-32 Removals
+28 Additions
# Copyright (C) 2012 The Android Open Source Project# Copyright (C) 2012 The Android Open Source Project
##
# IMPORTANT: Do not create world writable files or directories.# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.# This is a common source of Android security bugs.
##
import /init.environ.rcimport /init.environ.rc
# Mer handles usb stuff# Mer handles usb stuff
#import /init.usb.rc#import /init.usb.rc
import /init.${ro.hardware}.rcimport /init.${ro.hardware}.rc
import /init.trace.rcimport /init.trace.rc
import /init.carrier.rcimport /init.carrier.rc
on early-initon early-init
# Set the security context for the init process. # Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started. # This should occur before anything else (e.g. ueventd) is started.
setcon u:r:init:s0 setcon u:r:init:s0
# Set the security context of /adb_keys if present. # Set the security context of /adb_keys if present.
restorecon /adb_keys restorecon /adb_keys
# start ueventd
# create mountpoints# create mountpoints
mkdir /mnt 0775 root system mkdir /mnt 0775 root system
on initon init
sysclktz 0 sysclktz 0
loglevel 64 loglevel 64
# Backward compatibility# Backward compatibility
symlink /sys/kernel/debug /d symlink /sys/kernel/debug /d
# Right now vendor lives on the same filesystem as system,# Right now vendor lives on the same filesystem as system,
# but someday that may change.# but someday that may change.
symlink /system/vendor /vendor symlink /system/vendor /vendor
# Create cgroup mount point for cpu accounting# Create cgroup mount point for cpu accounting
mkdir /acct mkdir /acct
# Removed during droid-hal-device build : mount cgroup none /acct cpuacct# Removed during droid-hal-device build : mount cgroup none /acct cpuacct
mkdir /acct/uid mkdir /acct/uid
# Create cgroup mount point for memory# Create cgroup mount point for memory
# Removed during droid-hal-device build : mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000# Removed during droid-hal-device build : mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
mkdir /sys/fs/cgroup/memory 0750 root system mkdir /sys/fs/cgroup/memory 0750 root system
# Removed during droid-hal-device build : mount cgroup none /sys/fs/cgroup/memory memory# Removed during droid-hal-device build : mount cgroup none /sys/fs/cgroup/memory memory
write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/tasks chown root system /sys/fs/cgroup/memory/tasks
chmod 0660 /sys/fs/cgroup/memory/tasks chmod 0660 /sys/fs/cgroup/memory/tasks
mkdir /sys/fs/cgroup/memory/sw 0750 root system mkdir /sys/fs/cgroup/memory/sw 0750 root system
write /sys/fs/cgroup/memory/sw/memory.swappiness 100 write /sys/fs/cgroup/memory/sw/memory.swappiness 100
write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/sw/tasks chown root system /sys/fs/cgroup/memory/sw/tasks
chmod 0660 /sys/fs/cgroup/memory/sw/tasks chmod 0660 /sys/fs/cgroup/memory/sw/tasks
# /system is owned by Mer # /system is owned by Mer
#mkdir /system #mkdir /system
mkdir /data 0771 system system mkdir /data 0771 system system
mkdir /cache 0771 system cache mkdir /cache 0771 system cache
mkdir /config 0500 root root mkdir /config 0500 root root
# See storage config details at http://source.android.com/tech/storage/ # See storage config details at http://source.android.com/tech/storage/
mkdir /mnt/shell 0700 shell shell mkdir /mnt/shell 0700 shell shell
mkdir /mnt/media_rw 0700 media_rw media_rw mkdir /mnt/media_rw 0700 media_rw media_rw
mkdir /storage 0751 root sdcard_r mkdir /storage 0751 root sdcard_r
# Directory for putting things only root should see. # Directory for putting things only root should see.
mkdir /mnt/secure 0700 root root mkdir /mnt/secure 0700 root root
# Directory for staging bindmounts # Directory for staging bindmounts
mkdir /mnt/secure/staging 0700 root root mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container # Directory-target for where the secure container
# imagefile directory will be bind-mounted # imagefile directory will be bind-mounted
mkdir /mnt/secure/asec 0700 root root mkdir /mnt/secure/asec 0700 root root
# Secure container public mount points. # Secure container public mount points.
mkdir /mnt/asec 0700 root system mkdir /mnt/asec 0700 root system
# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# Filesystem image public mount points. # Filesystem image public mount points.
