init.rc revision 0359d778a564a5c63baba08a33484fb69eda4d1e
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.${ro.zygote}.rc 11import /init.trace.rc 12 13on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_score_adj -1000 16 17 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. 18 write /sys/fs/selinux/checkreqprot 0 19 20 # Set the security context for the init process. 21 # This should occur before anything else (e.g. ueventd) is started. 22 setcon u:r:init:s0 23 24 # Set the security context of /adb_keys if present. 25 restorecon /adb_keys 26 27 start ueventd 28 29 # create mountpoints 30 mkdir /mnt 0775 root system 31 32on init 33 sysclktz 0 34 35 loglevel 3 36 37 # Backward compatibility 38 symlink /system/etc /etc 39 symlink /sys/kernel/debug /d 40 41 # Right now vendor lives on the same filesystem as system, 42 # but someday that may change. 43 symlink /system/vendor /vendor 44 45 # Create cgroup mount point for cpu accounting 46 mkdir /acct 47 mount cgroup none /acct cpuacct 48 mkdir /acct/uid 49 50 # Create cgroup mount point for memory 51 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 52 mkdir /sys/fs/cgroup/memory 0750 root system 53 mount cgroup none /sys/fs/cgroup/memory memory 54 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 55 chown root system /sys/fs/cgroup/memory/tasks 56 chmod 0660 /sys/fs/cgroup/memory/tasks 57 mkdir /sys/fs/cgroup/memory/sw 0750 root system 58 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 59 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 60 chown root system /sys/fs/cgroup/memory/sw/tasks 61 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 62 63 mkdir /system 64 mkdir /data 0771 system system 65 mkdir /cache 0770 system cache 66 mkdir /config 0500 root root 67 68 # See storage config details at http://source.android.com/tech/storage/ 69 mkdir /mnt/shell 0700 shell shell 70 mkdir /mnt/media_rw 0700 media_rw media_rw 71 mkdir /storage 0751 root sdcard_r 72 73 # Directory for putting things only root should see. 74 mkdir /mnt/secure 0700 root root 75 76 # Directory for staging bindmounts 77 mkdir /mnt/secure/staging 0700 root root 78 79 # Directory-target for where the secure container 80 # imagefile directory will be bind-mounted 81 mkdir /mnt/secure/asec 0700 root root 82 83 # Secure container public mount points. 84 mkdir /mnt/asec 0700 root system 85 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 86 87 # Filesystem image public mount points. 88 mkdir /mnt/obb 0700 root system 89 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 90 91 # memory control cgroup 92 mkdir /dev/memcg 0700 root system 93 mount cgroup none /dev/memcg memory 94 95 write /proc/sys/kernel/panic_on_oops 1 96 write /proc/sys/kernel/hung_task_timeout_secs 0 97 write /proc/cpu/alignment 4 98 write /proc/sys/kernel/sched_latency_ns 10000000 99 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 100 write /proc/sys/kernel/sched_compat_yield 1 101 write /proc/sys/kernel/sched_child_runs_first 0 102 write /proc/sys/kernel/randomize_va_space 2 103 write /proc/sys/kernel/kptr_restrict 2 104 write /proc/sys/vm/mmap_min_addr 32768 105 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 106 write /proc/sys/net/unix/max_dgram_qlen 300 107 write /proc/sys/kernel/sched_rt_runtime_us 950000 108 write /proc/sys/kernel/sched_rt_period_us 1000000 109 110 # reflect fwmark from incoming packets onto generated replies 111 write /proc/sys/net/ipv4/fwmark_reflect 1 112 write /proc/sys/net/ipv6/fwmark_reflect 1 113 114 # set fwmark on accepted sockets 115 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 116 117 # Create cgroup mount points for process groups 118 mkdir /dev/cpuctl 119 mount cgroup none /dev/cpuctl cpu 120 chown system system /dev/cpuctl 121 chown system system /dev/cpuctl/tasks 122 chmod 0660 /dev/cpuctl/tasks 123 write /dev/cpuctl/cpu.shares 1024 124 write /dev/cpuctl/cpu.rt_runtime_us 950000 125 write /dev/cpuctl/cpu.rt_period_us 1000000 126 127 mkdir /dev/cpuctl/apps 128 chown system system /dev/cpuctl/apps/tasks 129 chmod 0666 /dev/cpuctl/apps/tasks 130 write /dev/cpuctl/apps/cpu.shares 1024 131 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000 132 write /dev/cpuctl/apps/cpu.rt_period_us 1000000 133 134 mkdir /dev/cpuctl/apps/bg_non_interactive 135 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks 136 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks 137 # 5.0 % 138 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52 139 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000 140 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000 141 142 # qtaguid will limit access to specific data based on group memberships. 