1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.usb.configfs.rc 11import /init.${ro.zygote}.rc 12import /init.trace.rc 13 14on early-init 15 # Set init and its forked children's oom_adj. 16 write /proc/1/oom_score_adj -1000 17 18 # Set the security context of /adb_keys if present. 19 restorecon /adb_keys 20 21 start ueventd 22 23on init 24 sysclktz 0 25 26 # Backward compatibility. 27 symlink /system/etc /etc 28 symlink /sys/kernel/debug /d 29 30 # Link /vendor to /system/vendor for devices without a vendor partition. 31 symlink /system/vendor /vendor 32 33 # Create cgroup mount point for cpu accounting 34 mkdir /acct 35 mount cgroup none /acct cpuacct 36 mkdir /acct/uid 37 38 # Create cgroup mount point for memory 39 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 40 mkdir /sys/fs/cgroup/memory 0750 root system 41 mount cgroup none /sys/fs/cgroup/memory memory 42 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 43 chown root system /sys/fs/cgroup/memory/tasks 44 chmod 0660 /sys/fs/cgroup/memory/tasks 45 mkdir /sys/fs/cgroup/memory/sw 0750 root system 46 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 47 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 48 chown root system /sys/fs/cgroup/memory/sw/tasks 49 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 50 51 mkdir /system 52 mkdir /data 0771 system system 53 mkdir /cache 0770 system cache 54 mkdir /config 0500 root root 55 56 # Mount staging areas for devices managed by vold 57 # See storage config details at http://source.android.com/tech/storage/ 58 mkdir /mnt 0755 root system 59 mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000 60 restorecon_recursive /mnt 61 62 mkdir /mnt/secure 0700 root root 63 mkdir /mnt/secure/asec 0700 root root 64 mkdir /mnt/asec 0755 root system 65 mkdir /mnt/obb 0755 root system 66 mkdir /mnt/media_rw 0750 root media_rw 67 mkdir /mnt/user 0755 root root 68 mkdir /mnt/user/0 0755 root root 69 mkdir /mnt/expand 0771 system system 70 71 # Storage views to support runtime permissions 72 mkdir /storage 0755 root root 73 mkdir /mnt/runtime 0700 root root 74 mkdir /mnt/runtime/default 0755 root root 75 mkdir /mnt/runtime/default/self 0755 root root 76 mkdir /mnt/runtime/read 0755 root root 77 mkdir /mnt/runtime/read/self 0755 root root 78 mkdir /mnt/runtime/write 0755 root root 79 mkdir /mnt/runtime/write/self 0755 root root 80 81 # Symlink to keep legacy apps working in multi-user world 82 symlink /storage/self/primary /sdcard 83 symlink /mnt/user/0/primary /mnt/runtime/default/self/primary 84 85 # memory control cgroup 86 mkdir /dev/memcg 0700 root system 87 mount cgroup none /dev/memcg memory 88 89 write /proc/sys/kernel/panic_on_oops 1 90 write /proc/sys/kernel/hung_task_timeout_secs 0 91 write /proc/cpu/alignment 4 92 93 # scheduler tunables 94 # Disable auto-scaling of scheduler tunables with hotplug. The tunables 95 # will vary across devices in unpredictable ways if allowed to scale with 96 # cpu cores. 97 write /proc/sys/kernel/sched_tunable_scaling 0 98 write /proc/sys/kernel/sched_latency_ns 10000000 99 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 100 write /proc/sys/kernel/sched_compat_yield 1 101 write /proc/sys/kernel/sched_child_runs_first 0 102 103 write /proc/sys/kernel/randomize_va_space 2 104 write /proc/sys/kernel/kptr_restrict 2 105 write /proc/sys/vm/mmap_min_addr 32768 106 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 107 write /proc/sys/net/unix/max_dgram_qlen 300 108 write /proc/sys/kernel/sched_rt_runtime_us 950000 109 write /proc/sys/kernel/sched_rt_period_us 1000000 110 111 # reflect fwmark from incoming packets onto generated replies 112 write /proc/sys/net/ipv4/fwmark_reflect 1 113 write /proc/sys/net/ipv6/fwmark_reflect 1 114 115 # set fwmark on accepted sockets 116 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 117 118 # disable icmp redirects 119 write /proc/sys/net/ipv4/conf/all/accept_redirects 0 120 write /proc/sys/net/ipv6/conf/all/accept_redirects 0 121 122 # Create cgroup mount points for process groups 123 mkdir /dev/cpuctl 124 mount cgroup none /dev/cpuctl cpu 125 chown system system /dev/cpuctl 126 chown system system /dev/cpuctl/tasks 127 chmod 0666 /dev/cpuctl/tasks 128 write /dev/cpuctl/cpu.shares 1024 129 write /dev/cpuctl/cpu.rt_runtime_us 800000 130 write /dev/cpuctl/cpu.rt_period_us 1000000 131 132 mkdir /dev/cpuctl/bg_non_interactive 