mkdir /mnt/obb 0700 root system mkdir /mnt/obb 0700 root system
# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
# Fuse public mount points. # Fuse public mount points.
mkdir /mnt/fuse 0700 root system mkdir /mnt/fuse 0700 root system
# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/fuse mode=0775,gid=1000# Removed during droid-hal-device build : mount tmpfs tmpfs /mnt/fuse mode=0775,gid=1000
write /proc/sys/kernel/panic_on_oops 1 write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0 write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/sys/kernel/sched_latency_ns 10000000 write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1 write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/kernel/kptr_restrict 2 write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/kernel/dmesg_restrict 1 write /proc/sys/kernel/dmesg_restrict 1
write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647" write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
write /proc/sys/kernel/sched_rt_runtime_us 950000 write /proc/sys/kernel/sched_rt_runtime_us 950000
write /proc/sys/kernel/sched_rt_period_us 1000000 write /proc/sys/kernel/sched_rt_period_us 1000000
# qtaguid will limit access to specific data based on group memberships.# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.# net_bw_acct grants impersonation of socket owners.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.# net_bw_stats grants access to other apps' detailed tagged-socket stats.
chown root net_bw_acct /proc/net/xt_qtaguid/ctrl chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
chown root net_bw_stats /proc/net/xt_qtaguid/stats chown root net_bw_stats /proc/net/xt_qtaguid/stats
# Allow everybody to read the xt_qtaguid resource tracking misc dev.# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.# This is needed by any process that uses socket tagging.
chmod 0644 /dev/xt_qtaguid chmod 0644 /dev/xt_qtaguid
# Create location for fs_mgr to store abbreviated output from filesystem# Create location for fs_mgr to store abbreviated output from filesystem
# checker programs.# checker programs.
mkdir /dev/fscklogs 0770 root system mkdir /dev/fscklogs 0770 root system
# pstore/ramoops previous console log# pstore/ramoops previous console log
# Removed during droid-hal-device build : mount pstore pstore /sys/fs/pstore# Removed during droid-hal-device build : mount pstore pstore /sys/fs/pstore
chown system log /sys/fs/pstore/console-ramoops chown system log /sys/fs/pstore/console-ramoops
chmod 0440 /sys/fs/pstore/console-ramoops chmod 0440 /sys/fs/pstore/console-ramoops
on post-fson post-fs
# We chown/chmod /cache again so because mount is run as root + defaults # We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache chown system cache /cache
chmod 0771 /cache chmod 0771 /cache
# We restorecon /cache in case the cache partition has been reset. # We restorecon /cache in case the cache partition has been reset.
restorecon /cache restorecon /cache
# This may have been created by the recovery system with odd permissions # This may have been created by the recovery system with odd permissions
chown system cache /cache/recovery chown system cache /cache/recovery
chmod 0770 /cache/recovery chmod 0770 /cache/recovery
# This may have been created by the recovery system with the wrong context. # This may have been created by the recovery system with the wrong context.
