Untitled diff

Created Diff never expires
32 removals
606 lines
28 additions
603 lines
# Copyright (C) 2012 The Android Open Source Project
# Copyright (C) 2012 The Android Open Source Project
#
#
# IMPORTANT: Do not create world writable files or directories.
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
# This is a common source of Android security bugs.
#
#


import /init.environ.rc
import /init.environ.rc
# Mer handles usb stuff
# Mer handles usb stuff
#import /init.usb.rc
#import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.${ro.hardware}.rc
import /init.trace.rc
import /init.trace.rc
import /init.carrier.rc
import /init.carrier.rc


on early-init
on early-init
# Set the security context for the init process.
# Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started.
# This should occur before anything else (e.g. ueventd) is started.
setcon u:r:init:s0
setcon u:r:init:s0


# Set the security context of /adb_keys if present.
# Set the security context of /adb_keys if present.
restorecon /adb_keys
restorecon /adb_keys


# start ueventd

# create mountpoints
# create mountpoints
mkdir /mnt 0775 root system
mkdir /mnt 0775 root system


on init
on init


sysclktz 0
sysclktz 0


loglevel 64
loglevel 64


# Backward compatibility
# Backward compatibility
symlink /sys/kernel/debug /d
symlink /sys/kernel/debug /d


# Right now vendor lives on the same filesystem as system,
# Right now vendor lives on the same filesystem as system,
# but someday that may change.
# but someday that may change.
symlink /system/vendor /vendor
symlink /system/vendor /vendor


# Create cgroup mount point for cpu accounting
# Create cgroup mount point for cpu accounting
mkdir /acct
mkdir /acct
# Removed during droid-hal-device build : mount cgroup none /acct cpuacct
# Removed during droid-hal-device build : mount cgroup none /acct cpuacct
mkdir /acct/uid
mkdir /acct/uid


# Create cgroup mount point for memory
# Create cgroup mount point for memory
# Removed during droid-hal-device build : mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
# Removed during droid-hal-device build : mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
mkdir /sys/fs/cgroup/memory 0750 root system
mkdir /sys/fs/cgroup/memory 0750 root system
# Removed during droid-hal-device build : mount cgroup none /sys/fs/cgroup/memory memory
# Removed during droid-hal-device build : mount cgroup none /sys/fs/cgroup/memory memory
write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/tasks
chown root system /sys/fs/cgroup/memory/tasks
chmod 0660 /sys/fs/cgroup/memory/tasks
chmod 0660 /sys/fs/cgroup/memory/tasks
mkdir /sys/fs/cgroup/memory/sw 0750 root system
mkdir /sys/fs/cgroup/memory/sw 0750 root system
write /sys/fs/cgroup/memory/sw/memory.swappiness 100
write /sys/fs/cgroup/memory/sw/memory.swappiness 100
write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/sw/tasks
chown root system /sys/fs/cgroup/memory/sw/tasks
chmod 0660 /sys/fs/cgroup/memory/sw/tasks
chmod 0660 /sys/fs/cgroup/memory/sw/tasks


# /system is owned by Mer
# /system is owned by Mer
#mkdir /system
#mkdir /system
mkdir /data 0771 system system
mkdir /data 0771 system system
mkdir /cache 0771 system cache
mkdir /cache 0771 system cache
mkdir /config 0500 root root
mkdir /config 0500 root root


# See storage config details at http://source.android.com/tech/storage/
# See storage config details at http://source.android.com/tech/storage/
mkdir /mnt/shell 0700 shell shell
mkdir /mnt/shell 0700 shell shell
mkdir /mnt/media_rw 0700 media_rw media_rw
mkdir /mnt/media_rw 0700 media_rw media_rw
mkdir /storage 0751 root sdcard_r
mkdir /storage 0751 root sdcard_r


# Directory for putting things only root should see.
# Directory for putting things only root should see.
mkdir /mnt/secure 0700 root root
mkdir /mnt/secure 0700 root root


# Directory for staging bindmounts
# Directory for staging bindmounts
mkdir /mnt/secure/staging 0700 root root
mkdir /mnt/secure/staging 0700 root root


# Directory-target for where the secure container
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
# imagefile directory will be bind-mounted
mkdir /mnt/secure/asec 0700 root root
mkdir /mnt/secure/asec 0700 root root


# Secure container public mount points.
# Secure container public mount points.
mkdir /mnt/asec 0700 root system
mkdir /mnt/asec 0700 root system
# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000