143 # net_bw_acct grants impersonation of socket owners. 144 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 145 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 146 chown root net_bw_stats /proc/net/xt_qtaguid/stats 147 148 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 149 # This is needed by any process that uses socket tagging. 150 chmod 0644 /dev/xt_qtaguid 151 152 # Create location for fs_mgr to store abbreviated output from filesystem 153 # checker programs. 154 mkdir /dev/fscklogs 0770 root system 155 156 # pstore/ramoops previous console log 157 mount pstore pstore /sys/fs/pstore 158 chown system log /sys/fs/pstore/console-ramoops 159 chmod 0440 /sys/fs/pstore/console-ramoops 160 chown system log /sys/fs/pstore/pmsg-ramoops-0 161 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 162 163# Healthd can trigger a full boot from charger mode by signaling this 164# property when the power button is held. 165on property:sys.boot_from_charger_mode=1 166 class_stop charger 167 trigger late-init 168 169# Load properties from /system/ + /factory after fs mount. 170on load_all_props_action 171 load_all_props 172 173# Indicate to fw loaders that the relevant mounts are up. 174on firmware_mounts_complete 175 rm /dev/.booting 176 177# Mount filesystems and start core system services. 178on late-init 179 trigger early-fs 180 trigger fs 181 trigger post-fs 182 trigger post-fs-data 183 184 # Load properties from /system/ + /factory after fs mount. Place 185 # this in another action so that the load will be scheduled after the prior 186 # issued fs triggers have completed. 187 trigger load_all_props_action 188 189 # Remove a file to wake up anything waiting for firmware. 190 trigger firmware_mounts_complete 191 192 trigger early-boot 193 trigger boot 194 195 196on post-fs 197 # once everything is setup, no need to modify / 198 mount rootfs rootfs / ro remount 199 # mount shared so changes propagate into child namespaces 200 mount rootfs rootfs / shared rec 201 202 # We chown/chmod /cache again so because mount is run as root + defaults 203 chown system cache /cache 204 chmod 0770 /cache 205 # We restorecon /cache in case the cache partition has been reset. 206 restorecon_recursive /cache 207 208 # This may have been created by the recovery system with odd permissions 209 chown system cache /cache/recovery 210 chmod 0770 /cache/recovery 211 212 #change permissions on vmallocinfo so we can grab it from bugreports 213 chown root log /proc/vmallocinfo 214 chmod 0440 /proc/vmallocinfo 215 216 chown root log /proc/slabinfo 217 chmod 0440 /proc/slabinfo 218 219 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 220 chown root system /proc/kmsg 221 chmod 0440 /proc/kmsg 222 chown root system /proc/sysrq-trigger 223 chmod 0220 /proc/sysrq-trigger 224 chown system log /proc/last_kmsg 225 chmod 0440 /proc/last_kmsg 226 227 # make the selinux kernel policy world-readable 228 chmod 0444 /sys/fs/selinux/policy 229 230 # create the lost+found directories, so as to enforce our permissions 231 mkdir /cache/lost+found 0770 root root 232 233on post-fs-data 234 # We chown/chmod /data again so because mount is run as root + defaults 235 chown system system /data 236 chmod 0771 /data 237 # We restorecon /data in case the userdata partition has been reset. 238 restorecon /data 239 240 # Avoid predictable entropy pool. Carry over entropy from previous boot. 241 copy /data/system/entropy.dat /dev/urandom 242 243 # Create dump dir and collect dumps. 244 # Do this before we mount cache so eventually we can use cache for 245 # storing dumps on platforms which do not have a dedicated dump partition. 