init.rc

# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#

import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.trace.rc
import /init.container.rc
import /init.carrier.rc

on early-init
    # Set init and its forked children's oom_adj.
    write /proc/1/oom_adj -16
    write /sys/block/mmcblk0/queue/scheduler noop

    # Set the security context for the init process.
    # This should occur before anything else (e.g. ueventd) is started.
    setcon u:r:init:s0

    start ueventd

# create mountpoints
    mkdir /mnt 0775 root system

# Allow system UID to setenforce and set booleans.
    chown system system /sys/fs/selinux/enforce
    chown -R system system /sys/fs/selinux/booleans
    chown system system /sys/fs/selinux/commit_pending_bools

on init
    ffu
    setenforce 0
sysclktz 0

loglevel 3
# for audit message
    chown system system /proc/avc_msg
    chmod 0660 /proc/avc_msg

# Vibetonz
    export VIBE_PIPE_PATH /dev/pipes
    mkdir /dev/pipes 0771 vibe vibe
    restorecon /dev/pipes

# Backward compatibility
    symlink /system/etc /etc
    symlink /sys/kernel/debug /d

# Right now vendor lives on the same filesystem as system,
# but someday that may change.
    symlink /system/vendor /vendor

# Create cgroup mount point for cpu accounting
    mkdir /acct
    mount cgroup none /acct cpuacct
    mkdir /acct/uid

# Create cgroup mount point for memory
    mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
    mkdir /sys/fs/cgroup/memory 0750 root system
    mount cgroup none /sys/fs/cgroup/memory memory
    write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
    chown root system /sys/fs/cgroup/memory/tasks
    chmod 0660 /sys/fs/cgroup/memory/tasks
    mkdir /sys/fs/cgroup/memory/sw 0750 root system
    write /sys/fs/cgroup/memory/sw/memory.swappiness 100
    write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
    chown root system /sys/fs/cgroup/memory/sw/tasks
    chmod 0660 /sys/fs/cgroup/memory/sw/tasks

	mkdir /.system
    mkdir /system
    mkdir /data 0771 system system
    mkdir /cache 0770 system cache
    mkdir /config 0500 root root

    # See storage config details at http://source.android.com/tech/storage/
# [ SEC_MM_DRM
    mkdir /mnt/shell 0750 shell shell
# ]
    mkdir /mnt/media_rw 0700 media_rw media_rw
    mkdir /storage 0751 root sdcard_r

    # Directory for putting things only root should see.
    mkdir /mnt/secure 0700 root root
    # Create private mountpoint so we can MS_MOVE from staging
    mount tmpfs tmpfs /mnt/secure mode=0700,uid=0,gid=0
    
    # Create mountpoint so Dalvik can mark as slave in zygotes.
    # And this allow CIFS mounting and other app databases.
    mkdir /mnt/shell/emulated 0700 shell shell
    mount tmpfs tmpfs /storage mode=0751,uid=0,gid=1028
    mount tmpfs tmpfs /mnt/shell/emulated mode=0700,uid=0,gid=0

    # Directory for staging bindmounts
    mkdir /mnt/secure/staging 0700 root root

    # Directory-target for where the secure container
    # imagefile directory will be bind-mounted
    mkdir /mnt/secure/asec  0700 root root
    mount tmpfs tmpfs /mnt/secure/asec mode=0700,uid=0,gid=0

    # Secure container public mount points.
    mkdir /mnt/asec  0700 root system
    mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000

    # Filesystem image public mount points.
    mkdir /mnt/obb 0700 root system
    mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000

    write /proc/sys/kernel/panic_on_oops 1
    write /proc/sys/kernel/hung_task_timeout_secs 0
    write /proc/cpu/alignment 4
    write /proc/sys/kernel/sched_latency_ns 10000000
    write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
    write /proc/sys/kernel/sched_compat_yield 1
    write /proc/sys/kernel/sched_child_runs_first 0
    write /proc/sys/kernel/randomize_va_space 2
    write /proc/sys/kernel/kptr_restrict 2
    write /proc/sys/kernel/dmesg_restrict 1
    write /proc/sys/vm/mmap_min_addr 32768
    write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
    write /proc/sys/kernel/sched_rt_runtime_us 950000
    write /proc/sys/kernel/sched_rt_period_us 1000000