133 chown system system /dev/cpuctl/bg_non_interactive/tasks 134 chmod 0666 /dev/cpuctl/bg_non_interactive/tasks 135 # 5.0 % 136 write /dev/cpuctl/bg_non_interactive/cpu.shares 52 137 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000 138 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000 139 140 # sets up initial cpusets for ActivityManager 141 mkdir /dev/cpuset 142 mount cpuset none /dev/cpuset 143 144 # this ensures that the cpusets are present and usable, but the device's 145 # init.rc must actually set the correct cpus 146 mkdir /dev/cpuset/foreground 147 write /dev/cpuset/foreground/cpus 0 148 write /dev/cpuset/foreground/mems 0 149 mkdir /dev/cpuset/foreground/boost 150 write /dev/cpuset/foreground/boost/cpus 0 151 write /dev/cpuset/foreground/boost/mems 0 152 mkdir /dev/cpuset/background 153 write /dev/cpuset/background/cpus 0 154 write /dev/cpuset/background/mems 0 155 156 # system-background is for system tasks that should only run on 157 # little cores, not on bigs 158 # to be used only by init, so don't change system-bg permissions 159 mkdir /dev/cpuset/system-background 160 write /dev/cpuset/system-background/cpus 0 161 write /dev/cpuset/system-background/mems 0 162 163 # change permissions for all cpusets we'll touch at runtime 164 chown system system /dev/cpuset 165 chown system system /dev/cpuset/foreground 166 chown system system /dev/cpuset/foreground/boost 167 chown system system /dev/cpuset/background 168 chown system system /dev/cpuset/tasks 169 chown system system /dev/cpuset/foreground/tasks 170 chown system system /dev/cpuset/foreground/boost/tasks 171 chown system system /dev/cpuset/background/tasks 172 chmod 0664 /dev/cpuset/foreground/tasks 173 chmod 0664 /dev/cpuset/foreground/boost/tasks 174 chmod 0664 /dev/cpuset/background/tasks 175 chmod 0664 /dev/cpuset/tasks 176 177 178 # qtaguid will limit access to specific data based on group memberships. 179 # net_bw_acct grants impersonation of socket owners. 180 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 181 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 182 chown root net_bw_stats /proc/net/xt_qtaguid/stats 183 184 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 185 # This is needed by any process that uses socket tagging. 186 chmod 0644 /dev/xt_qtaguid 187 188 # Create location for fs_mgr to store abbreviated output from filesystem 189 # checker programs. 190 mkdir /dev/fscklogs 0770 root system 191 192 # pstore/ramoops previous console log 193 mount pstore pstore /sys/fs/pstore 194 chown system log /sys/fs/pstore/console-ramoops 195 chmod 0440 /sys/fs/pstore/console-ramoops 196 chown system log /sys/fs/pstore/pmsg-ramoops-0 197 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 198 199 # enable armv8_deprecated instruction hooks 200 write /proc/sys/abi/swp 1 201 202# Healthd can trigger a full boot from charger mode by signaling this 203# property when the power button is held. 204on property:sys.boot_from_charger_mode=1 205 class_stop charger 206 trigger late-init 207 208# Load properties from /system/ + /factory after fs mount. 209on load_system_props_action 210 load_system_props 211 212on load_persist_props_action 213 load_persist_props 214 start logd 215 start logd-reinit 216 217# Indicate to fw loaders that the relevant mounts are up. 218on firmware_mounts_complete 219 rm /dev/.booting 220 221# Mount filesystems and start core system services. 222on late-init 223 trigger early-fs 224 trigger fs 225 trigger post-fs 226 227 # Load properties from /system/ + /factory after fs mount. Place 228 # this in another action so that the load will be scheduled after the prior 229 # issued fs triggers have completed. 230 trigger load_system_props_action 231 232 # Now we can mount /data. File encryption requires keymaster to decrypt 233 # /data, which in turn can only be loaded when system properties are present 234 trigger post-fs-data 235 trigger load_persist_props_action 236 237 # Remove a file to wake up anything waiting for firmware. 238 trigger firmware_mounts_complete 239 240 trigger early-boot 241 trigger boot 242 243 244on post-fs 245 start logd 246 # once everything is setup, no need to modify / 247 mount rootfs rootfs / ro remount 248 # Mount shared so changes propagate into child namespaces 249 mount rootfs rootfs / shared rec 250 # Mount default storage into root namespace 251 mount none /mnt/runtime/default /storage slave bind rec 252 253 # We chown/chmod /cache again so because mount is run as root + defaults 254 chown system cache /cache 255 chmod 0770 /cache 256 # We restorecon /cache in case the cache partition has been reset. 