init.rc revision 1450586ffd1113baa80f415531fb1de378fc8037
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.${ro.zygote}.rc 11import /init.trace.rc 12 13on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_score_adj -1000 16 17 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. 18 write /sys/fs/selinux/checkreqprot 0 19 20 # Set the security context for the init process. 21 # This should occur before anything else (e.g. ueventd) is started. 22 setcon u:r:init:s0 23 24 # Set the security context of /adb_keys if present. 25 restorecon /adb_keys 26 27 start ueventd 28 29 # create mountpoints 30 mkdir /mnt 0775 root system 31 32on init 33 sysclktz 0 34 35 # Backward compatibility. 36 symlink /system/etc /etc 37 symlink /sys/kernel/debug /d 38 39 # Link /vendor to /system/vendor for devices without a vendor partition. 40 symlink /system/vendor /vendor 41 42 # Create cgroup mount point for cpu accounting 43 mkdir /acct 44 mount cgroup none /acct cpuacct 45 mkdir /acct/uid 46 47 # Create cgroup mount point for memory 48 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 49 mkdir /sys/fs/cgroup/memory 0750 root system 50 mount cgroup none /sys/fs/cgroup/memory memory 51 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 52 chown root system /sys/fs/cgroup/memory/tasks 53 chmod 0660 /sys/fs/cgroup/memory/tasks 54 mkdir /sys/fs/cgroup/memory/sw 0750 root system 55 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 56 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 57 chown root system /sys/fs/cgroup/memory/sw/tasks 58 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 59 60 mkdir /system 61 mkdir /data 0771 system system 62 mkdir /cache 0770 system cache 63 mkdir /config 0500 root root 64 65 # See storage config details at http://source.android.com/tech/storage/ 66 mkdir /mnt/shell 0700 shell shell 67 mkdir /mnt/media_rw 0700 media_rw media_rw 68 mkdir /storage 0751 root sdcard_r 69 70 # Directory for putting things only root should see. 71 mkdir /mnt/secure 0700 root root 72 73 # Directory for staging bindmounts 74 mkdir /mnt/secure/staging 0700 root root 75 76 # Directory-target for where the secure container 77 # imagefile directory will be bind-mounted 78 mkdir /mnt/secure/asec 0700 root root 79 80 # Secure container public mount points. 81 mkdir /mnt/asec 0700 root system 82 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 83 84 # Filesystem image public mount points. 85 mkdir /mnt/obb 0700 root system 86 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 87 88 # memory control cgroup 89 mkdir /dev/memcg 0700 root system 90 mount cgroup none /dev/memcg memory 91 92 write /proc/sys/kernel/panic_on_oops 1 93 write /proc/sys/kernel/hung_task_timeout_secs 0 94 write /proc/cpu/alignment 4 95 write /proc/sys/kernel/sched_latency_ns 10000000 96 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 97 write /proc/sys/kernel/sched_compat_yield 1 98 write /proc/sys/kernel/sched_child_runs_first 0 99 write /proc/sys/kernel/randomize_va_space 2 100 write /proc/sys/kernel/kptr_restrict 2 101 write /proc/sys/vm/mmap_min_addr 32768 102 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 103 write /proc/sys/net/unix/max_dgram_qlen 300 104 write /proc/sys/kernel/sched_rt_runtime_us 950000 105 write /proc/sys/kernel/sched_rt_period_us 1000000 106 107 # reflect fwmark from incoming packets onto generated replies 108 write /proc/sys/net/ipv4/fwmark_reflect 1 109 write /proc/sys/net/ipv6/fwmark_reflect 1 110 111 # set fwmark on accepted sockets 112 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 113 114 # Create cgroup mount points for process groups 115 mkdir /dev/cpuctl 116 mount cgroup none /dev/cpuctl cpu 117 chown system system /dev/cpuctl 118 chown system system /dev/cpuctl/tasks 119 chmod 0666 /dev/cpuctl/tasks 120 write /dev/cpuctl/cpu.shares 1024 121 write /dev/cpuctl/cpu.rt_runtime_us 800000 122 write /dev/cpuctl/cpu.rt_period_us 1000000 123 124 mkdir /dev/cpuctl/bg_non_interactive 125 chown system system /dev/cpuctl/bg_non_interactive/tasks 126 chmod 0666 /dev/cpuctl/bg_non_interactive/tasks 127 # 5.0 % 128 write /dev/cpuctl/bg_non_interactive/cpu.shares 52 129 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000 130 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000 131 132 # qtaguid will limit access to specific data based on group memberships. 