init.rc revision 1eee419e7a1c5789f81e1e3a19693403495e70f1
1import /init.${ro.hardware}.rc 2 3on early-init 4 # Set init and its forked children's oom_adj. 5 write /proc/1/oom_adj -16 6 7 # Set the security context for the init process. 8 # This should occur before anything else (e.g. ueventd) is started. 9 setcon u:r:init:s0 10 11 start ueventd 12 13# create mountpoints 14 mkdir /mnt 0775 root system 15 16on init 17 18sysclktz 0 19 20loglevel 3 21 22# setup the global environment 23 export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin 24 export LD_LIBRARY_PATH /vendor/lib:/system/lib 25 export ANDROID_BOOTLOGO 1 26 export ANDROID_ROOT /system 27 export ANDROID_ASSETS /system/app 28 export ANDROID_DATA /data 29 export ASEC_MOUNTPOINT /mnt/asec 30 export LOOP_MOUNTPOINT /mnt/obb 31 export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar:/system/framework/filterfw.jar 32 33# Backward compatibility 34 symlink /system/etc /etc 35 symlink /sys/kernel/debug /d 36 37# Right now vendor lives on the same filesystem as system, 38# but someday that may change. 39 symlink /system/vendor /vendor 40 41# Create cgroup mount point for cpu accounting 42 mkdir /acct 43 mount cgroup none /acct cpuacct 44 mkdir /acct/uid 45 46 mkdir /system 47 mkdir /data 0771 system system 48 mkdir /cache 0770 system cache 49 mkdir /config 0500 root root 50 51 # Directory for putting things only root should see. 52 mkdir /mnt/secure 0700 root root 53 54 # Directory for staging bindmounts 55 mkdir /mnt/secure/staging 0700 root root 56 57 # Directory-target for where the secure container 58 # imagefile directory will be bind-mounted 59 mkdir /mnt/secure/asec 0700 root root 60 61 # Secure container public mount points. 62 mkdir /mnt/asec 0700 root system 63 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 64 65 # Filesystem image public mount points. 66 mkdir /mnt/obb 0700 root system 67 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 68 69 write /proc/sys/kernel/panic_on_oops 1 70 write /proc/sys/kernel/hung_task_timeout_secs 0 71 write /proc/cpu/alignment 4 72 write /proc/sys/kernel/sched_latency_ns 10000000 73 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 74 write /proc/sys/kernel/sched_compat_yield 1 75 write /proc/sys/kernel/sched_child_runs_first 0 76 write /proc/sys/kernel/randomize_va_space 2 77 78# Create cgroup mount points for process groups 79 mkdir /dev/cpuctl 80 mount cgroup none /dev/cpuctl cpu 81 chown system system /dev/cpuctl 82 chown system system /dev/cpuctl/tasks 83 chmod 0777 /dev/cpuctl/tasks 84 write /dev/cpuctl/cpu.shares 1024 85 86 mkdir /dev/cpuctl/fg_boost 87 chown system system /dev/cpuctl/fg_boost/tasks 88 chmod 0777 /dev/cpuctl/fg_boost/tasks 89 write /dev/cpuctl/fg_boost/cpu.shares 1024 90 91 mkdir /dev/cpuctl/bg_non_interactive 92 chown system system /dev/cpuctl/bg_non_interactive/tasks 93 chmod 0777 /dev/cpuctl/bg_non_interactive/tasks 94 # 5.0 % 95 write /dev/cpuctl/bg_non_interactive/cpu.shares 52 96 97# Allow everybody to read the xt_qtaguid resource tracking misc dev. 98# This is needed by any process that uses socket tagging. 99 chmod 0644 /dev/xt_qtaguid 100 101on fs 102# mount mtd partitions 103 # Mount /system rw first to give the filesystem a chance to save a checkpoint 104 mount yaffs2 mtd@system /system 105 mount yaffs2 mtd@system /system ro remount 106 mount yaffs2 mtd@userdata /data nosuid nodev 107 mount yaffs2 mtd@cache /cache nosuid nodev 108 109on post-fs 110 # once everything is setup, no need to modify / 111 mount rootfs rootfs / ro remount 112 113 # We chown/chmod /cache again so because mount is run as root + defaults 114 chown system cache /cache 115 chmod 0770 /cache 116 # We restorecon /cache in case the cache partition has been reset. 117 restorecon /cache 118 119 # This may have been created by the recovery system with odd permissions 120 chown system cache /cache/recovery 121 chmod 0770 /cache/recovery 122 # This may have been created by the recovery system with the wrong context. 123 restorecon /cache/recovery 124 125 #change permissions on vmallocinfo so we can grab it from bugreports 126 chown root log /proc/vmallocinfo 127 chmod 0440 /proc/vmallocinfo 128 129 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 130 chown root system /proc/kmsg 131 chmod 0440 /proc/kmsg 132 chown root system /proc/sysrq-trigger 133 chmod 0220 /proc/sysrq-trigger 134 135 # create the lost+found directories, so as to enforce our permissions 136 mkdir /cache/lost+found 0770 root root 137 138on post-fs-data 139 # We chown/chmod /data again so because mount is run as root + defaults 140 chown system system /data 141 chmod 0771 /data 142 # We restorecon /data in case the userdata partition has been reset. 