257 restorecon_recursive /cache 258 259 # Create /cache/recovery in case it's not there. It'll also fix the odd 260 # permissions if created by the recovery system. 261 mkdir /cache/recovery 0770 system cache 262 263 #change permissions on vmallocinfo so we can grab it from bugreports 264 chown root log /proc/vmallocinfo 265 chmod 0440 /proc/vmallocinfo 266 267 chown root log /proc/slabinfo 268 chmod 0440 /proc/slabinfo 269 270 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 271 chown root system /proc/kmsg 272 chmod 0440 /proc/kmsg 273 chown root system /proc/sysrq-trigger 274 chmod 0220 /proc/sysrq-trigger 275 chown system log /proc/last_kmsg 276 chmod 0440 /proc/last_kmsg 277 278 # make the selinux kernel policy world-readable 279 chmod 0444 /sys/fs/selinux/policy 280 281 # create the lost+found directories, so as to enforce our permissions 282 mkdir /cache/lost+found 0770 root root 283 284on post-fs-data 285 # We chown/chmod /data again so because mount is run as root + defaults 286 chown system system /data 287 chmod 0771 /data 288 # We restorecon /data in case the userdata partition has been reset. 289 restorecon /data 290 291 # Emulated internal storage area 292 mkdir /data/media 0770 media_rw media_rw 293 294 # Make sure we have the device encryption key 295 start logd 296 start vold 297 installkey /data 298 299 # Start bootcharting as soon as possible after the data partition is 300 # mounted to collect more data. 301 mkdir /data/bootchart 0755 shell shell 302 bootchart_init 303 304 # Avoid predictable entropy pool. Carry over entropy from previous boot. 305 copy /data/system/entropy.dat /dev/urandom 306 307 # create basic filesystem structure 308 mkdir /data/misc 01771 system misc 309 mkdir /data/misc/adb 02750 system shell 310 mkdir /data/misc/bluedroid 02770 bluetooth net_bt_stack 311 # Fix the access permissions and group ownership for 'bt_config.conf' 312 chmod 0660 /data/misc/bluedroid/bt_config.conf 313 chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf 314 mkdir /data/misc/bluetooth 0770 system system 315 mkdir /data/misc/keystore 0700 keystore keystore 316 mkdir /data/misc/gatekeeper 0700 system system 317 mkdir /data/misc/keychain 0771 system system 318 mkdir /data/misc/net 0750 root shell 319 mkdir /data/misc/radio 0770 system radio 320 mkdir /data/misc/sms 0770 system radio 321 mkdir /data/misc/zoneinfo 0775 system system 322 mkdir /data/misc/vpn 0770 system vpn 323 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 324 mkdir /data/misc/systemkeys 0700 system system 325 mkdir /data/misc/wifi 0770 wifi wifi 326 mkdir /data/misc/wifi/sockets 0770 wifi wifi 327 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 328 mkdir /data/misc/ethernet 0770 system system 329 mkdir /data/misc/dhcp 0770 dhcp dhcp 330 mkdir /data/misc/user 0771 root root 331 mkdir /data/misc/perfprofd 0775 root root 332 # give system access to wpa_supplicant.conf for backup and restore 333 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 334 mkdir /data/local 0751 root root 335 mkdir /data/misc/media 0700 media media 336 mkdir /data/misc/vold 0700 root root 337 338 # For security reasons, /data/local/tmp should always be empty. 339 # Do not place files or directories in /data/local/tmp 340 mkdir /data/local/tmp 0771 shell shell 341 mkdir /data/data 0771 system system 342 mkdir /data/app-private 0771 system system 343 mkdir /data/app-asec 0700 root root 344 mkdir /data/app-lib 0771 system system 345 mkdir /data/app 0771 system system 346 mkdir /data/property 0700 root root 347 mkdir /data/tombstones 0771 system system 348 349 # create dalvik-cache, so as to enforce our permissions 350 mkdir /data/dalvik-cache 0771 root root 351 mkdir /data/dalvik-cache/profiles 0711 system system 352 353 # create resource-cache and double-check the perms 354 mkdir /data/resource-cache 0771 system system 355 chown system system /data/resource-cache 356 chmod 0771 /data/resource-cache 357 358 # create the lost+found directories, so as to enforce our permissions 359 mkdir /data/lost+found 0770 root root 360 361 # create directory for DRM plug-ins - give drm the read/write access to 362 # the following directory. 