# Create cgroup mount points for process groups
    mkdir /dev/cpuctl
    mount cgroup none /dev/cpuctl cpu
    chown system system /dev/cpuctl
    chown system system /dev/cpuctl/tasks
    chmod 0660 /dev/cpuctl/tasks
    write /dev/cpuctl/cpu.shares 1024
    write /dev/cpuctl/cpu.rt_runtime_us 950000
    write /dev/cpuctl/cpu.rt_period_us 1000000

    mkdir /dev/cpuctl/apps
    chown system system /dev/cpuctl/apps/tasks
    chmod 0666 /dev/cpuctl/apps/tasks
    write /dev/cpuctl/apps/cpu.shares 1024
    write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
    write /dev/cpuctl/apps/cpu.rt_period_us 1000000

    mkdir /dev/cpuctl/apps/bg_non_interactive
    chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
    chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
    # 5.0 %
    write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000

# qtaguid will limit access to specific data based on group memberships.
#   net_bw_acct grants impersonation of socket owners.
#   net_bw_stats grants access to other apps' detailed tagged-socket stats.
    chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
    chown root net_bw_stats /proc/net/xt_qtaguid/stats

# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
    chmod 0644 /dev/xt_qtaguid

# Create location for fs_mgr to store abbreviated output from filesystem
# checker programs.
    mkdir /dev/fscklogs 0770 root system

# To sync between sdcard & installd
    setprop installd.sdcard_manipulate_done 0

on post-fs
    # once everything is setup, no need to modify /
    mount rootfs rootfs / ro remount
    # mount shared so changes propagate into child namespaces
    mount rootfs rootfs / shared rec
    mount tmpfs tmpfs /mnt/secure private rec
    mount tmpfs tmpfs /mnt/secure/asec shared rec

    # We chown/chmod /cache again so because mount is run as root + defaults
    chown system cache /cache
    chmod 0770 /cache
    # We restorecon /cache in case the cache partition has been reset.
    restorecon /cache

    # This may have been created by the recovery system with odd permissions
    chown system cache /cache/recovery
    chmod 0770 /cache/recovery
    # This may have been created by the recovery system with the wrong context.
    restorecon /cache/recovery

    #change permissions on vmallocinfo so we can grab it from bugreports
    chown root log /proc/vmallocinfo
    chmod 0440 /proc/vmallocinfo

    chown root log /proc/slabinfo
    chmod 0440 /proc/slabinfo

    #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
    chown root system /proc/kmsg
    chmod 0440 /proc/kmsg
    chown root system /proc/sysrq-trigger
    chmod 0220 /proc/sysrq-trigger
    chown system log /proc/last_kmsg
    chmod 0440 /proc/last_kmsg

    # create the lost+found directories, so as to enforce our permissions
    mkdir /cache/lost+found 0770 root root

on post-fs-data
    # Reload SE Android Policy
    setprop selinux.reload_policy 1
    # We chown/chmod /data again so because mount is run as root + defaults
    chown system system /data
    chmod 0771 /data
    # We restorecon /data in case the userdata partition has been reset.
    restorecon /data

    # Avoid predictable entropy pool. Carry over entropy from previous boot.
    copy /data/system/entropy.dat /dev/frandom

    # Create dump dir and collect dumps.
    # Do this before we mount cache so eventually we can use cache for
    # storing dumps on platforms which do not have a dedicated dump partition.
    mkdir /data/dontpanic 0750 root log

    # Collect apanic data, free resources and re-arm trigger
    copy /proc/apanic_console /data/dontpanic/apanic_console
    chown root log /data/dontpanic/apanic_console
    chmod 0640 /data/dontpanic/apanic_console

    copy /proc/apanic_threads /data/dontpanic/apanic_threads
    chown root log /data/dontpanic/apanic_threads
    chmod 0640 /data/dontpanic/apanic_threads

    write /proc/apanic_console 1

    # create basic filesystem structure
    mkdir /data/misc 01771 system misc
    mkdir /data/misc/audit 02775 audit system
    mkdir /data/misc/adb 02750 system shell
    mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
    mkdir /data/misc/bluetooth 0770 system system
    mkdir /data/misc/keystore 0700 keystore keystore
    mkdir /data/misc/keychain 0771 system system
    mkdir /data/misc/radio 0771 system radio
    mkdir /data/misc/sms 0770 system radio
    mkdir /data/misc/zoneinfo 0775 system system
    mkdir /data/misc/vpn 0770 system vpn
    mkdir /data/misc/systemkeys 0700 system system
    mkdir /data/misc/jack 0770 jack system
    mkdir /data/local 0751 root root
    mkdir /data/misc/media 0700 media media

