG create log directory
mkdir /data/log 0775 system log
chown system log /data/log
mkdir /data/anr 0775 system system
chown system system /data/anr
chmod 0775 /data/log
chmod 0775 /data/anr
restorecon /data/log
restorecon /data/anr
# create dalvik-cache, so as to enforce our permissions
mkdir /data/dalvik-cache 0771 system system
# create resource-cache and double-check the perms
mkdir /data/resource-cache 0771 system system
chown system system /data/resource-cache
chmod 0771 /data/resource-cache
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770 root root
restorecon /data/lost+found
# create directory for DRM plug-ins - give drm the read/write access to
# the following directory.
mkdir /data/drm 0770 drm drm
# create directory for MediaDrm plug-ins - give drm the read/write access to
# the following directory.
mkdir /data/mediadrm 0770 mediadrm mediadrm
# [ SEC_MM_DRM
# sdrm
mkdir /efs/drm 0774 drm system
mkdir /efs/drm/sdrm 0774 drm system
mkdir /efs/drm/sdrm/data_agent 0774 drm system
restorecon /efs/drm
restorecon /efs/drm/sdrm
restorecon /efs/drm/data_agent
# DRM directory creation
mkdir /system/etc/security/.drm 0775
chown root root /system/etc/security/.drm
chmod 0775 /system/etc/security/.drm
# Added for Playready DRM Support
mkdir /data/data/.drm 0775
chown drm system /data/data/.drm
chmod 0775 /data/data/.drm
mkdir /data/data/.drm/.playready 0775
chown drm system /data/data/.drm/.playready
chmod 0775 /data/data/.drm/.playready
# Added drm folder to copy drm plugins
mkdir /system/lib/drm 0775
chown root root /system/lib/drm
chmod 0775 /system/lib/drm
# DivX DRM
mkdir /efs/.files 0775
mkdir /efs/.files/.dx1 0775
mkdir /efs/.files/.dm33 0775
mkdir /efs/.files/.mp301 0775
chown media system /efs/.files/.dx1
chown media system /efs/.files/.dm33
chown media system /efs/.files/.mp301
chmod 0775 /efs/.files/.dx1
chmod 0775 /efs/.files/.dm33
chmod 0775 /efs/.files/.mp301
restorecon -R /efs
#]
# MTP permission
chmod 0660 /dev/usb_mtp_gadget
chown system mtp /dev/usb_mtp_gadget
# symlink to bugreport storage location
symlink /data/data/com.android.shell/files/bugreports /data/bugreports
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1
# Separate location for storing security policy files on data
mkdir /data/security 0711 system system
mkdir /data/security/spota 0711 system system
mkdir /data/security/booleans 0711 system system
mkdir /data/security/good 0700 system system
mkdir /data/security/stig 0700 system system
mkdir /data/security/mycontainer 0700 system system
# Restorecon for backup data file
mkdir /data/backup 0700 system system
restorecon /data/backup
on boot
setprop wifi.interface wlan0
# basic network init
ifup lo
hostname localhost
domainname localdomain
# Vibetonz
chmod 0660 /dev/tspdrv
chown vibe vibe /dev/tspdrv
# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40
# Memory management. Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4
chown root system /sys/module/lowmemorykiller/parameters/adj
chmod 0664 /sys/module/lowmemorykiller/parameters/adj
chown root system /sys/module/lowmemorykiller/parameters/minfree
chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
# Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 2500
write /proc/sys/vm/dirty_writeback_centisecs 1250
write /proc/sys/vm/dirty_background_ratio 10
write /proc/sys/vm/dirty_ratio 40
write /proc/sys/vm/vfs_cache_pressure 90
write /proc/sys/vm/swappiness 10
# reset_reason
chown system system /proc/reset_reason
chmod 0600 /proc/reset_reason
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown system system /sys/power/autosleep
chown system system /sys/power/state
chown system system /sys/power/wakeup_count