363 mkdir /data/drm 0770 drm drm 364 365 # create directory for MediaDrm plug-ins - give drm the read/write access to 366 # the following directory. 367 mkdir /data/mediadrm 0770 mediadrm mediadrm 368 369 mkdir /data/adb 0700 root root 370 371 # symlink to bugreport storage location 372 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 373 374 # Separate location for storing security policy files on data 375 mkdir /data/security 0711 system system 376 377 # Create all remaining /data root dirs so that they are made through init 378 # and get proper encryption policy installed 379 mkdir /data/backup 0700 system system 380 mkdir /data/media 0770 media_rw media_rw 381 mkdir /data/ss 0700 system system 382 mkdir /data/system 0775 system system 383 mkdir /data/system/heapdump 0700 system system 384 mkdir /data/user 0711 system system 385 386 setusercryptopolicies /data/user 387 388 # Reload policy from /data/security if present. 389 setprop selinux.reload_policy 1 390 391 # Set SELinux security contexts on upgrade or policy update. 392 restorecon_recursive /data 393 394 # Check any timezone data in /data is newer than the copy in /system, delete if not. 395 exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo 396 397 # If there is no fs-post-data action in the init.<device>.rc file, you 398 # must uncomment this line, otherwise encrypted filesystems 399 # won't work. 400 # Set indication (checked by vold) that we have finished this action 401 #setprop vold.post_fs_data_done 1 402 403on boot 404 # basic network init 405 ifup lo 406 hostname localhost 407 domainname localdomain 408 409 # set RLIMIT_NICE to allow priorities from 19 to -20 410 setrlimit 13 40 40 411 412 # Memory management. Basic kernel parameters, and allow the high 413 # level system server to be able to adjust the kernel OOM driver 414 # parameters to match how it is managing things. 415 write /proc/sys/vm/overcommit_memory 1 416 write /proc/sys/vm/min_free_order_shift 4 417 chown root system /sys/module/lowmemorykiller/parameters/adj 418 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 419 chown root system /sys/module/lowmemorykiller/parameters/minfree 420 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 421 422 # Tweak background writeout 423 write /proc/sys/vm/dirty_expire_centisecs 200 424 write /proc/sys/vm/dirty_background_ratio 5 425 426 # Permissions for System Server and daemons. 427 chown radio system /sys/android_power/state 428 chown radio system /sys/android_power/request_state 429 chown radio system /sys/android_power/acquire_full_wake_lock 430 chown radio system /sys/android_power/acquire_partial_wake_lock 431 chown radio system /sys/android_power/release_wake_lock 432 chown system system /sys/power/autosleep 433 chown system system /sys/power/state 434 chown system system /sys/power/wakeup_count 435 chown radio system /sys/power/wake_lock 436 chown radio system /sys/power/wake_unlock 437 chmod 0660 /sys/power/state 438 chmod 0660 /sys/power/wake_lock 439 chmod 0660 /sys/power/wake_unlock 440 441 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 442 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 443 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 444 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 445 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 446 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 447 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 448 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 449 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 450 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 451 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 452 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 453 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 454 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 455 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 456 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 457 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 458 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 459 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 460 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 461 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 462 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 463 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 464 465 # Assume SMP uses shared cpufreq policy for all CPUs 466 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 467 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 468 469 chown system system /sys/class/timed_output/vibrator/enable 470 chown system system /sys/class/leds/keyboard-backlight/brightness 471 chown system system /sys/class/leds/lcd-backlight/brightness 472 chown system system /sys/class/leds/button-backlight/brightness 473 chown system system /sys/class/leds/jogball-backlight/brightness 474 chown system system /sys/class/leds/red/brightness 475 chown system system /sys/class/leds/green/brightness 476 chown system system /sys/class/leds/blue/brightness 477 chown system system /sys/class/leds/red/device/grpfreq 478 chown system system /sys/class/leds/red/device/grppwm 479 chown system system /sys/class/leds/red/device/blink 480 chown system system /sys/class/timed_output/vibrator/enable 481 chown system system /sys/module/sco/parameters/disable_esco 482 chown system system /sys/kernel/ipv4/tcp_wmem_min 483 chown system system /sys/kernel/ipv4/tcp_wmem_def 484 chown system system /sys/kernel/ipv4/tcp_wmem_max 485 chown system system /sys/kernel/ipv4/tcp_rmem_min 486 chown system system /sys/kernel/ipv4/tcp_rmem_def 487 chown system system /sys/kernel/ipv4/tcp_rmem_max 488 chown root radio /proc/cmdline 489 490 # Define default initial receive window size in segments. 491 setprop net.tcp.default_init_rwnd 60 492 493 class_start core 494 495on nonencrypted 496 class_start main 497 class_start late_start 498 499on property:vold.decrypt=trigger_default_encryption 500 start defaultcrypto 501 502on property:vold.decrypt=trigger_encryption 503 start surfaceflinger 504 start encrypt 505 506on property:sys.init_log_level=* 507 loglevel ${sys.init_log_level} 508 509on charger 510 class_start charger 511 512on property:vold.decrypt=trigger_reset_main 513 class_reset main 514 515on property:vold.decrypt=trigger_load_persist_props 516 load_persist_props 517 start logd 518 start logd-reinit 519 520on property:vold.decrypt=trigger_post_fs_data 521 trigger post-fs-data 522 523on property:vold.decrypt=trigger_restart_min_framework 524 class_start main 525 526on property:vold.decrypt=trigger_restart_framework 527 class_start main 528 class_start late_start 529 530on property:vold.decrypt=trigger_shutdown_framework 531 class_reset late_start 532 class_reset main 533 534on property:sys.powerctl=* 535 powerctl ${sys.powerctl} 536 537# system server cannot write to /proc/sys files, 538# and chown/chmod does not work for /proc/sys/ entries. 539# So proxy writes through init. 540on property:sys.sysctl.extra_free_kbytes=* 541 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 542 543# "tcp_default_init_rwnd" Is too long! 544on property:sys.sysctl.tcp_def_init_rwnd=* 545 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 546 547on property:security.perf_harden=0 548 write /proc/sys/kernel/perf_event_paranoid 1 549 550on property:security.perf_harden=1 551 write /proc/sys/kernel/perf_event_paranoid 3 552 553## Daemon processes to be run by init. 554## 555service ueventd /sbin/ueventd 556 class core 557 critical 558 seclabel u:r:ueventd:s0 559 560service logd /system/bin/logd 561 class core 562 socket logd stream 0666 logd logd 563 socket logdr seqpacket 0666 logd logd 564 socket logdw dgram 0222 logd logd 565 group root system 566 writepid /dev/cpuset/system-background/tasks 567 568service logd-reinit /system/bin/logd --reinit 569 oneshot 570 writepid /dev/cpuset/system-background/tasks 571 disabled 572 573service healthd /sbin/healthd 574 class core 575 critical 576 seclabel u:r:healthd:s0 577 group root system 578 579service console /system/bin/sh 580 class core 581 console 582 disabled 583 user shell 584 group shell log 585 seclabel u:r:shell:s0 586 587on property:ro.debuggable=1 588 start console 589 590# adbd is controlled via property triggers in init.