    # icd
    check_icd
    chown system system /dev/icd
    chmod 0644 /dev/icd
    chown system system /dev/icdr
    chmod 0644 /dev/icdr
    chown system system /dev/tzic

    #SideSync
    chown system system /dev/android_ssusbcon
    chmod 0660 /dev/android_ssusbcon

    # For security reasons, /data/local/tmp should always be empty.
    # Do not place files or directories in /data/local/tmp
    mkdir /data/local/tmp 0771 shell shell
    mkdir /data/data 0771 system system
    mkdir /data/app-private 0771 system system
    mkdir /data/app-asec 0700 root root
    mkdir /data/app-lib 0771 system system
    mkdir /data/app 0771 system system
    mkdir /data/property 0755 root root
    mkdir /data/ssh 0750 root shell
    mkdir /data/ssh/empty 0700 root root
    mkdir /data/system 0775 system system
    mkdir /data/system/container 0700 system system
    restorecon -R /data/system

    # SA, System SW, SAMSUNG create log directory
    mkdir /data/log 0775 system log
    chown system log /data/log
    mkdir /data/anr 0775 system system
    chown system system /data/anr
    chmod 0775 /data/log
    chmod 0775 /data/anr
    restorecon /data/log
    restorecon /data/anr

    # create dalvik-cache, so as to enforce our permissions
    mkdir /data/dalvik-cache 0771 system system

    # create resource-cache and double-check the perms
    mkdir /data/resource-cache 0771 system system
    chown system system /data/resource-cache
    chmod 0771 /data/resource-cache

    # create the lost+found directories, so as to enforce our permissions
    mkdir /data/lost+found 0770 root root
    restorecon /data/lost+found

    # create directory for DRM plug-ins - give drm the read/write access to
    # the following directory.
    mkdir /data/drm 0770 drm drm

    # create directory for MediaDrm plug-ins - give drm the read/write access to
    # the following directory.
    mkdir /data/mediadrm 0770 mediadrm mediadrm

# [ SEC_MM_DRM
    # sdrm
    mkdir /efs/drm 0774 drm system
    mkdir /efs/drm/sdrm 0774 drm system
    mkdir /efs/drm/sdrm/data_agent 0774 drm system
    restorecon /efs/drm
    restorecon /efs/drm/sdrm
    restorecon /efs/drm/data_agent

    # DRM directory creation
    mkdir /system/etc/security/.drm 0775
    chown root root /system/etc/security/.drm
    chmod 0775 /system/etc/security/.drm

    # Added for Playready DRM Support
    mkdir /data/data/.drm 0775
    chown drm system /data/data/.drm
    chmod 0775 /data/data/.drm
    mkdir /data/data/.drm/.playready 0775
    chown drm system /data/data/.drm/.playready
    chmod 0775 /data/data/.drm/.playready

    # Added drm folder to copy drm plugins
    mkdir /system/lib/drm 0775
    chown root root /system/lib/drm
    chmod 0775 /system/lib/drm

    # DivX DRM
    mkdir /efs/.files 0775
    mkdir /efs/.files/.dx1 0775
    mkdir /efs/.files/.dm33 0775
    mkdir /efs/.files/.mp301 0775
    chown media system /efs/.files/.dx1
    chown media system /efs/.files/.dm33
    chown media system /efs/.files/.mp301
    chmod 0775 /efs/.files/.dx1
    chmod 0775 /efs/.files/.dm33
    chmod 0775 /efs/.files/.mp301

    restorecon -R /efs
#]

    # MTP permission
    chmod 0660 /dev/usb_mtp_gadget
    chown system mtp /dev/usb_mtp_gadget

    # symlink to bugreport storage location
    symlink /data/data/com.android.shell/files/bugreports /data/bugreports

    # If there is no fs-post-data action in the init.<device>.rc file, you
    # must uncomment this line, otherwise encrypted filesystems
    # won't work.
    # Set indication (checked by vold) that we have finished this action
    #setprop vold.post_fs_data_done 1