restorecon /cache/recovery restorecon /cache/recovery
#change permissions on vmallocinfo so we can grab it from bugreports #change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo chmod 0440 /proc/vmallocinfo
chown root log /proc/slabinfo chown root log /proc/slabinfo
chmod 0440 /proc/slabinfo chmod 0440 /proc/slabinfo
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg chown root system /proc/kmsg
chmod 0440 /proc/kmsg chmod 0440 /proc/kmsg
chown root system /proc/sysrq-trigger chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger chmod 0220 /proc/sysrq-trigger
chown system log /proc/last_kmsg chown system log /proc/last_kmsg
chmod 0440 /proc/last_kmsg chmod 0440 /proc/last_kmsg
# create the lost+found directories, so as to enforce our permissions # create the lost+found directories, so as to enforce our permissions
mkdir /cache/lost+found 0770 root root mkdir /cache/lost+found 0770 root root
on post-fs-dataon post-fs-data
# We chown/chmod /data again so because mount is run as root + defaults # We chown/chmod /data again so because mount is run as root + defaults
chown system system /data chown system system /data
chmod 0771 /data chmod 0771 /data
# We restorecon /data in case the userdata partition has been reset. # We restorecon /data in case the userdata partition has been reset.
restorecon /data restorecon /data
# Avoid predictable entropy pool. Carry over entropy from previous boot. # Avoid predictable entropy pool. Carry over entropy from previous boot.
copy /data/system/entropy.dat /dev/urandom copy /data/system/entropy.dat /dev/urandom
# Create dump dir and collect dumps. # Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for # Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition. # storing dumps on platforms which do not have a dedicated dump partition.
mkdir /data/dontpanic 0750 root log mkdir /data/dontpanic 0750 root log
# Collect apanic data, free resources and re-arm trigger # Collect apanic data, free resources and re-arm trigger
copy /proc/apanic_console /data/dontpanic/apanic_console copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console chmod 0640 /data/dontpanic/apanic_console
copy /proc/apanic_threads /data/dontpanic/apanic_threads copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads chmod 0640 /data/dontpanic/apanic_threads
write /proc/apanic_console 1 write /proc/apanic_console 1
# create basic filesystem structure # create basic filesystem structure
mkdir /data/misc 01771 system misc mkdir /data/misc 01771 system misc
mkdir /data/misc/adb 02750 system shell mkdir /data/misc/adb 02750 system shell
mkdir /data/misc/audit 02750 audit system mkdir /data/misc/audit 02750 audit system
mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
mkdir /data/misc/bluetooth 0770 system system mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keychain 0771 system system mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/radio 0770 system radio mkdir /data/misc/radio 0770 system radio
mkdir /data/misc/sms 0770 system radio mkdir /data/misc/sms 0770 system radio
mkdir /data/misc/zoneinfo 0775 system system mkdir /data/misc/zoneinfo 0775 system system
mkdir /data/misc/vpn 0770 system vpn mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/systemkeys 0700 system system mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/wifi 0770 wifi wifi mkdir /data/misc/wifi 0770 wifi wifi
mkdir /data/misc/wifi/sockets 0770 wifi wifi mkdir /data/misc/wifi/sockets 0770 wifi wifi
mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
mkdir /data/misc/dhcp 0770 dhcp dhcp mkdir /data/misc/dhcp 0770 dhcp dhcp
# give system access to wpa_supplicant.conf for backup and restore # give system access to wpa_supplicant.conf for backup and restore
chmod 0660 /data/misc/wifi/wpa_supplicant.conf chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0751 root root mkdir /data/local 0751 root root
mkdir /data/misc/media 0700 media media mkdir /data/misc/media 0700 media media
# For security reasons, /data/local/tmp should always be empty. # For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp # Do not place files or directories in /data/local/tmp
mkdir /data/local/tmp 0771 shell shell mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system mkdir /data/app-private 0771 system system
mkdir /data/app-asec 0700 root root mkdir /data/app-asec 0700 root root
mkdir /data/app-lib 0771 system system mkdir /data/app-lib 0771 system system
mkdir /data/app 0771 system system mkdir /data/app 0771 system system
mkdir /data/property 0700 root root mkdir /data/property 0700 root root
mkdir /data/ssh 0750 root shell mkdir /data/ssh 0750 root shell
mkdir /data/ssh/empty 0700 root root mkdir /data/ssh/empty 0700 root root
mkdir /data/radio 0770 radio radio mkdir /data/radio 0770 radio radio
# create dalvik-cache and double-check the perms, so as to enforce our permissions # create dalvik-cache and double-check the perms, so as to enforce our permissions
mkdir /data/dalvik-cache 0771 system system mkdir /data/dalvik-cache 0771 system system
chown system system /data/dalvik-cache chown system system /data/dalvik-cache
chmod 0771 /data/dalvik-cache chmod 0771 /data/dalvik-cache
# create resource-cache and double-check the perms # create resource-cache and double-check the perms
mkdir /data/resource-cache 0771 system system mkdir /data/resource-cache 0771 system system
chown system system /data/resource-cache chown system system /data/resource-cache
chmod 0771 /data/resource-cache chmod 0771 /data/resource-cache
# create the lost+found directories, so as to enforce our permissions # create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770 root root mkdir /data/lost+found 0770 root root
# create directory for DRM plug-ins - give drm the read/write access to # create directory for DRM plug-ins - give drm the read/write access to