# Filesystem image public mount points.
# Filesystem image public mount points.
mkdir /mnt/obb 0700 root system
mkdir /mnt/obb 0700 root system
# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000


# Fuse public mount points.
# Fuse public mount points.
mkdir /mnt/fuse 0700 root system
mkdir /mnt/fuse 0700 root system
# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/fuse mode=0775,gid=1000
# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/fuse mode=0775,gid=1000


write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/kernel/dmesg_restrict 1
write /proc/sys/kernel/dmesg_restrict 1
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
write /proc/sys/kernel/sched_rt_runtime_us 950000
write /proc/sys/kernel/sched_rt_runtime_us 950000
write /proc/sys/kernel/sched_rt_period_us 1000000
write /proc/sys/kernel/sched_rt_period_us 1000000


# qtaguid will limit access to specific data based on group memberships.
# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.
# net_bw_acct grants impersonation of socket owners.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.
chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
chown root net_bw_stats /proc/net/xt_qtaguid/stats
chown root net_bw_stats /proc/net/xt_qtaguid/stats


# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
# This is needed by any process that uses socket tagging.
chmod 0644 /dev/xt_qtaguid
chmod 0644 /dev/xt_qtaguid


# Create location for fs_mgr to store abbreviated output from filesystem
# Create location for fs_mgr to store abbreviated output from filesystem
# checker programs.
# checker programs.
mkdir /dev/fscklogs 0770 root system
mkdir /dev/fscklogs 0770 root system


# pstore/ramoops previous console log
# pstore/ramoops previous console log
# Removed during droid-hal-device build : mount pstore pstore /sys/fs/pstore
# Removed during droid-hal-device build : mount pstore pstore /sys/fs/pstore
chown system log /sys/fs/pstore/console-ramoops
chown system log /sys/fs/pstore/console-ramoops
chmod 0440 /sys/fs/pstore/console-ramoops
chmod 0440 /sys/fs/pstore/console-ramoops


on post-fs
on post-fs
# We chown/chmod /cache again so because mount is run as root + defaults
# We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache
chown system cache /cache
chmod 0771 /cache
chmod 0771 /cache
# We restorecon /cache in case the cache partition has been reset.
# We restorecon /cache in case the cache partition has been reset.
restorecon /cache
restorecon /cache


# This may have been created by the recovery system with odd permissions
# This may have been created by the recovery system with odd permissions
chown system cache /cache/recovery
chown system cache /cache/recovery
chmod 0770 /cache/recovery
chmod 0770 /cache/recovery
# This may have been created by the recovery system with the wrong context.
# This may have been created by the recovery system with the wrong context.
restorecon /cache/recovery
restorecon /cache/recovery


#change permissions on vmallocinfo so we can grab it from bugreports
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo


chown root log /proc/slabinfo
chown root log /proc/slabinfo
chmod 0440 /proc/slabinfo
chmod 0440 /proc/slabinfo


#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg
chown root system /proc/kmsg
chmod 0440 /proc/kmsg
chmod 0440 /proc/kmsg
chown root system /proc/sysrq-trigger
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
chown system log /proc/last_kmsg
chown system log /proc/last_kmsg
chmod 0440 /proc/last_kmsg
chmod 0440 /proc/last_kmsg


# create the lost+found directories, so as to enforce our permissions
# create the lost+found directories, so as to enforce our permissions
mkdir /cache/lost+found 0770 root root
mkdir /cache/lost+found 0770 root root


on post-fs-data
on post-fs-data
# We chown/chmod /data again so because mount is run as root + defaults
# We chown/chmod /data again so because mount is run as root + defaults
chown system system /data
chown system system /data
chmod 0771 /data
chmod 0771 /data
# We restorecon /data in case the userdata partition has been reset.
# We restorecon /data in case the userdata partition has been reset.
restorecon /data
restorecon /data


# Avoid predictable entropy pool. Carry over entropy from previous boot.
# Avoid predictable entropy pool. Carry over entropy from previous boot.
copy /data/system/entropy.dat /dev/urandom
copy /data/system/entropy.dat /dev/urandom


# Create dump dir and collect dumps.
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
# storing dumps on platforms which do not have a dedicated dump partition.
mkdir /data/dontpanic 0750 root log
mkdir /data/dontpanic 0750 root log