246 mkdir /data/dontpanic 0750 root log 247 248 # Collect apanic data, free resources and re-arm trigger 249 copy /proc/apanic_console /data/dontpanic/apanic_console 250 chown root log /data/dontpanic/apanic_console 251 chmod 0640 /data/dontpanic/apanic_console 252 253 copy /proc/apanic_threads /data/dontpanic/apanic_threads 254 chown root log /data/dontpanic/apanic_threads 255 chmod 0640 /data/dontpanic/apanic_threads 256 257 write /proc/apanic_console 1 258 259 # create basic filesystem structure 260 mkdir /data/misc 01771 system misc 261 mkdir /data/misc/adb 02750 system shell 262 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack 263 mkdir /data/misc/bluetooth 0770 system system 264 mkdir /data/misc/keystore 0700 keystore keystore 265 mkdir /data/misc/keychain 0771 system system 266 mkdir /data/misc/net 0750 root shell 267 mkdir /data/misc/radio 0770 system radio 268 mkdir /data/misc/sms 0770 system radio 269 mkdir /data/misc/zoneinfo 0775 system system 270 mkdir /data/misc/vpn 0770 system vpn 271 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 272 mkdir /data/misc/systemkeys 0700 system system 273 mkdir /data/misc/wifi 0770 wifi wifi 274 mkdir /data/misc/wifi/sockets 0770 wifi wifi 275 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 276 mkdir /data/misc/ethernet 0770 system system 277 mkdir /data/misc/dhcp 0770 dhcp dhcp 278 mkdir /data/misc/user 0771 root root 279 # give system access to wpa_supplicant.conf for backup and restore 280 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 281 mkdir /data/local 0751 root root 282 mkdir /data/misc/media 0700 media media 283 284 # For security reasons, /data/local/tmp should always be empty. 285 # Do not place files or directories in /data/local/tmp 286 mkdir /data/local/tmp 0771 shell shell 287 mkdir /data/data 0771 system system 288 mkdir /data/app-private 0771 system system 289 mkdir /data/app-asec 0700 root root 290 mkdir /data/app-lib 0771 system system 291 mkdir /data/app 0771 system system 292 mkdir /data/property 0700 root root 293 mkdir /data/tombstones 0771 system system 294 295 # create dalvik-cache, so as to enforce our permissions 296 mkdir /data/dalvik-cache 0771 root root 297 mkdir /data/dalvik-cache/profiles 0711 system system 298 299 # create resource-cache and double-check the perms 300 mkdir /data/resource-cache 0771 system system 301 chown system system /data/resource-cache 302 chmod 0771 /data/resource-cache 303 304 # create the lost+found directories, so as to enforce our permissions 305 mkdir /data/lost+found 0770 root root 306 307 # create directory for DRM plug-ins - give drm the read/write access to 308 # the following directory. 309 mkdir /data/drm 0770 drm drm 310 311 # create directory for MediaDrm plug-ins - give drm the read/write access to 312 # the following directory. 313 mkdir /data/mediadrm 0770 mediadrm mediadrm 314 315 mkdir /data/adb 0700 root root 316 317 # symlink to bugreport storage location 318 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 319 320 # Separate location for storing security policy files on data 321 mkdir /data/security 0711 system system 322 323 # Reload policy from /data/security if present. 324 setprop selinux.reload_policy 1 325 326 # Set SELinux security contexts on upgrade or policy update. 327 restorecon_recursive /data 328 329 # If there is no fs-post-data action in the init.<device>.rc file, you 330 # must uncomment this line, otherwise encrypted filesystems 331 # won't work. 332 # Set indication (checked by vold) that we have finished this action 333 #setprop vold.post_fs_data_done 1 334 335on boot 336 # basic network init 337 ifup lo 338 hostname localhost 339 domainname localdomain 340 341 # set RLIMIT_NICE to allow priorities from 19 to -20 342 setrlimit 13 40 40 343 344 # Memory management. Basic kernel parameters, and allow the high 345 # level system server to be able to adjust the kernel OOM driver 346 # parameters to match how it is managing things. 347 write /proc/sys/vm/overcommit_memory 1 348 write /proc/sys/vm/min_free_order_shift 4 349 chown root system /sys/module/lowmemorykiller/parameters/adj 350 chmod 0220 /sys/module/lowmemorykiller/parameters/adj 351 chown root system /sys/module/lowmemorykiller/parameters/minfree 352 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree 353 354 # Tweak background writeout 355 write /proc/sys/vm/dirty_expire_centisecs 200 356 write /proc/sys/vm/dirty_background_ratio 5 357 358 # Permissions for System Server and daemons. 