# the following directory. # the following directory.
mkdir /data/drm 0770 drm drm mkdir /data/drm 0770 drm drm
# create directory for MediaDrm plug-ins - give drm the read/write access to # create directory for MediaDrm plug-ins - give drm the read/write access to
# the following directory. # the following directory.
mkdir /data/mediadrm 0770 mediadrm mediadrm mkdir /data/mediadrm 0770 mediadrm mediadrm
# symlink to bugreport storage location # symlink to bugreport storage location
symlink /data/data/com.android.shell/files/bugreports /data/bugreports symlink /data/data/com.android.shell/files/bugreports /data/bugreports
# Separate location for storing security policy files on data # Separate location for storing security policy files on data
mkdir /data/security 0711 system system mkdir /data/security 0711 system system
# Reload policy from /data/security if present. # Reload policy from /data/security if present.
setprop selinux.reload_policy 1 setprop selinux.reload_policy 1
# Set SELinux security contexts on upgrade or policy update. # Set SELinux security contexts on upgrade or policy update.
restorecon_recursive /data restorecon_recursive /data
# If there is no fs-post-data action in the init.<device>.rc file, you # If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems # must uncomment this line, otherwise encrypted filesystems
# won't work. # won't work.
# Set indication (checked by vold) that we have finished this action # Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1 #setprop vold.post_fs_data_done 1
# Include extra init file# Include extra init file
import /init.cm.rc import /init.cm.rc
on booton boot
# set RLIMIT_NICE to allow priorities from 19 to -20# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40 setrlimit 13 40 40
# Memory management. Basic kernel parameters, and allow the high# Memory management. Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.# parameters to match how it is managing things.
write /proc/sys/vm/overcommit_memory 1 write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4 write /proc/sys/vm/min_free_order_shift 4
chown root system /sys/module/lowmemorykiller/parameters/adj chown root system /sys/module/lowmemorykiller/parameters/adj
chmod 0664 /sys/module/lowmemorykiller/parameters/adj chmod 0664 /sys/module/lowmemorykiller/parameters/adj
chown root system /sys/module/lowmemorykiller/parameters/minfree chown root system /sys/module/lowmemorykiller/parameters/minfree
chmod 0664 /sys/module/lowmemorykiller/parameters/minfree chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
# Tweak background writeout # Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 200 write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5 write /proc/sys/vm/dirty_background_ratio 5