# Collect apanic data, free resources and re-arm trigger
# Collect apanic data, free resources and re-arm trigger
copy /proc/apanic_console /data/dontpanic/apanic_console
copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console


copy /proc/apanic_threads /data/dontpanic/apanic_threads
copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads


write /proc/apanic_console 1
write /proc/apanic_console 1


# create basic filesystem structure
# create basic filesystem structure
mkdir /data/misc 01771 system misc
mkdir /data/misc 01771 system misc
mkdir /data/misc/adb 02750 system shell
mkdir /data/misc/adb 02750 system shell
mkdir /data/misc/audit 02750 audit system
mkdir /data/misc/audit 02750 audit system
mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/radio 0770 system radio
mkdir /data/misc/radio 0770 system radio
mkdir /data/misc/sms 0770 system radio
mkdir /data/misc/sms 0770 system radio
mkdir /data/misc/zoneinfo 0775 system system
mkdir /data/misc/zoneinfo 0775 system system
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/wifi 0770 wifi wifi
mkdir /data/misc/wifi 0770 wifi wifi
mkdir /data/misc/wifi/sockets 0770 wifi wifi
mkdir /data/misc/wifi/sockets 0770 wifi wifi
mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
mkdir /data/misc/dhcp 0770 dhcp dhcp
mkdir /data/misc/dhcp 0770 dhcp dhcp
# give system access to wpa_supplicant.conf for backup and restore
# give system access to wpa_supplicant.conf for backup and restore
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0751 root root
mkdir /data/local 0751 root root
mkdir /data/misc/media 0700 media media
mkdir /data/misc/media 0700 media media


# For security reasons, /data/local/tmp should always be empty.
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
# Do not place files or directories in /data/local/tmp
mkdir /data/local/tmp 0771 shell shell
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app-asec 0700 root root
mkdir /data/app-asec 0700 root root
mkdir /data/app-lib 0771 system system
mkdir /data/app-lib 0771 system system
mkdir /data/app 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
mkdir /data/property 0700 root root
mkdir /data/ssh 0750 root shell
mkdir /data/ssh 0750 root shell
mkdir /data/ssh/empty 0700 root root
mkdir /data/ssh/empty 0700 root root
mkdir /data/radio 0770 radio radio
mkdir /data/radio 0770 radio radio


# create dalvik-cache and double-check the perms, so as to enforce our permissions
# create dalvik-cache and double-check the perms, so as to enforce our permissions
mkdir /data/dalvik-cache 0771 system system
mkdir /data/dalvik-cache 0771 system system
chown system system /data/dalvik-cache
chown system system /data/dalvik-cache
chmod 0771 /data/dalvik-cache
chmod 0771 /data/dalvik-cache


# create resource-cache and double-check the perms
# create resource-cache and double-check the perms
mkdir /data/resource-cache 0771 system system
mkdir /data/resource-cache 0771 system system
chown system system /data/resource-cache
chown system system /data/resource-cache
chmod 0771 /data/resource-cache
chmod 0771 /data/resource-cache


# create the lost+found directories, so as to enforce our permissions
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770 root root
mkdir /data/lost+found 0770 root root


# create directory for DRM plug-ins - give drm the read/write access to
# create directory for DRM plug-ins - give drm the read/write access to
# the following directory.
# the following directory.
mkdir /data/drm 0770 drm drm
mkdir /data/drm 0770 drm drm


# create directory for MediaDrm plug-ins - give drm the read/write access to
# create directory for MediaDrm plug-ins - give drm the read/write access to
# the following directory.
# the following directory.
mkdir /data/mediadrm 0770 mediadrm mediadrm
mkdir /data/mediadrm 0770 mediadrm mediadrm


# symlink to bugreport storage location
# symlink to bugreport storage location
symlink /data/data/com.android.shell/files/bugreports /data/bugreports
symlink /data/data/com.android.shell/files/bugreports /data/bugreports


# Separate location for storing security policy files on data
# Separate location for storing security policy files on data
mkdir /data/security 0711 system system
mkdir /data/security 0711 system system


# Reload policy from /data/security if present.
# Reload policy from /data/security if present.
setprop selinux.reload_policy 1
setprop selinux.reload_policy 1


# Set SELinux security contexts on upgrade or policy update.
# Set SELinux security contexts on upgrade or policy update.
restorecon_recursive /data
restorecon_recursive /data