    # Separate location for storing security policy files on data

    mkdir /data/security 0711 system system
    mkdir /data/security/spota 0711 system system
    mkdir /data/security/booleans 0711 system system
    mkdir /data/security/good 0700 system system
    mkdir /data/security/stig 0700 system system
    mkdir /data/security/mycontainer 0700 system system

    # Restorecon for backup data file
    mkdir /data/backup 0700 system system
    restorecon /data/backup
on boot
    setprop wifi.interface wlan0
# basic network init
    ifup lo
    hostname localhost
    domainname localdomain

# Vibetonz
    chmod 0660 /dev/tspdrv
    chown vibe vibe /dev/tspdrv

# set RLIMIT_NICE to allow priorities from 19 to -20
    setrlimit 13 40 40

# Memory management.  Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.
    write /proc/sys/vm/overcommit_memory 1
    write /proc/sys/vm/min_free_order_shift 4
    chown root system /sys/module/lowmemorykiller/parameters/adj
    chmod 0664 /sys/module/lowmemorykiller/parameters/adj
    chown root system /sys/module/lowmemorykiller/parameters/minfree
    chmod 0664 /sys/module/lowmemorykiller/parameters/minfree

    # Tweak background writeout
    write /proc/sys/vm/dirty_expire_centisecs 2500
    write /proc/sys/vm/dirty_writeback_centisecs 1250
    write /proc/sys/vm/dirty_background_ratio 10
    write /proc/sys/vm/dirty_ratio 40
    write /proc/sys/vm/vfs_cache_pressure 90
    write /proc/sys/vm/swappiness 10

    # reset_reason
    chown system system /proc/reset_reason
    chmod 0600 /proc/reset_reason

    # Permissions for System Server and daemons.
    chown radio system /sys/android_power/state
    chown radio system /sys/android_power/request_state
    chown radio system /sys/android_power/acquire_full_wake_lock
    chown radio system /sys/android_power/acquire_partial_wake_lock
    chown radio system /sys/android_power/release_wake_lock
    chown system system /sys/power/autosleep
    chown system system /sys/power/state
    chown system system /sys/power/wakeup_count
    chown radio system /sys/power/wake_lock
    chown radio system /sys/power/wake_unlock
    chmod 0660 /sys/power/state
    chmod 0660 /sys/power/wake_lock
    chmod 0660 /sys/power/wake_unlock

    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
    chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
    chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
    chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
    chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy

    chown system system /sys/devices/system/cpu/cpufreq/interactive/multi_enter_load
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/multi_enter_load
    chown system system /sys/devices/system/cpu/cpufreq/interactive/multi_enter_time
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/multi_enter_time
    chown system system /sys/devices/system/cpu/cpufreq/interactive/multi_exit_load
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/multi_exit_load
    chown system system /sys/devices/system/cpu/cpufreq/interactive/multi_exit_time
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/multi_exit_time
    chown system system /sys/devices/system/cpu/cpufreq/interactive/single_enter_load
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/single_enter_load
    chown system system /sys/devices/system/cpu/cpufreq/interactive/single_enter_time
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/single_enter_time
    chown system system /sys/devices/system/cpu/cpufreq/interactive/single_exit_load
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/single_exit_load
    chown system system /sys/devices/system/cpu/cpufreq/interactive/single_exit_time
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/single_exit_time
    chown system system /sys/devices/system/cpu/cpufreq/interactive/mode
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/mode
    chown system system /sys/devices/system/cpu/cpufreq/interactive/enforced_mode
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/enforced_mode
    chown system system /sys/devices/system/cpu/cpufreq/interactive/param_index
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/param_index
    chown system system /sys/devices/system/cpu/cpufreq/interactive/cpu_util
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/cpu_util

    # Assume SMP uses shared cpufreq policy for all CPUs
    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq

    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/class/leds/keyboard-backlight/brightness
    chown system system /sys/class/leds/lcd-backlight/brightness
    chown system system /sys/class/leds/button-backlight/brightness
    chown system system /sys/class/leds/jogball-backlight/brightness
    chown system system /sys/class/leds/red/brightness
    chown system system /sys/class/leds/green/brightness
    chown system system /sys/class/leds/blue/brightness
    chown system system /sys/class/leds/red/device/grpfreq
    chown system system /sys/class/leds/red/device/grppwm
    chown system system /sys/class/leds/red/device/blink
    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/module/sco/parameters/disable_esco
    chown system system /sys/kernel/ipv4/tcp_wmem_min
    chown system system /sys/kernel/ipv4/tcp_wmem_def
    chown system system /sys/kernel/ipv4/tcp_wmem_max
    chown system system /sys/kernel/ipv4/tcp_rmem_min
    chown system system /sys/kernel/ipv4/tcp_rmem_def
    chown system system /sys/kernel/ipv4/tcp_rmem_max
    chown root radio /proc/cmdline