# Permissions for System Server and daemons. # Permissions for System Server and daemons.
chown radio system /sys/android_power/state chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock chown radio system /sys/android_power/release_wake_lock
chown system system /sys/power/autosleep chown system system /sys/power/autosleep
chown system system /sys/power/state chown system system /sys/power/state
chown system system /sys/power/wakeup_count chown system system /sys/power/wakeup_count
chown radio system /sys/power/wake_lock chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock chmod 0660 /sys/power/wake_unlock
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
# Assume SMP uses shared cpufreq policy for all CPUs # Assume SMP uses shared cpufreq policy for all CPUs
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
chown system system /sys/class/leds/keyboard-backlight/brightness chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline chown root radio /proc/cmdline
# Allow system group to trigger vibrator # Allow system group to trigger vibrator
chmod 0664 /sys/class/timed_output/vibrator/enable chmod 0664 /sys/class/timed_output/vibrator/enable
# Define TCP buffer sizes for various networks# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
setprop net.tcp.buffersize.default 4096,87380,704512,4096,16384,110208 setprop net.tcp.buffersize.default 4096,87380,704512,4096,16384,110208
setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576 setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576
setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576 setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576
setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208 setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.hspa 4094,87380,1220608,4096,16384,1220608 setprop net.tcp.buffersize.hspa 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hsupa 4094,87380,1220608,4096,16384,1220608 setprop net.tcp.buffersize.hsupa 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hsdpa 4094,87380,1220608,4096,16384,1220608 setprop net.tcp.buffersize.hsdpa 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.hspap 4094,87380,1220608,4096,16384,1220608 setprop net.tcp.buffersize.hspap 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.dchspap 4094,87380,1220608,4096,16384,1220608 setprop net.tcp.buffersize.dchspap 4094,87380,1220608,4096,16384,1220608
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040 setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680 setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144 setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144
setprop net.tcp.buffersize.evdo_b 4096,87380,704512,4096,16384,262144 setprop net.tcp.buffersize.evdo_b 4096,87380,704512,4096,16384,262144
# Assign TCP buffer thresholds to be ceiling value of technology maximums# Assign TCP buffer thresholds to be ceiling value of technology maximums
# Increased technology maximums should be reflected here.# Increased technology maximums should be reflected here.
write /proc/sys/net/core/rmem_max 2097152 write /proc/sys/net/core/rmem_max 2097152
write /proc/sys/net/core/wmem_max 2097152 write /proc/sys/net/core/wmem_max 2097152
# Define default initial receive window size in segments.# Define default initial receive window size in segments.
setprop net.tcp.default_init_rwnd 60 setprop net.tcp.default_init_rwnd 60
class_start core class_start core
class_start main class_start main
# Never gets called, since Mer does its own 'mount_all'# Never gets called, since Mer does its own 'mount_all'
on nonencryptedon nonencrypted
class_start late_start class_start late_start
# Mer needs to set this property when fs units are mounted# Mer needs to set this property when fs units are mounted
on property:droid.late_start=trigger_late_starton property:droid.late_start=trigger_late_start
class_start late_start class_start late_start
on chargeron charger
class_start charger class_start charger
on property:vold.decrypt=trigger_reset_mainon property:vold.decrypt=trigger_reset_main
class_reset main class_reset main
on property:vold.decrypt=trigger_load_persist_propson property:vold.decrypt=trigger_load_persist_props
load_persist_props load_persist_props
on property:vold.decrypt=trigger_post_fs_dataon property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data trigger post-fs-data
on property:vold.decrypt=trigger_restart_min_frameworkon property:vold.decrypt=trigger_restart_min_framework
class_start main class_start main
on property:vold.decrypt=trigger_restart_frameworkon property:vold.decrypt=trigger_restart_framework
class_start main class_start main
class_start late_start class_start late_start
on property:vold.decrypt=trigger_shutdown_frameworkon property:vold.decrypt=trigger_shutdown_framework
class_reset late_start class_reset late_start
class_reset main class_reset main
on property:sys.powerctl=*on property:sys.powerctl=*
powerctl ${sys.powerctl} powerctl ${sys.powerctl}
# system server cannot write to /proc/sys files,# system server cannot write to /proc/sys files,
# and chown/chmod does not work for /proc/sys/ entries.# and chown/chmod does not work for /proc/sys/ entries.
# So proxy writes through init.# So proxy writes through init.
on property:sys.sysctl.extra_free_kbytes=*on property:sys.sysctl.extra_free_kbytes=*
write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
# "tcp_default_init_rwnd" Is too long!# "tcp_default_init_rwnd" Is too long!
on property:sys.sysctl.tcp_def_init_rwnd=*on property:sys.sysctl.tcp_def_init_rwnd=*