# If there is no fs-post-data action in the init.<device>.rc file, you
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# won't work.
# Set indication (checked by vold) that we have finished this action
# Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1
#setprop vold.post_fs_data_done 1


# Include extra init file
# Include extra init file
import /init.cm.rc
import /init.cm.rc


on boot
on boot
# set RLIMIT_NICE to allow priorities from 19 to -20
# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40
setrlimit 13 40 40


# Memory management. Basic kernel parameters, and allow the high
# Memory management. Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.
# parameters to match how it is managing things.
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4
write /proc/sys/vm/min_free_order_shift 4
chown root system /sys/module/lowmemorykiller/parameters/adj
chown root system /sys/module/lowmemorykiller/parameters/adj
chmod 0664 /sys/module/lowmemorykiller/parameters/adj
chmod 0664 /sys/module/lowmemorykiller/parameters/adj
chown root system /sys/module/lowmemorykiller/parameters/minfree
chown root system /sys/module/lowmemorykiller/parameters/minfree
chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
chmod 0664 /sys/module/lowmemorykiller/parameters/minfree


# Tweak background writeout
# Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
write /proc/sys/vm/dirty_background_ratio 5


# Permissions for System Server and daemons.
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown system system /sys/power/autosleep
chown system system /sys/power/autosleep
chown system system /sys/power/state
chown system system /sys/power/state
chown system system /sys/power/wakeup_count
chown system system /sys/power/wakeup_count
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
chmod 0660 /sys/power/wake_unlock


chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy


# Assume SMP uses shared cpufreq policy for all CPUs
# Assume SMP uses shared cpufreq policy for all CPUs
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq


chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
chown root radio /proc/cmdline


# Allow system group to trigger vibrator
# Allow system group to trigger vibrator
chmod 0664 /sys/class/timed_output/vibrator/enable
chmod 0664 /sys/class/timed_output/vibrator/enable


# Define TCP buffer sizes for various networks
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
setprop net.tcp.buffersize.default 4096,87380,704512,4096,16384,110208
setprop net.tcp.buffersize.default 4096,87380,704512,4096,16384,110208
setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576
setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576
setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576
setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576
setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.hspa 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hspa 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hsupa 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hsupa 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hsdpa 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hsdpa 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hspap 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hspap 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.dchspap 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.dchspap 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144
setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144
setprop net.tcp.buffersize.evdo_b 4096,87380,704512,4096,16384,262144
setprop net.tcp.buffersize.evdo_b 4096,87380,704512,4096,16384,262144


# Assign TCP buffer thresholds to be ceiling value of technology maximums
# Assign TCP buffer thresholds to be ceiling value of technology maximums
# Increased technology maximums should be reflected here.
# Increased technology maximums should be reflected here.
write /proc/sys/net/core/rmem_max 2097152
write /proc/sys/net/core/rmem_max 2097152
write /proc/sys/net/core/wmem_max 2097152
write /proc/sys/net/core/wmem_max 2097152


# Define default initial receive window size in segments.
# Define default initial receive window size in segments.
setprop net.tcp.default_init_rwnd 60
setprop net.tcp.default_init_rwnd 60


class_start core
class_start core
class_start main
class_start main


# Never gets called, since Mer does its own 'mount_all'
# Never gets called, since Mer does its own 'mount_all'
on nonencrypted
on nonencrypted
class_start late_start
class_start late_start


# Mer needs to set this property when fs units are mounted
# Mer needs to set this property when fs units are mounted
on property:droid.late_start=trigger_late_start
on property:droid.late_start=trigger_late_start
class_start late_start
class_start late_start


on charger
on charger
class_start charger
class_start charger


on property:vold.decrypt=trigger_reset_main
on property:vold.decrypt=trigger_reset_main
class_reset main
class_reset main


on property:vold.decrypt=trigger_load_persist_props
on property:vold.decrypt=trigger_load_persist_props
load_persist_props
load_persist_props


on property:vold.decrypt=trigger_post_fs_data
on property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data
trigger post-fs-data


on property:vold.decrypt=trigger_restart_min_framework
on property:vold.decrypt=trigger_restart_min_framework
class_start main
class_start main


on property:vold.decrypt=trigger_restart_framework
on property:vold.decrypt=trigger_restart_framework
class_start main
class_start main
class_start late_start
class_start late_start


on property:vold.decrypt=trigger_shutdown_framework
on property:vold.decrypt=trigger_shutdown_framework
class_reset late_start
class_reset late_start
class_reset main
class_reset main


on property:sys.powerctl=*
on property:sys.powerctl=*
powerctl ${sys.powerctl}
powerctl ${sys.powerctl}