359 chown radio system /sys/android_power/state 360 chown radio system /sys/android_power/request_state 361 chown radio system /sys/android_power/acquire_full_wake_lock 362 chown radio system /sys/android_power/acquire_partial_wake_lock 363 chown radio system /sys/android_power/release_wake_lock 364 chown system system /sys/power/autosleep 365 chown system system /sys/power/state 366 chown system system /sys/power/wakeup_count 367 chown radio system /sys/power/wake_lock 368 chown radio system /sys/power/wake_unlock 369 chmod 0660 /sys/power/state 370 chmod 0660 /sys/power/wake_lock 371 chmod 0660 /sys/power/wake_unlock 372 373 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 374 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 375 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 376 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 377 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 378 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 379 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 380 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 381 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 382 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 383 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 384 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 385 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 386 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 387 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 388 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 389 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 390 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 391 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 392 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 393 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 394 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 395 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 396 397 # Assume SMP uses shared cpufreq policy for all CPUs 398 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 399 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 400 401 chown system system /sys/class/timed_output/vibrator/enable 402 chown system system /sys/class/leds/keyboard-backlight/brightness 403 chown system system /sys/class/leds/lcd-backlight/brightness 404 chown system system /sys/class/leds/button-backlight/brightness 405 chown system system /sys/class/leds/jogball-backlight/brightness 406 chown system system /sys/class/leds/red/brightness 407 chown system system /sys/class/leds/green/brightness 408 chown system system /sys/class/leds/blue/brightness 409 chown system system /sys/class/leds/red/device/grpfreq 410 chown system system /sys/class/leds/red/device/grppwm 411 chown system system /sys/class/leds/red/device/blink 412 chown system system /sys/class/timed_output/vibrator/enable 413 chown system system /sys/module/sco/parameters/disable_esco 414 chown system system /sys/kernel/ipv4/tcp_wmem_min 415 chown system system /sys/kernel/ipv4/tcp_wmem_def 416 chown system system /sys/kernel/ipv4/tcp_wmem_max 417 chown system system /sys/kernel/ipv4/tcp_rmem_min 418 chown system system /sys/kernel/ipv4/tcp_rmem_def 419 chown system system /sys/kernel/ipv4/tcp_rmem_max 420 chown root radio /proc/cmdline 421 422 # Define default initial receive window size in segments. 423 setprop net.tcp.default_init_rwnd 60 424 425 class_start core 426 427on nonencrypted 428 class_start main 429 class_start late_start 430 431on property:vold.decrypt=trigger_default_encryption 432 start defaultcrypto 433 434on property:vold.decrypt=trigger_encryption 435 start surfaceflinger 436 start encrypt 437 438on property:sys.init_log_level=* 439 loglevel ${sys.init_log_level} 440 441on charger 442 class_start charger 443 444on property:vold.decrypt=trigger_reset_main 445 class_reset main 446 447on property:vold.decrypt=trigger_load_persist_props 448 load_persist_props 449 450on property:vold.decrypt=trigger_post_fs_data 451 trigger post-fs-data 452 453on property:vold.decrypt=trigger_restart_min_framework 454 class_start main 455 456on property:vold.decrypt=trigger_restart_framework 457 class_start main 458 class_start late_start 459 460on property:vold.decrypt=trigger_shutdown_framework 461 class_reset late_start 462 class_reset main 463 464on property:sys.powerctl=* 465 powerctl ${sys.powerctl} 466 467# system server cannot write to /proc/sys files, 468# and chown/chmod does not work for /proc/sys/ entries. 