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
## Daemon processes to be run by init.## Daemon processes to be run by init.
####
# Not used by Mer# Not used by Mer
#service ueventd /sbin/ueventd#service ueventd /sbin/ueventd
# class core# class core
# critical# critical
# seclabel u:r:ueventd:s0# seclabel u:r:ueventd:s0
service healthd /sbin/healthdservice healthd /sbin/healthd
class core class core
critical critical
seclabel u:r:healthd:s0 seclabel u:r:healthd:s0
service healthd-charger /sbin/healthd -nservice healthd-charger /sbin/healthd -n
class charger class charger
critical critical
seclabel u:r:healthd:s0 seclabel u:r:healthd:s0
service console /system/bin/shservice console /system/bin/sh
class core class core
console console
disabled disabled
user shell user shell
group log group log
seclabel u:r:shell:s0 seclabel u:r:shell:s0
# Disabled in Mer - together with CONFIG_AUDIT=n in mer-kernel-check# Disabled in Mer - together with CONFIG_AUDIT=n in mer-kernel-check
service auditd /system/bin/auditd -kservice auditd /system/bin/auditd -k
class main class main
disabled disabled
on property:ro.debuggable=1on property:ro.debuggable=1
start console start console
# adbd is controlled via property triggers in init.<platform>.usb.rc# adbd is controlled via property triggers in init.<platform>.usb.rc
service adbd /sbin/adbdservice adbd /sbin/adbd
class core class core
socket adbd stream 660 system system socket adbd stream 660 system system
disabled disabled
seclabel u:r:adbd:s0 seclabel u:r:adbd:s0
# adbd on at boot in emulator# adbd on at boot in emulator
on property:ro.kernel.qemu=1on property:ro.kernel.qemu=1
start adbd start adbd
# Custom servicemanager allows user nemo to register services# Custom servicemanager allows user nemo to register services
service servicemanager /usr/libexec/droid-hybris/system/bin/servicemanagerservice servicemanager /usr/libexec/droid-hybris/system/bin/servicemanager
class core class core
user system user system
group system group system
critical critical
onrestart restart minimedia onrestart restart minimedia
onrestart restart minisf# onrestart restart minisf
onrestart restart miniaf
# onrestart restart healthd# onrestart restart healthd
# onrestart restart zygote onrestart restart zygote
# onrestart restart media onrestart restart media
# onrestart restart surfaceflinger onrestart restart surfaceflinger
# onrestart restart drm onrestart restart drm
##
service minimedia /usr/libexec/droid-hybris/system/bin/minimediaserviceservice minimedia /usr/libexec/droid-hybris/system/bin/minimediaservice
class main class main
user media user media
group audio camera group audio camera
ioprio rt 4 ioprio rt 4
service minisf /usr/libexec/droid-hybris/system/bin/minisfservice#service minisf /usr/libexec/droid-hybris/system/bin/minisfservice
class main# class main
user system# user system
group graphics# group graphics
service miniaf /usr/libexec/droid-hybris/system/bin/miniafserviceservice vold /system/bin/vold
class core
socket vold stream 0660 root mount
ioprio be 2
service netd /usr/libexec/droid-hybris/system/bin/netd
class main class main
user system socket netd stream 0660 root system
group audio socket dnsproxyd stream 0660 root inet
socket mdns stream 0660 root system
#service vold /system/bin/vold
# class core
# socket vold stream 0660 root mount
# ioprio be 2
#
#service netd /system/bin/netd
# class main
# socket netd stream 0660 root system
# socket dnsproxyd stream 0660 root inet
# socket mdns stream 0660 root system
service debuggerd /system/bin/debuggerdservice debuggerd /system/bin/debuggerd
class main class main
service ril-daemon /system/bin/rildservice ril-daemon /system/bin/rild
class main class main
socket rild stream 660 root radio socket rild stream 660 root radio
socket rild-debug stream 660 radio system socket rild-debug stream 660 radio system
user root user root
group radio cache inet misc audio sdcard_rw qcom_oncrpc qcom_diag log group radio cache inet misc audio sdcard_rw qcom_oncrpc qcom_diag log