# system server cannot write to /proc/sys files,
# system server cannot write to /proc/sys files,
# and chown/chmod does not work for /proc/sys/ entries.
# and chown/chmod does not work for /proc/sys/ entries.
# So proxy writes through init.
# So proxy writes through init.
on property:sys.sysctl.extra_free_kbytes=*
on property:sys.sysctl.extra_free_kbytes=*
write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
# "tcp_default_init_rwnd" Is too long!
# "tcp_default_init_rwnd" Is too long!
on property:sys.sysctl.tcp_def_init_rwnd=*
on property:sys.sysctl.tcp_def_init_rwnd=*
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}




## Daemon processes to be run by init.
## Daemon processes to be run by init.
##
##
# Not used by Mer
# Not used by Mer
#service ueventd /sbin/ueventd
#service ueventd /sbin/ueventd
# class core
# class core
# critical
# critical
# seclabel u:r:ueventd:s0
# seclabel u:r:ueventd:s0


service healthd /sbin/healthd
service healthd /sbin/healthd
class core
class core
critical
critical
seclabel u:r:healthd:s0
seclabel u:r:healthd:s0


service healthd-charger /sbin/healthd -n
service healthd-charger /sbin/healthd -n
class charger
class charger
critical
critical
seclabel u:r:healthd:s0
seclabel u:r:healthd:s0


service console /system/bin/sh
service console /system/bin/sh
class core
class core
console
console
disabled
disabled
user shell
user shell
group log
group log
seclabel u:r:shell:s0
seclabel u:r:shell:s0


# Disabled in Mer - together with CONFIG_AUDIT=n in mer-kernel-check
# Disabled in Mer - together with CONFIG_AUDIT=n in mer-kernel-check
service auditd /system/bin/auditd -k
service auditd /system/bin/auditd -k
class main
class main
disabled
disabled


on property:ro.debuggable=1
on property:ro.debuggable=1
start console
start console


# adbd is controlled via property triggers in init.<platform>.usb.rc
# adbd is controlled via property triggers in init.<platform>.usb.rc
service adbd /sbin/adbd
service adbd /sbin/adbd
class core
class core
socket adbd stream 660 system system
socket adbd stream 660 system system
disabled
disabled
seclabel u:r:adbd:s0
seclabel u:r:adbd:s0


# adbd on at boot in emulator
# adbd on at boot in emulator
on property:ro.kernel.qemu=1
on property:ro.kernel.qemu=1
start adbd
start adbd


# Custom servicemanager allows user nemo to register services
# Custom servicemanager allows user nemo to register services
service servicemanager /usr/libexec/droid-hybris/system/bin/servicemanager
service servicemanager /usr/libexec/droid-hybris/system/bin/servicemanager
class core
class core
user system
user system
group system
group system
critical
critical
onrestart restart minimedia
onrestart restart minimedia
onrestart restart minisf
# onrestart restart minisf
onrestart restart miniaf
# onrestart restart healthd
# onrestart restart healthd
# onrestart restart zygote
onrestart restart zygote
# onrestart restart media
onrestart restart media
# onrestart restart surfaceflinger
onrestart restart surfaceflinger
# onrestart restart drm
onrestart restart drm
#
#


service minimedia /usr/libexec/droid-hybris/system/bin/minimediaservice
service minimedia /usr/libexec/droid-hybris/system/bin/minimediaservice
class main
class main
user media
user media
group audio camera
group audio camera
ioprio rt 4
ioprio rt 4


service minisf /usr/libexec/droid-hybris/system/bin/minisfservice
#service minisf /usr/libexec/droid-hybris/system/bin/minisfservice
class main
# class main
user system
# user system
group graphics
# group graphics

service vold /system/bin/vold
class core
socket vold stream 0660 root mount
ioprio be 2


service miniaf /usr/libexec/droid-hybris/system/bin/miniafservice
service netd /usr/libexec/droid-hybris/system/bin/netd
class main
class main
user system
socket netd stream 0660 root system
group audio
socket dnsproxyd stream 0660 root inet

socket mdns stream 0660 root system
#service vold /system/bin/vold
# class core
# socket vold stream 0660 root mount
# ioprio be 2
#
#service netd /system/bin/netd
# class main
# socket netd stream 0660 root system
# socket dnsproxyd stream 0660 root inet
# socket mdns stream 0660 root system


service debuggerd /system/bin/debuggerd
service debuggerd /system/bin/debuggerd
class main
class main


service ril-daemon /system/bin/rild
service ril-daemon /system/bin/rild
class main
class main
socket rild stream 660 root radio
socket rild stream 660 root radio
socket rild-debug stream 660 radio system
socket rild-debug stream 660 radio system
user root
user root
group radio cache inet misc audio sdcard_rw qcom_oncrpc qcom_diag log
group radio cache inet misc audio sdcard_rw qcom_oncrpc qcom_diag log