 # Switch Device
    chown system radio /sys/class/sec/switch/usb_sel
    chown system radio /sys/class/sec/switch/uart_sel
    chown system radio /sys/class/sec/switch/otg_test
    chown system radio /sys/class/sec/switch/apo_factory

 # permission for CHARGING
   chown system radio /sys/class/power_supply/battery/batt_reset_soc
   chown system radio /sys/class/power_supply/battery/batt_slate_mode
   chown system radio /sys/class/power_supply/battery/factory_mode
   chown system radio /sys/class/power_supply/battery/siop_level
   chown system radio /sys/class/power_supply/battery/wc_enable
   chown system radio /sys/class/power_supply/battery/update
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/call
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/video
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/music
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/browser
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/hotspot
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/camera
   chown system radio /sys/class/power_supply/battery/talk_wcdma
   chown system radio /sys/class/power_supply/battery/talk_gsm
   chown system radio /sys/class/power_supply/battery/call
   chown system radio /sys/class/power_supply/battery/data_call
   chown system radio /sys/class/power_supply/battery/gps
   chown system radio /sys/class/power_supply/battery/wifi
   chown system radio /sys/class/power_supply/battery/lte
   chown system radio /sys/class/power_supply/battery/lcd
   chown system radio /sys/class/power_supply/ps/status
   chmod 0664 /sys/class/power_supply/ps/status

# NFC_BROADCOM
    chmod 0600 /dev/bcm2079x
    chown nfc nfc /dev/bcm2079x
    mkdir /data/bcmnfc
    mkdir /data/bcmnfc/param
    chmod 0700 /data/bcmnfc
    chmod 0700 /data/bcmnfc/param
    chown nfc nfc /data/bcmnfc
    chown nfc nfc /data/bcmnfc/param

#nfc
    setprop ro.nfc.port "I2C"
    mkdir /data/nfc 0700 nfc nfc
    mkdir /data/nfc/param 0700 nfc nfc
    chown nfc nfc /dev/pn547
    chmod 0600 /dev/pn547


# Set these so we can remotely update SELinux policy
    chown system system /sys/fs/selinux/load
    chown system system /sys/fs/selinux/enforce

# Define TCP buffer sizes for various networks
#   ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
    setprop net.tcp.buffersize.default 4096,87380,704512,4096,16384,110208
    setprop net.tcp.buffersize.wifi    524288,1048576,5242880,524288,1048576,5242880
    setprop net.tcp.buffersize.lte     524288,1048576,2560000,524288,1048576,2560000
    setprop net.tcp.buffersize.umts    4094,87380,704512,4096,16384,110208
    setprop net.tcp.buffersize.hspa    4094,87380,704512,4096,16384,262144
    setprop net.tcp.buffersize.hsupa   4094,87380,704512,4096,16384,262144
    setprop net.tcp.buffersize.hsdpa   4094,87380,704512,4096,16384,262144
    setprop net.tcp.buffersize.hspap   4094,87380,1220608,4096,16384,1220608
    setprop net.tcp.buffersize.edge    4093,26280,35040,4096,16384,35040
    setprop net.tcp.buffersize.gprs    4092,30000,30000,4096,8760,11680
    setprop net.tcp.buffersize.evdo    4094,87380,262144,4096,16384,262144

# Assign TCP buffer thresholds to be ceiling value of technology maximums
# Increased technology maximums should be reflected here.
    write /proc/sys/net/core/rmem_max  5242880
    write /proc/sys/net/core/wmem_max  5242880

    class_start core
    class_start main

on nonencrypted
    class_start late_start

on charger
    class_start charger

on property:vold.decrypt=trigger_reset_main
    class_reset main

on property:vold.decrypt=trigger_load_persist_props
    load_persist_props

on property:vold.decrypt=trigger_post_fs_data
    trigger post-fs-data

on property:vold.decrypt=trigger_restart_min_framework
    class_start main

on property:vold.decrypt=trigger_restart_framework
    class_start main
    class_start late_start

on property:vold.decrypt=trigger_shutdown_framework
    class_reset late_start
    class_reset main