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chown system system /sys/devices/system/cpu/cpufreq/interactive/multi_enter_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/multi_enter_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/multi_enter_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/multi_enter_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/multi_exit_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/multi_exit_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/multi_exit_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/multi_exit_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/single_enter_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/single_enter_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/single_enter_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/single_enter_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/single_exit_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/single_exit_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/single_exit_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/single_exit_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/mode
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/mode
chown system system /sys/devices/system/cpu/cpufreq/interactive/enforced_mode
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/enforced_mode
chown system system /sys/devices/system/cpu/cpufreq/interactive/param_index
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/param_index
chown system system /sys/devices/system/cpu/cpufreq/interactive/cpu_util
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/cpu_util
# Assume SMP uses shared cpufreq policy for all CPUs
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
# Switch Device
chown system radio /sys/class/sec/switch/usb_sel
chown system radio /sys/class/sec/switch/uart_sel
chown system radio /sys/class/sec/switch/otg_test
chown system radio /sys/class/sec/switch/apo_factory
# permission for CHARGING
chown system radio /sys/class/power_supply/battery/batt_reset_soc
chown system radio /sys/class/power_supply/battery/batt_slate_mode
chown system radio /sys/class/power_supply/battery/factory_mode
chown system radio /sys/class/power_supply/battery/siop_level
chown system radio /sys/class/power_supply/battery/wc_enable
chown system radio /sys/class/power_supply/battery/update
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/call
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/video
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/music
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/browser
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/hotspot
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/camera
chown system radio /sys/class/power_supply/battery/talk_wcdma
chown system radio /sys/class/power_supply/battery/talk_gsm
chown system radio /sys/class/power_supply/battery/call
chown system radio /sys/class/power_supply/battery/data_call
chown system radio /sys/class/power_supply/battery/gps
chown system radio /sys/class/power_supply/battery/wifi
chown system radio /sys/class/power_supply/battery/lte
chown system radio /sys/class/power_supply/battery/lcd
chown system radio /sys/class/power_supply/ps/status
chmod 0664 /sys/class/power_supply/ps/status
# NFC_BROADCOM
chmod 0600 /dev/bcm2079x
chown nfc nfc /dev/bcm2079x
mkdir /data/bcmnfc
mkdir /data/bcmnfc/param
chmod 0700 /data/bcmnfc
chmod 0700 /data/bcmnfc/param
chown nfc nfc /data/bcmnfc
chown nfc nfc /data/bcmnfc/param
#nfc
setprop ro.nfc.port "I2C"
mkdir /data/nfc 0700 nfc nfc
mkdir /data/nfc/param 0700 nfc nfc
chown nfc nfc /dev/pn547
chmod 0600 /dev/pn547
# Set these so we can remotely update SELinux policy
chown system system /sys/fs/selinux/load
chown system system /sys/fs/selinux/enforce
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
setprop net.tcp.buffersize.default 4096,87380,704512,4096,16384,110208
setprop net.tcp.buffersize.wifi 524288,1048576,5242880,524288,1048576,5242880
setprop net.tcp.buffersize.lte 524288,1048576,2560000,524288,1048576,2560000
setprop net.tcp.buffersize.umts 4094,87380,704512,4096,16384,110208
setprop net.tcp.buffersize.hspa 4094,87380,704512,4096,16384,262144
setprop net.tcp.buffersize.hsupa 4094,87380,704512,4096,16384,262144
setprop net.tcp.buffersize.hsdpa 4094,87380,704512,4096,16384,262144
setprop net.tcp.buffersize.hspap 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