133 # net_bw_acct grants impersonation of socket owners. 134 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 135 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 136 chown root net_bw_stats /proc/net/xt_qtaguid/stats 137 138 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 139 # This is needed by any process that uses socket tagging. 140 chmod 0644 /dev/xt_qtaguid 141 142 # Create location for fs_mgr to store abbreviated output from filesystem 143 # checker programs. 144 mkdir /dev/fscklogs 0770 root system 145 146 # pstore/ramoops previous console log 147 mount pstore pstore /sys/fs/pstore 148 chown system log /sys/fs/pstore/console-ramoops 149 chmod 0440 /sys/fs/pstore/console-ramoops 150 chown system log /sys/fs/pstore/pmsg-ramoops-0 151 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 152 153 # enable armv8_deprecated instruction hooks 154 write /proc/sys/abi/swp 1 155 156# Healthd can trigger a full boot from charger mode by signaling this 157# property when the power button is held. 158on property:sys.boot_from_charger_mode=1 159 class_stop charger 160 trigger late-init 161 162# Load properties from /system/ + /factory after fs mount. 163on load_all_props_action 164 load_all_props 165 start logd-reinit 166 167# Indicate to fw loaders that the relevant mounts are up. 168on firmware_mounts_complete 169 rm /dev/.booting 170 171# Mount filesystems and start core system services. 172on late-init 173 trigger early-fs 174 trigger fs 175 trigger post-fs 176 trigger post-fs-data 177 178 # Load properties from /system/ + /factory after fs mount. Place 179 # this in another action so that the load will be scheduled after the prior 180 # issued fs triggers have completed. 181 trigger load_all_props_action 182 183 # Remove a file to wake up anything waiting for firmware. 184 trigger firmware_mounts_complete 185 186 trigger early-boot 187 trigger boot 188 189 190on post-fs 191 start logd 192 # once everything is setup, no need to modify / 193 mount rootfs rootfs / ro remount 194 # mount shared so changes propagate into child namespaces 195 mount rootfs rootfs / shared rec 196 197 # We chown/chmod /cache again so because mount is run as root + defaults 198 chown system cache /cache 199 chmod 0770 /cache 200 # We restorecon /cache in case the cache partition has been reset. 201 restorecon_recursive /cache 202 203 # This may have been created by the recovery system with odd permissions 204 chown system cache /cache/recovery 205 chmod 0770 /cache/recovery 206 207 #change permissions on vmallocinfo so we can grab it from bugreports 208 chown root log /proc/vmallocinfo 209 chmod 0440 /proc/vmallocinfo 210 211 chown root log /proc/slabinfo 212 chmod 0440 /proc/slabinfo 213 214 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 215 chown root system /proc/kmsg 216 chmod 0440 /proc/kmsg 217 chown root system /proc/sysrq-trigger 218 chmod 0220 /proc/sysrq-trigger 219 chown system log /proc/last_kmsg 220 chmod 0440 /proc/last_kmsg 221 222 # make the selinux kernel policy world-readable 223 chmod 0444 /sys/fs/selinux/policy 224 225 # create the lost+found directories, so as to enforce our permissions 226 mkdir /cache/lost+found 0770 root root 227 228on post-fs-data 229 installkey /data 230 231 # We chown/chmod /data again so because mount is run as root + defaults 232 chown system system /data 233 chmod 0771 /data 234 # We restorecon /data in case the userdata partition has been reset. 235 restorecon /data 236 237 # Start bootcharting as soon as possible after the data partition is 238 # mounted to collect more data. 239 mkdir /data/bootchart 0755 shell shell 240 bootchart_init 241 242 # Avoid predictable entropy pool. Carry over entropy from previous boot. 243 copy /data/system/entropy.dat /dev/urandom 244 245 # create basic filesystem structure 246 mkdir /data/misc 01771 system misc 247 mkdir /data/misc/adb 02750 system shell 248 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack 249 mkdir /data/misc/bluetooth 0770 system system 250 mkdir /data/misc/keystore 0700 keystore keystore 251 mkdir /data/misc/gatekeeper 0700 system system 252 mkdir /data/misc/keychain 0771 system system 253 mkdir /data/misc/net 0750 root shell 254 mkdir /data/misc/radio 0770 system radio 255 mkdir /data/misc/sms 0770 system radio 256 mkdir /data/misc/zoneinfo 0775 system system 257 mkdir /data/misc/vpn 0770 system vpn 258 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 259 mkdir /data/misc/systemkeys 0700 system system 260 mkdir /data/misc/wifi 0770 wifi wifi 261 mkdir /data/misc/wifi/sockets 0770 wifi wifi 262 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 263 mkdir /data/misc/ethernet 0770 system system 264 mkdir /data/misc/dhcp 0770 dhcp dhcp 265 mkdir /data/misc/user 0771 root root 266 # give system access to wpa_supplicant.conf for backup and restore 267 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 268 mkdir /data/local 0751 root root 269 mkdir /data/misc/media 0700 media media 270 271 # For security reasons, /data/local/tmp should always be empty. 272 # Do not place files or directories in /data/local/tmp 273 mkdir /data/local/tmp 0771 shell shell 274 mkdir /data/data 0771 system system 275 mkdir /data/app-private 0771 system system 276 mkdir /data/app-asec 0700 root root 277 mkdir /data/app-lib 0771 system system 278 mkdir /data/app 0771 system system 279 mkdir /data/property 0700 root root 280 mkdir /data/tombstones 0771 system system 281 282 # create dalvik-cache, so as to enforce our permissions 283 mkdir /data/dalvik-cache 0771 root root 284 mkdir /data/dalvik-cache/profiles 0711 system system 285 286 # create resource-cache and double-check the perms 287 mkdir /data/resource-cache 0771 system system 288 chown system system /data/resource-cache 289 chmod 0771 /data/resource-cache 290 291 # create the lost+found directories, so as to enforce our permissions 292 mkdir /data/lost+found 0770 root root 293 294 # create directory for DRM plug-ins - give drm the read/write access to 295 # the following directory. 296 mkdir /data/drm 0770 drm drm 297 298 # create directory for MediaDrm plug-ins - give drm the read/write access to 299 # the following directory. 300 mkdir /data/mediadrm 0770 mediadrm mediadrm 301 302 mkdir /data/adb 0700 root root 303 304 # symlink to bugreport storage location 305 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 306 307 # Separate location for storing security policy files on data 308 mkdir /data/security 0711 system system 309 310 # Create all remaining /data root dirs so that they are made through init 311 # and get proper encryption policy installed 312 mkdir /data/backup 0700 system system 313 mkdir /data/media 0770 media_rw media_rw 314 mkdir /data/ss 0700 system system 315 mkdir /data/system 0775 system system 316 mkdir /data/system/heapdump 0700 system system 317 mkdir /data/user 0711 system system 318 319 # Reload policy from /data/security if present. 320 setprop selinux.reload_policy 1 321 322 # Set SELinux security contexts on upgrade or policy update. 323 restorecon_recursive /data 324 325 # Check any timezone data in /data is newer than the copy in /system, delete if not. 326 exec u:r:tzdatacheck:s0 system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo 327 328 # If there is no fs-post-data action in the init.<device>.rc file, you 329 # must uncomment this line, otherwise encrypted filesystems 330 # won't work. 331 # Set indication (checked by vold) that we have finished this action 332 #setprop vold.post_fs_data_done 1 333 334on boot 335 # basic network init 336 ifup lo 337 hostname localhost 338 domainname localdomain 339 340 # set RLIMIT_NICE to allow priorities from 19 to -20 341 setrlimit 13 40 40 342 343 # Memory management. Basic kernel parameters, and allow the high 344 # level system server to be able to adjust the kernel OOM driver 345 # parameters to match how it is managing things. 346 write /proc/sys/vm/overcommit_memory 1 347 write /proc/sys/vm/min_free_order_shift 4 348 chown root system /sys/module/lowmemorykiller/parameters/adj 349 chmod 0220 /sys/module/lowmemorykiller/parameters/adj 350 chown root system /sys/module/lowmemorykiller/parameters/minfree 351 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree 352 353 # Tweak background writeout 354 write /proc/sys/vm/dirty_expire_centisecs 200 355 write /proc/sys/vm/dirty_background_ratio 5 356 357 # Permissions for System Server and daemons. 