<platform>.usb.rc 591service adbd /sbin/adbd --root_seclabel=u:r:su:s0 592 class core 593 socket adbd stream 660 system system 594 disabled 595 seclabel u:r:adbd:s0 596 597# adbd on at boot in emulator 598on property:ro.kernel.qemu=1 599 start adbd 600 601service lmkd /system/bin/lmkd 602 class core 603 critical 604 socket lmkd seqpacket 0660 system system 605 writepid /dev/cpuset/system-background/tasks 606 607service servicemanager /system/bin/servicemanager 608 class core 609 user system 610 group system 611 critical 612 onrestart restart healthd 613 onrestart restart zygote 614 onrestart restart media 615 onrestart restart surfaceflinger 616 onrestart restart drm 617 618service vold /system/bin/vold \ 619 --blkid_context=u:r:blkid:s0 --blkid_untrusted_context=u:r:blkid_untrusted:s0 \ 620 --fsck_context=u:r:fsck:s0 --fsck_untrusted_context=u:r:fsck_untrusted:s0 621 class core 622 socket vold stream 0660 root mount 623 socket cryptd stream 0660 root mount 624 ioprio be 2 625 626service netd /system/bin/netd 627 class main 628 socket netd stream 0660 root system 629 socket dnsproxyd stream 0660 root inet 630 socket mdns stream 0660 root system 631 socket fwmarkd stream 0660 root inet 632 633service debuggerd /system/bin/debuggerd 634 class main 635 writepid /dev/cpuset/system-background/tasks 636 637service debuggerd64 /system/bin/debuggerd64 638 class main 639 writepid /dev/cpuset/system-background/tasks 640 641service ril-daemon /system/bin/rild 642 class main 643 socket rild stream 660 root radio 644 socket sap_uim_socket1 stream 660 bluetooth bluetooth 645 socket rild-debug stream 660 radio system 646 user root 647 group radio cache inet misc audio log 648 649service surfaceflinger /system/bin/surfaceflinger 650 class core 651 user system 652 group graphics drmrpc 653 onrestart restart zygote 654 writepid /dev/cpuset/system-background/tasks 655 656service drm /system/bin/drmserver 657 class main 658 user drm 659 group drm system inet drmrpc 660 661service media /system/bin/mediaserver 662 class main 663 user media 664 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 665 ioprio rt 4 666 667# One shot invocation to deal with encrypted volume. 668service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 669 disabled 670 oneshot 671 # vold will set vold.decrypt to trigger_restart_framework (default 672 # encryption) or trigger_restart_min_framework (other encryption) 673 674# One shot invocation to encrypt unencrypted volumes 675service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default noui 676 disabled 677 oneshot 678 # vold will set vold.decrypt to trigger_restart_framework (default 679 # encryption) 680 681service bootanim /system/bin/bootanimation 682 class core 683 user graphics 684 group graphics audio 685 disabled 686 oneshot 687 688service gatekeeperd /system/bin/gatekeeperd /data/misc/gatekeeper 689 class late_start 690 user system 691 692service installd /system/bin/installd 693 class main 694 socket installd stream 600 system system 695 696service flash_recovery /system/bin/install-recovery.sh 697 class main 698 oneshot 699 700service racoon /system/bin/racoon 701 class main 702 socket racoon stream 600 system system 703 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 704 group vpn net_admin inet 705 disabled 706 oneshot 707 708service mtpd /system/bin/mtpd 709 class main 710 socket mtpd stream 600 system system 711 user vpn 712 group vpn net_admin inet net_raw 713 disabled 714 oneshot 715 716service keystore /system/bin/keystore /data/misc/keystore 717 class main 718 user keystore 719 group keystore drmrpc 720 721service dumpstate /system/bin/dumpstate -s 722 class main 723 socket dumpstate stream 0660 shell log 724 disabled 725 oneshot 726 727service mdnsd /system/bin/mdnsd 728 class main 729 user mdnsr 730 group inet net_raw 731 socket mdnsd stream 0660 mdnsr inet 732 disabled 733 oneshot 734 735service uncrypt /system/bin/uncrypt 736 class main 737 disabled 738 oneshot 739 740service pre-recovery /system/bin/uncrypt --reboot 741 class main 742 disabled 743 oneshot 744 745service perfprofd /system/xbin/perfprofd 746 class late_start 747 user root 748 oneshot 749 writepid /dev/cpuset/system-background/tasks 750 751on property:persist.logd.logpersistd=logcatd 752 # all exec/services are called with umask(077), so no gain beyond 0700 753 mkdir /data/misc/logd 0700 logd log 754 # logd for write to /data/misc/logd, log group for read from pstore (-L) 755 exec - logd log -- /system/bin/logcat -L -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256 756 start logcatd 757 758service logcatd /system/bin/logcat -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256 759 class late_start 760 disabled 761 # logd for write to /data/misc/logd, log group for read from log daemon 762 user logd 763 group log 764 writepid /dev/cpuset/system-background/tasks 765