setprop net.tcp.buffersize.gprs 4092,30000,30000,4096,8760,11680
setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144
# Assign TCP buffer thresholds to be ceiling value of technology maximums
# Increased technology maximums should be reflected here.
write /proc/sys/net/core/rmem_max 5242880
write /proc/sys/net/core/wmem_max 5242880
class_start core
class_start main
on nonencrypted
class_start late_start
on charger
class_start charger
on property:vold.decrypt=trigger_reset_main
class_reset main
on property:vold.decrypt=trigger_load_persist_props
load_persist_props
on property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data
on property:vold.decrypt=trigger_restart_min_framework
class_start main
on property:vold.decrypt=trigger_restart_framework
class_start main
class_start late_start
on property:vold.decrypt=trigger_shutdown_framework
class_reset late_start
class_reset main
# Reload SE Android Policy for MDM
on property:persist.security.mdm.policy=1
setprop selinux.reload_policy 1
on property:selinux.reload_policy=1
chown system system /sys/fs/selinux/enforce
chown -R system system /sys/fs/selinux/booleans
chown system system /sys/fs/selinux/commit_pending_bools
on property:sys.powerctl=*
powerctl ${sys.powerctl}
# system server cannot write to /proc/sys files, so proxy it through init
on property:sys.sysctl.extra_free_kbytes=*
write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
## Daemon processes to be run by init.
##
service sysmon /system/bin/sysmon
class core
user root
oneshot
service ueventd /sbin/ueventd
class core
critical
seclabel u:r:ueventd:s0
service healthd /sbin/healthd
class core
critical
seclabel u:r:healthd:s0
service healthd-charger /sbin/healthd -n
class charger
critical
seclabel u:r:healthd:s0
#on property:selinux.reload_policy=1
# restart ueventd
# restart installd
service console /system/bin/sh
class core
console
disabled
user shell
group log
## WTL_EDM_START
## EDM AuditLog
service edmaudit /system/bin/edmaudit
class main
user root
## WTL_EDM_END
service auditd /system/bin/auditd -k
class main
seclabel u:r:auditd:s0
disabled
oneshot
service netlabels /system/bin/selinux-network.sh
class core
oneshot
on property:ro.debuggable=1
start console
# adbd is controlled via property triggers in init.<platform>.usb.rc
service adbd /sbin/adbd
class core
socket adbd stream 660 system system
disabled
seclabel u:r:adbd:s0
# adbd on at boot in emulator
on property:ro.kernel.qemu=1
start adbd
service servicemanager /system/bin/servicemanager
class core
user system
group system
critical
onrestart restart healthd
onrestart restart zygote
onrestart restart media
onrestart restart surfaceflinger
onrestart restart drm
onrestart restart sensorhubservice
onrestart restart TvoutService_C
service vold /system/bin/vold
class core
socket vold stream 0660 root mount
ioprio be 2
socket dir_enc_report stream 0660 root mount
socket epm stream 0660 system system
service netd /system/bin/netd
class main
socket netd stream 0660 root system
socket dnsproxyd stream 0660 root inet
socket mdns stream 0660 root system
service prepare_param /system/bin/prepare_param.sh /dev/block/platform/dw_mmc.0/by-name/PARAM
class main
user root
group root
seclabel u:r:prepare_param:s0
oneshot
# icd
service icd /system/bin/icd
class main
user system
group system log
onrestart check_icd
oneshot
# RIL
service ril-daemon /system/bin/rild
class main
socket rild stream 660 root radio
socket rild-debug stream 660 radio system
user root
group radio cache inet misc audio sdcard_r sdcard_rw log
onrestart restart cpboot-daemon
# AT Distributor for factory test
service at_distributor /system/bin/at_distributor
class late_start
user root
group radio misc log
service debuggerd /system/bin/debuggerd
class main
service surfaceflinger /system/bin/surfaceflinger
class main
user system
group graphics drmrpc
onrestart restart zygote
onrestart restart gsiff_daemon
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
class main
socket zygote stream 660 root system
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
onrestart restart media
onrestart restart netd
onrestart restart sensorhubservice
onrestart restart bootchecker
onrestart restart gsiff_daemon
service sec-sh /system/bin/sh /system/etc/init.sec.boot.sh
class main
user root
oneshot
service drm /system/bin/drmserver
class main
user drm
# [ SEC_MM_DRM
# fix
group system drm inet drmrpc sdcard_r sdcard_rw media_rw radio shell
# org
# group drm system inet drmrpc
# ]
service media /system/bin/mediaserver
class main
user media
group system audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm sdcard_rw sdcard_r media_rw shell lgt_gid