# Disabled in Mer - used only during porting atm# Disabled in Mer - used only during porting atm
service surfaceflinger /system/bin/surfaceflingerservice surfaceflinger /system/bin/surfaceflinger
setenv LD_PRELOAD /usr/libexec/droid-hybris/system/lib/libsurfaceflinger.so
class main class main
user system user system
group graphics drmrpc group graphics drmrpc
onrestart restart zygote onrestart restart zygote
disabled# disabled
# Disabled in Mer# Disabled in Mer
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-serverservice zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
class main class main
socket zygote stream 660 root system socket zygote stream 660 root system
onrestart write /sys/android_power/request_state wake onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on onrestart write /sys/power/state on
# onrestart restart media onrestart restart media
# onrestart restart netd onrestart restart netd
disabled# disabled
service drm /system/bin/drmserverservice drm /system/bin/drmserver
class main class main
user drm user drm
group drm system inet drmrpc group drm system inet drmrpc
# Disabled in Mer# Disabled in Mer
service media /system/bin/mediaserverservice media /usr/libexec/droid-hybris/system/bin/mediaserver
class main class main
user media user media
group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc qcom_diag mediadrm group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc qcom_diag mediadrm
ioprio rt 4 ioprio rt 4
disabled# disabled
service bootanim /system/bin/bootanimationservice bootanim /system/bin/bootanimation
class main class main
user graphics user graphics
group graphics group graphics
disabled disabled
oneshot oneshot
service installd /system/bin/installdservice installd /system/bin/installd
class main class main
socket installd stream 600 system system socket installd stream 600 system system
service flash_recovery /system/etc/install-cm-recovery.shservice flash_recovery /system/etc/install-cm-recovery.sh
class main class main
disabled disabled
oneshot oneshot
# update recovery if enabled# update recovery if enabled
on property:persist.sys.recovery_update=trueon property:persist.sys.recovery_update=true
start flash_recovery start flash_recovery
service racoon /system/bin/racoonservice racoon /system/bin/racoon
class main class main
socket racoon stream 600 system system socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
group vpn net_admin inet group vpn net_admin inet
disabled disabled
oneshot oneshot
service mtpd /system/bin/mtpdservice mtpd /system/bin/mtpd
class main class main
socket mtpd stream 600 system system socket mtpd stream 600 system system
user vpn user vpn
group vpn net_admin inet net_raw group vpn net_admin inet net_raw
disabled disabled
oneshot oneshot
# Disabled in Mer# Disabled in Mer
service keystore /system/bin/keystore /data/misc/keystoreservice keystore /system/bin/keystore /data/misc/keystore
class main class main
user keystore user keystore
group keystore drmrpc system group keystore drmrpc system
disabled# disabled
service dumpstate /system/bin/dumpstate -sservice dumpstate /system/bin/dumpstate -s
class main class main
socket dumpstate stream 0660 shell log socket dumpstate stream 0660 shell log
disabled disabled
oneshot oneshot
# Use Mer sshd# Use Mer sshd
#service sshd /system/bin/start-ssh#service sshd /system/bin/start-ssh
# class main# class main
# disabled# disabled
# This trigger is run by our modified init after boot has finished# This trigger is run by our modified init after boot has finished
on readyon ready
class_start mer class_start mer
# Notify Mer's systemd that we're done# Notify Mer's systemd that we're done
# This is started at the end of boot after both core and main classes# This is started at the end of boot after both core and main classes
service droid_init_done /bin/sh /usr/bin/droid/droid-init-done.shservice droid_init_done /bin/sh /usr/bin/droid/droid-init-done.sh
class mer class mer
oneshot oneshot
Editor
Clear
Original Text
Changed Text