358 chown radio system /sys/android_power/state 359 chown radio system /sys/android_power/request_state 360 chown radio system /sys/android_power/acquire_full_wake_lock 361 chown radio system /sys/android_power/acquire_partial_wake_lock 362 chown radio system /sys/android_power/release_wake_lock 363 chown system system /sys/power/autosleep 364 chown system system /sys/power/state 365 chown system system /sys/power/wakeup_count 366 chown radio system /sys/power/wake_lock 367 chown radio system /sys/power/wake_unlock 368 chmod 0660 /sys/power/state 369 chmod 0660 /sys/power/wake_lock 370 chmod 0660 /sys/power/wake_unlock 371 372 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 373 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 374 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 375 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 376 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 377 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 378 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 379 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 380 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 381 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 382 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 383 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 384 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 385 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 386 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 387 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 388 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 389 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 390 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 391 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 392 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 393 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 394 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 395 396 # Assume SMP uses shared cpufreq policy for all CPUs 397 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 398 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 399 400 chown system system /sys/class/timed_output/vibrator/enable 401 chown system system /sys/class/leds/keyboard-backlight/brightness 402 chown system system /sys/class/leds/lcd-backlight/brightness 403 chown system system /sys/class/leds/button-backlight/brightness 404 chown system system /sys/class/leds/jogball-backlight/brightness 405 chown system system /sys/class/leds/red/brightness 406 chown system system /sys/class/leds/green/brightness 407 chown system system /sys/class/leds/blue/brightness 408 chown system system /sys/class/leds/red/device/grpfreq 409 chown system system /sys/class/leds/red/device/grppwm 410 chown system system /sys/class/leds/red/device/blink 411 chown system system /sys/class/timed_output/vibrator/enable 412 chown system system /sys/module/sco/parameters/disable_esco 413 chown system system /sys/kernel/ipv4/tcp_wmem_min 414 chown system system /sys/kernel/ipv4/tcp_wmem_def 415 chown system system /sys/kernel/ipv4/tcp_wmem_max 416 chown system system /sys/kernel/ipv4/tcp_rmem_min 417 chown system system /sys/kernel/ipv4/tcp_rmem_def 418 chown system system /sys/kernel/ipv4/tcp_rmem_max 419 chown root radio /proc/cmdline 420 421 # Define default initial receive window size in segments. 422 setprop net.tcp.default_init_rwnd 60 423 424 class_start core 425 426on nonencrypted 427 class_start main 428 class_start late_start 429 430on property:vold.decrypt=trigger_default_encryption 431 start defaultcrypto 432 433on property:vold.decrypt=trigger_encryption 434 start surfaceflinger 435 start encrypt 436 437on property:sys.init_log_level=* 438 loglevel ${sys.init_log_level} 439 440on charger 441 class_start charger 442 443on property:vold.decrypt=trigger_reset_main 444 class_reset main 445 446on property:vold.decrypt=trigger_load_persist_props 447 load_persist_props 448 start logd-reinit 449 450on property:vold.decrypt=trigger_post_fs_data 451 trigger post-fs-data 452 453on property:vold.decrypt=trigger_restart_min_framework 454 class_start main 455 456on property:vold.decrypt=trigger_restart_framework 457 installkey /data 458 class_start main 459 class_start late_start 460 461on property:vold.decrypt=trigger_shutdown_framework 462 class_reset late_start 463 class_reset main 464 465on property:sys.powerctl=* 466 powerctl ${sys.powerctl} 467 468# system server cannot write to /proc/sys files, 469# and chown/chmod does not work for /proc/sys/ entries. 