ioprio rt 4
service apaservice /system/bin/apaservice
class main
user jack
group system inet sdcard_rw sdcard_r media_rw shell
service jackservice /system/bin/jackservice
class main
user jack
group system audio inet shell
service powersnd /system/bin/samsungpowersoundplay
class main
user media
group system
disabled
oneshot
service bootanim /system/bin/bootanimation
class main
user graphics
group graphics system
disabled
oneshot
service installd /system/bin/installd
class main
socket installd stream 600 system system
service flash_recovery /system/etc/install-recovery.sh
class main
seclabel u:r:flash_recovery:s0
oneshot
service racoon /system/bin/racoon
class main
socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
group vpn net_admin inet
disabled
oneshot
service mtpd /system/bin/mtpd
class main
socket mtpd stream 600 system system
user vpn
group vpn net_admin inet net_raw
disabled
oneshot
# Strongswan VPN
service charon /system/bin/charon
class main
socket charon stream 600 system system
# charon will setuid to vpn after getting necessary resources.
group vpn net_admin inet
disabled
oneshot
service keystore /system/bin/keystore /data/misc/keystore
class main
user keystore
group keystore drmrpc
service dumpstate /system/bin/dumpstate -s
class main
socket dumpstate stream 0660 shell log
disabled
oneshot
service sdumpstate /system/bin/dumpstate -P
class main
disabled
oneshot
# bugreport is triggered by holding down volume down, volume up and power
service bugreport /system/bin/dumpstate -d -p -B \
-o /data/data/com.android.shell/files/bugreports/bugreport
class main
disabled
oneshot
keycodes 114 115 116
# Vibetonz
service immvibed /system/bin/immvibed
class core
user vibe
group vibe
oneshot
service sshd /system/bin/start-ssh
class main
disabled
service mdnsd /system/bin/mdnsd
class main
user mdnsr
group inet net_raw
socket mdnsd stream 0660 mdnsr inet
disabled
oneshot
on property:init.svc.bootanim=stopped
write /sys/block/mmcblk0/queue/scheduler deadline
restorecon /data/media
restorecon /data/media/obb
start auditd
start freshsebool
# SE Android sebool
service freshsebool /system/bin/freshsebool
class main
user root
disabled
oneshot
service mobex-daemon /system/bin/npsmobex
class main
user system
group system radio inet sdcard_r sdcard_rw media_rw shell
service SIDESYNC_service /system/bin/ss_conn_daemon
class main
socket ss_conn_daemon stream 0666 system system
user system
group inet net_raw
# icd
on property:init.svc.media=restarting
check_icd
start icd
# SAMSUNG DRS Service
service drsd /system/bin/drsd
class main
socket drsd stream 600 system system
# KNOX VPN
service ipruleset /system/bin/ipruleset
class main
group vpn net_admin inet net_raw
disabled
oneshot
service sensorhubservice /system/bin/sensorhubservice
class main
user system
group input
# WTL_EDM
service createsystemfile /system/bin/createsystemfile
class main
group system
disabled
oneshot
# for RIL MFG (TestMode)
service DR-daemon /system/bin/ddexe
class main
user root
group system radio inet net_raw
service SMD-daemon /system/bin/smdexe
class main
user root
group system radio inet net_raw
service BCS-daemon /system/bin/connfwexe
class main
user root
group system radio inet net_raw
# end of RIL
# for Bluetooth Tethering
service dhcpcd_bt-pan /system/bin/dhcpcd -ABKL
class main
disabled
oneshot
service iprenew_bt-pan /system/bin/dhcpcd -n
class late_start
disabled
oneshot
# end of BT
service xbootscript /sbin/xboot.sh
class late_start
user root
disabled
oneshot
# Execute init.d scripts
service sysinit /system/bin/logwrapper /sbin/busybox run-parts /system/etc/init.d
class late_start
user root
group shell
oneshot
on property:sys.boot_completed=1
start xbootscript