# Reload SE Android Policy for MDM
on property:persist.security.mdm.policy=1
    setprop selinux.reload_policy 1

on property:selinux.reload_policy=1
    chown system system /sys/fs/selinux/enforce
    chown -R system system /sys/fs/selinux/booleans
    chown system system /sys/fs/selinux/commit_pending_bools

on property:sys.powerctl=*
    powerctl ${sys.powerctl}

# system server cannot write to /proc/sys files, so proxy it through init
on property:sys.sysctl.extra_free_kbytes=*
    write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}

## Daemon processes to be run by init.
##
service sysmon /system/bin/sysmon
    class core
    user root
    oneshot

service ueventd /sbin/ueventd
    class core
    critical
    seclabel u:r:ueventd:s0

service healthd /sbin/healthd
    class core
    critical
    seclabel u:r:healthd:s0

service healthd-charger /sbin/healthd -n
    class charger
    critical
    seclabel u:r:healthd:s0

#on property:selinux.reload_policy=1
#    restart ueventd
#    restart installd

service console /system/bin/sh
    class core
    console
    disabled
    user shell
    group log

## WTL_EDM_START
## EDM AuditLog
service edmaudit /system/bin/edmaudit
	class main
	user root

## WTL_EDM_END

service auditd /system/bin/auditd -k
    class main
    seclabel u:r:auditd:s0
    disabled
    oneshot

service netlabels /system/bin/selinux-network.sh
    class core
    oneshot

on property:ro.debuggable=1
    start console

# adbd is controlled via property triggers in init.<platform>.usb.rc
service adbd /sbin/adbd
    class core
    socket adbd stream 660 system system
    disabled
    seclabel u:r:adbd:s0

# adbd on at boot in emulator
on property:ro.kernel.qemu=1
    start adbd

service servicemanager /system/bin/servicemanager
    class core
    user system
    group system
    critical
    onrestart restart healthd
    onrestart restart zygote
    onrestart restart media
    onrestart restart surfaceflinger
    onrestart restart drm
    onrestart restart sensorhubservice
    onrestart restart TvoutService_C

service vold /system/bin/vold
    class core
    socket vold stream 0660 root mount
    ioprio be 2
    socket dir_enc_report stream 0660 root mount
    socket epm stream 0660 system system

service netd /system/bin/netd
    class main
    socket netd stream 0660 root system
    socket dnsproxyd stream 0660 root inet
    socket mdns stream 0660 root system

service prepare_param /system/bin/prepare_param.sh /dev/block/platform/dw_mmc.0/by-name/PARAM
	class main
	user root
	group root
	seclabel u:r:prepare_param:s0
	oneshot

# icd
service icd /system/bin/icd
    class main
    user system
    group system log
    onrestart check_icd
    oneshot

# RIL
service ril-daemon /system/bin/rild
    class main
    socket rild stream 660 root radio
    socket rild-debug stream 660 radio system
    user root
    group radio cache inet misc audio sdcard_r sdcard_rw log
    onrestart restart cpboot-daemon

# AT Distributor for factory test
service at_distributor /system/bin/at_distributor
    class late_start
    user root
    group radio misc log

service debuggerd /system/bin/debuggerd
    class main

service surfaceflinger /system/bin/surfaceflinger
    class main
    user system
    group graphics drmrpc
    onrestart restart zygote
    onrestart restart gsiff_daemon

service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
    class main
    socket zygote stream 660 root system
    onrestart write /sys/android_power/request_state wake
    onrestart write /sys/power/state on
    onrestart restart media
    onrestart restart netd
    onrestart restart sensorhubservice
    onrestart restart bootchecker
    onrestart restart gsiff_daemon

service sec-sh /system/bin/sh /system/etc/init.sec.boot.sh
    class main
    user root
    oneshot

service drm /system/bin/drmserver
    class main
    user drm
# [ SEC_MM_DRM
# fix
    group system drm inet drmrpc sdcard_r sdcard_rw media_rw radio shell
# org
#    group drm system inet drmrpc
# ]