470# So proxy writes through init. 471on property:sys.sysctl.extra_free_kbytes=* 472 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 473 474# "tcp_default_init_rwnd" Is too long! 475on property:sys.sysctl.tcp_def_init_rwnd=* 476 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 477 478 479## Daemon processes to be run by init. 480## 481service ueventd /sbin/ueventd 482 class core 483 critical 484 seclabel u:r:ueventd:s0 485 486service logd /system/bin/logd 487 class core 488 socket logd stream 0666 logd logd 489 socket logdr seqpacket 0666 logd logd 490 socket logdw dgram 0222 logd logd 491 492service logd-reinit /system/bin/logd --reinit 493 start logd 494 oneshot 495 disabled 496 497service healthd /sbin/healthd 498 class core 499 critical 500 seclabel u:r:healthd:s0 501 502service console /system/bin/sh 503 class core 504 console 505 disabled 506 user shell 507 group shell log 508 seclabel u:r:shell:s0 509 510on property:ro.debuggable=1 511 start console 512 513# adbd is controlled via property triggers in init.<platform>.usb.rc 514service adbd /sbin/adbd --root_seclabel=u:r:su:s0 515 class core 516 socket adbd stream 660 system system 517 disabled 518 seclabel u:r:adbd:s0 519 520# adbd on at boot in emulator 521on property:ro.kernel.qemu=1 522 start adbd 523 524service lmkd /system/bin/lmkd 525 class core 526 critical 527 socket lmkd seqpacket 0660 system system 528 529service servicemanager /system/bin/servicemanager 530 class core 531 user system 532 group system 533 critical 534 onrestart restart healthd 535 onrestart restart zygote 536 onrestart restart media 537 onrestart restart surfaceflinger 538 onrestart restart drm 539 540service vold /system/bin/vold 541 class core 542 socket vold stream 0660 root mount 543 ioprio be 2 544 545service netd /system/bin/netd 546 class main 547 socket netd stream 0660 root system 548 socket dnsproxyd stream 0660 root inet 549 socket mdns stream 0660 root system 550 socket fwmarkd stream 0660 root inet 551 552service debuggerd /system/bin/debuggerd 553 class main 554 555service debuggerd64 /system/bin/debuggerd64 556 class main 557 558service ril-daemon /system/bin/rild 559 class main 560 socket rild stream 660 root radio 561 socket rild-debug stream 660 radio system 562 user root 563 group radio cache inet misc audio log 564 565service surfaceflinger /system/bin/surfaceflinger 566 class core 567 user system 568 group graphics drmrpc 569 onrestart restart zygote 570 571service drm /system/bin/drmserver 572 class main 573 user drm 574 group drm system inet drmrpc 575 576service media /system/bin/mediaserver 577 class main 578 user media 579 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 580 ioprio rt 4 581 582# One shot invocation to deal with encrypted volume. 583service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 584 disabled 585 oneshot 586 # vold will set vold.decrypt to trigger_restart_framework (default 587 # encryption) or trigger_restart_min_framework (other encryption) 588 589# One shot invocation to encrypt unencrypted volumes 590service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default 591 disabled 592 oneshot 593 # vold will set vold.decrypt to trigger_restart_framework (default 594 # encryption) 595 596service bootanim /system/bin/bootanimation 597 class core 598 user graphics 599 group graphics audio 600 disabled 601 oneshot 602 603service installd /system/bin/installd 604 class main 605 socket installd stream 600 system system 606 607service flash_recovery /system/bin/install-recovery.sh 608 class main 609 oneshot 610 611service racoon /system/bin/racoon 612 class main 613 socket racoon stream 600 system system 614 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 615 group vpn net_admin inet 616 disabled 617 oneshot 618 619service mtpd /system/bin/mtpd 620 class main 621 socket mtpd stream 600 system system 622 user vpn 623 group vpn net_admin inet net_raw 624 disabled 625 oneshot 626 627service keystore /system/bin/keystore /data/misc/keystore 628 class main 629 user keystore 630 group keystore drmrpc 631 632service dumpstate /system/bin/dumpstate -s 633 class main 634 socket dumpstate stream 0660 shell log 635 disabled 636 oneshot 637 638service mdnsd /system/bin/mdnsd 639 class main 640 user mdnsr 641 group inet net_raw 642 socket mdnsd stream 0660 mdnsr inet 643 disabled 644 oneshot 645 646service pre-recovery /system/bin/uncrypt 647 class main 648 disabled 649 oneshot 650