469# So proxy writes through init. 470on property:sys.sysctl.extra_free_kbytes=* 471 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 472 473# "tcp_default_init_rwnd" Is too long! 474on property:sys.sysctl.tcp_def_init_rwnd=* 475 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 476 477 478## Daemon processes to be run by init. 479## 480service ueventd /sbin/ueventd 481 class core 482 critical 483 seclabel u:r:ueventd:s0 484 485service logd /system/bin/logd 486 class core 487 socket logd stream 0666 logd logd 488 socket logdr seqpacket 0666 logd logd 489 socket logdw dgram 0222 logd logd 490 seclabel u:r:logd:s0 491 492service healthd /sbin/healthd 493 class core 494 critical 495 seclabel u:r:healthd:s0 496 497service console /system/bin/sh 498 class core 499 console 500 disabled 501 user shell 502 group shell log 503 seclabel u:r:shell:s0 504 505on property:ro.debuggable=1 506 start console 507 508# adbd is controlled via property triggers in init.<platform>.usb.rc 509service adbd /sbin/adbd --root_seclabel=u:r:su:s0 510 class core 511 socket adbd stream 660 system system 512 disabled 513 seclabel u:r:adbd:s0 514 515# adbd on at boot in emulator 516on property:ro.kernel.qemu=1 517 start adbd 518 519service lmkd /system/bin/lmkd 520 class core 521 critical 522 socket lmkd seqpacket 0660 system system 523 524service servicemanager /system/bin/servicemanager 525 class core 526 user system 527 group system 528 critical 529 onrestart restart healthd 530 onrestart restart zygote 531 onrestart restart media 532 onrestart restart surfaceflinger 533 onrestart restart drm 534 535service vold /system/bin/vold 536 class core 537 socket vold stream 0660 root mount 538 ioprio be 2 539 540service netd /system/bin/netd 541 class main 542 socket netd stream 0660 root system 543 socket dnsproxyd stream 0660 root inet 544 socket mdns stream 0660 root system 545 socket fwmarkd stream 0660 root inet 546 547service debuggerd /system/bin/debuggerd 548 class main 549 550service debuggerd64 /system/bin/debuggerd64 551 class main 552 553service ril-daemon /system/bin/rild 554 class main 555 socket rild stream 660 root radio 556 socket rild-debug stream 660 radio system 557 user root 558 group radio cache inet misc audio log 559 560service surfaceflinger /system/bin/surfaceflinger 561 class core 562 user system 563 group graphics drmrpc 564 onrestart restart zygote 565 566service drm /system/bin/drmserver 567 class main 568 user drm 569 group drm system inet drmrpc 570 571service media /system/bin/mediaserver 572 class main 573 user media 574 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 575 ioprio rt 4 576 577# One shot invocation to deal with encrypted volume. 578service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 579 disabled 580 oneshot 581 # vold will set vold.decrypt to trigger_restart_framework (default 582 # encryption) or trigger_restart_min_framework (other encryption) 583 584# One shot invocation to encrypt unencrypted volumes 585service encrypt /system/bin/vdc --wait cryptfs maybeenabledefaultcrypto 586 disabled 587 oneshot 588 # vold will set vold.decrypt to trigger_restart_framework (default 589 # encryption) 590 591service bootanim /system/bin/bootanimation 592 class core 593 user graphics 594 group graphics audio 595 disabled 596 oneshot 597 598service installd /system/bin/installd 599 class main 600 socket installd stream 600 system system 601 602service flash_recovery /system/bin/install-recovery.sh 603 class main 604 seclabel u:r:install_recovery:s0 605 oneshot 606 607service racoon /system/bin/racoon 608 class main 609 socket racoon stream 600 system system 610 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 611 group vpn net_admin inet 612 disabled 613 oneshot 614 615service mtpd /system/bin/mtpd 616 class main 617 socket mtpd stream 600 system system 618 user vpn 619 group vpn net_admin inet net_raw 620 disabled 621 oneshot 622 623service keystore /system/bin/keystore /data/misc/keystore 624 class main 625 user keystore 626 group keystore drmrpc 627 628service dumpstate /system/bin/dumpstate -s 629 class main 630 socket dumpstate stream 0660 shell log 631 disabled 632 oneshot 633 634service mdnsd /system/bin/mdnsd 635 class main 636 user mdnsr 637 group inet net_raw 638 socket mdnsd stream 0660 mdnsr inet 639 disabled 640 oneshot 641 642service pre-recovery /system/bin/uncrypt 643 class main 644 disabled 645 oneshot 646