service media /system/bin/mediaserver
    class main
    user media
    group system audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm sdcard_rw sdcard_r media_rw shell lgt_gid
    ioprio rt 4

service apaservice /system/bin/apaservice
    class main
    user jack
    group system inet sdcard_rw sdcard_r media_rw shell

service jackservice /system/bin/jackservice
    class main
    user jack
    group system audio inet shell

service powersnd /system/bin/samsungpowersoundplay
    class main
    user media
    group system
    disabled
    oneshot

service bootanim /system/bin/bootanimation
    class main
    user graphics
    group graphics system
    disabled
    oneshot

service installd /system/bin/installd
    class main
    socket installd stream 600 system system

service flash_recovery /system/etc/install-recovery.sh
    class main
    seclabel u:r:flash_recovery:s0
    oneshot

service racoon /system/bin/racoon
    class main
    socket racoon stream 600 system system
    # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
    group vpn net_admin inet
    disabled
    oneshot

service mtpd /system/bin/mtpd
    class main
    socket mtpd stream 600 system system
    user vpn
    group vpn net_admin inet net_raw
    disabled
    oneshot

# Strongswan VPN
service charon /system/bin/charon
    class main
    socket charon stream 600 system system
    # charon will setuid to vpn after getting necessary resources.
    group vpn net_admin inet
    disabled
    oneshot

service keystore /system/bin/keystore /data/misc/keystore
    class main
    user keystore
    group keystore drmrpc

service dumpstate /system/bin/dumpstate -s
    class main
    socket dumpstate stream 0660 shell log
    disabled
    oneshot

service sdumpstate /system/bin/dumpstate -P
    class main
    disabled
    oneshot

# bugreport is triggered by holding down volume down, volume up and power
service bugreport /system/bin/dumpstate -d -p -B \
        -o /data/data/com.android.shell/files/bugreports/bugreport
    class main
    disabled
    oneshot
    keycodes 114 115 116

# Vibetonz
service immvibed /system/bin/immvibed
    class core
    user vibe
    group vibe
    oneshot

service sshd /system/bin/start-ssh
    class main
    disabled

service mdnsd /system/bin/mdnsd
    class main
    user mdnsr
    group inet net_raw
    socket mdnsd stream 0660 mdnsr inet
    disabled
    oneshot

on property:init.svc.bootanim=stopped
	write /sys/block/mmcblk0/queue/scheduler deadline
    restorecon /data/media
    restorecon /data/media/obb
    start auditd
    start freshsebool


# SE Android sebool
service freshsebool /system/bin/freshsebool
    class main
    user root
    disabled
    oneshot
service mobex-daemon /system/bin/npsmobex
    class main
    user system
    group system radio inet sdcard_r sdcard_rw media_rw shell

service SIDESYNC_service /system/bin/ss_conn_daemon
    class main
    socket ss_conn_daemon stream 0666 system system
    user system
    group inet net_raw

# icd
on property:init.svc.media=restarting
    check_icd
    start icd

# SAMSUNG DRS Service
service drsd /system/bin/drsd
    class main
    socket drsd stream 600 system system

# KNOX VPN
service ipruleset /system/bin/ipruleset
    class main
    group vpn net_admin inet net_raw
    disabled
    oneshot

service sensorhubservice /system/bin/sensorhubservice
    class main
    user system
    group input


# WTL_EDM
service createsystemfile /system/bin/createsystemfile
    class main
    group system
    disabled
    oneshot

# for RIL MFG (TestMode)
service DR-daemon /system/bin/ddexe
    class main
    user root
    group system radio inet net_raw

service SMD-daemon /system/bin/smdexe
    class main
    user root
    group system radio inet net_raw

service BCS-daemon /system/bin/connfwexe
    class main
    user root
    group system radio inet net_raw
# end of RIL

# for Bluetooth Tethering
service dhcpcd_bt-pan /system/bin/dhcpcd -ABKL
    class main
    disabled
    oneshot

service iprenew_bt-pan /system/bin/dhcpcd -n
    class late_start
    disabled
    oneshot
# end of BT

service xbootscript /sbin/xboot.sh
    class late_start
    user root
    disabled
    oneshot
    
# Execute init.d scripts
service sysinit /system/bin/logwrapper /sbin/busybox run-parts /system/etc/init.d
	class late_start
	user root
	group shell
	oneshot

on property:sys.boot_completed=1
	start xbootscript