# Disabled in Mer - used only during porting atm
# Disabled in Mer - used only during porting atm
service surfaceflinger /system/bin/surfaceflinger
service surfaceflinger /system/bin/surfaceflinger
setenv LD_PRELOAD /usr/libexec/droid-hybris/system/lib/libsurfaceflinger.so
class main
class main
user system
user system
group graphics drmrpc
group graphics drmrpc
onrestart restart zygote
onrestart restart zygote
disabled
# disabled


# Disabled in Mer
# Disabled in Mer
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
class main
class main
socket zygote stream 660 root system
socket zygote stream 660 root system
onrestart write /sys/android_power/request_state wake
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
onrestart write /sys/power/state on
# onrestart restart media
onrestart restart media
# onrestart restart netd
onrestart restart netd
disabled
# disabled


service drm /system/bin/drmserver
service drm /system/bin/drmserver
class main
class main
user drm
user drm
group drm system inet drmrpc
group drm system inet drmrpc


# Disabled in Mer
# Disabled in Mer
service media /system/bin/mediaserver
service media /usr/libexec/droid-hybris/system/bin/mediaserver
class main
class main
user media
user media
group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc qcom_diag mediadrm
group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc qcom_diag mediadrm
ioprio rt 4
ioprio rt 4
disabled
# disabled


service bootanim /system/bin/bootanimation
service bootanim /system/bin/bootanimation
class main
class main
user graphics
user graphics
group graphics
group graphics
disabled
disabled
oneshot
oneshot


service installd /system/bin/installd
service installd /system/bin/installd
class main
class main
socket installd stream 600 system system
socket installd stream 600 system system


service flash_recovery /system/etc/install-cm-recovery.sh
service flash_recovery /system/etc/install-cm-recovery.sh
class main
class main
disabled
disabled
oneshot
oneshot


# update recovery if enabled
# update recovery if enabled
on property:persist.sys.recovery_update=true
on property:persist.sys.recovery_update=true
start flash_recovery
start flash_recovery


service racoon /system/bin/racoon
service racoon /system/bin/racoon
class main
class main
socket racoon stream 600 system system
socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
group vpn net_admin inet
group vpn net_admin inet
disabled
disabled
oneshot
oneshot


service mtpd /system/bin/mtpd
service mtpd /system/bin/mtpd
class main
class main
socket mtpd stream 600 system system
socket mtpd stream 600 system system
user vpn
user vpn
group vpn net_admin inet net_raw
group vpn net_admin inet net_raw
disabled
disabled
oneshot
oneshot


# Disabled in Mer
# Disabled in Mer
service keystore /system/bin/keystore /data/misc/keystore
service keystore /system/bin/keystore /data/misc/keystore
class main
class main
user keystore
user keystore
group keystore drmrpc system
group keystore drmrpc system
disabled
# disabled


service dumpstate /system/bin/dumpstate -s
service dumpstate /system/bin/dumpstate -s
class main
class main
socket dumpstate stream 0660 shell log
socket dumpstate stream 0660 shell log
disabled
disabled
oneshot
oneshot


# Use Mer sshd
# Use Mer sshd
#service sshd /system/bin/start-ssh
#service sshd /system/bin/start-ssh
# class main
# class main
# disabled
# disabled


# This trigger is run by our modified init after boot has finished
# This trigger is run by our modified init after boot has finished
on ready
on ready
class_start mer
class_start mer


# Notify Mer's systemd that we're done
# Notify Mer's systemd that we're done
# This is started at the end of boot after both core and main classes
# This is started at the end of boot after both core and main classes
service droid_init_done /bin/sh /usr/bin/droid/droid-init-done.sh
service droid_init_done /bin/sh /usr/bin/droid/droid-init-done.sh
class mer
class mer
oneshot
oneshot