143 restorecon /data 144 145 # Create dump dir and collect dumps. 146 # Do this before we mount cache so eventually we can use cache for 147 # storing dumps on platforms which do not have a dedicated dump partition. 148 mkdir /data/dontpanic 0750 root log 149 150 # Collect apanic data, free resources and re-arm trigger 151 copy /proc/apanic_console /data/dontpanic/apanic_console 152 chown root log /data/dontpanic/apanic_console 153 chmod 0640 /data/dontpanic/apanic_console 154 155 copy /proc/apanic_threads /data/dontpanic/apanic_threads 156 chown root log /data/dontpanic/apanic_threads 157 chmod 0640 /data/dontpanic/apanic_threads 158 159 write /proc/apanic_console 1 160 161 # create basic filesystem structure 162 mkdir /data/misc 01771 system misc 163 mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth 164 mkdir /data/misc/bluetooth 0770 system system 165 mkdir /data/misc/keystore 0700 keystore keystore 166 mkdir /data/misc/keychain 0771 system system 167 mkdir /data/misc/vpn 0770 system vpn 168 mkdir /data/misc/systemkeys 0700 system system 169 # give system access to wpa_supplicant.conf for backup and restore 170 mkdir /data/misc/wifi 0770 wifi wifi 171 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 172 mkdir /data/local 0751 root root 173 mkdir /data/local/tmp 0771 shell shell 174 mkdir /data/data 0771 system system 175 mkdir /data/app-private 0771 system system 176 mkdir /data/app 0771 system system 177 mkdir /data/property 0700 root root 178 179 # create dalvik-cache, so as to enforce our permissions 180 mkdir /data/dalvik-cache 0771 system system 181 182 # create resource-cache and double-check the perms 183 mkdir /data/resource-cache 0771 system system 184 chown system system /data/resource-cache 185 chmod 0771 /data/resource-cache 186 187 # create the lost+found directories, so as to enforce our permissions 188 mkdir /data/lost+found 0770 root root 189 190 # create directory for DRM plug-ins - give drm the read/write access to 191 # the following directory. 192 mkdir /data/drm 0770 drm drm 193 194 # If there is no fs-post-data action in the init.<device>.rc file, you 195 # must uncomment this line, otherwise encrypted filesystems 196 # won't work. 197 # Set indication (checked by vold) that we have finished this action 198 #setprop vold.post_fs_data_done 1 199 200 chown system system /sys/class/android_usb/android0/f_mass_storage/lun/file 201 chmod 0660 /sys/class/android_usb/android0/f_mass_storage/lun/file 202 chown system system /sys/class/android_usb/android0/f_rndis/ethaddr 203 chmod 0660 /sys/class/android_usb/android0/f_rndis/ethaddr 204 205on boot 206# basic network init 207 ifup lo 208 hostname localhost 209 domainname localdomain 210 211# set RLIMIT_NICE to allow priorities from 19 to -20 212 setrlimit 13 40 40 213 214# Memory management. Basic kernel parameters, and allow the high 215# level system server to be able to adjust the kernel OOM driver 216# paramters to match how it is managing things. 217 write /proc/sys/vm/overcommit_memory 1 218 write /proc/sys/vm/min_free_order_shift 4 219 chown root system /sys/module/lowmemorykiller/parameters/adj 220 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 221 chown root system /sys/module/lowmemorykiller/parameters/minfree 222 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 223 224 # Tweak background writeout 225 write /proc/sys/vm/dirty_expire_centisecs 200 226 write /proc/sys/vm/dirty_background_ratio 5 227 228 # Permissions for System Server and daemons. 229 chown radio system /sys/android_power/state 230 chown radio system /sys/android_power/request_state 231 chown radio system /sys/android_power/acquire_full_wake_lock 232 chown radio system /sys/android_power/acquire_partial_wake_lock 233 chown radio system /sys/android_power/release_wake_lock 234 chown radio system /sys/power/state 235 chown radio system /sys/power/wake_lock 236 chown radio system /sys/power/wake_unlock 237 chmod 0660 /sys/power/state 238 chmod 0660 /sys/power/wake_lock 239 chmod 0660 /sys/power/wake_unlock 240 chown system system /sys/class/timed_output/vibrator/enable 241 chown system system /sys/class/leds/keyboard-backlight/brightness 242 chown system system /sys/class/leds/lcd-backlight/brightness 243 chown system system /sys/class/leds/button-backlight/brightness 244 chown system system /sys/class/leds/jogball-backlight/brightness 245 chown system system /sys/class/leds/red/brightness 246 chown system system /sys/class/leds/green/brightness 247 chown system system /sys/class/leds/blue/brightness 248 chown system system /sys/class/leds/red/device/grpfreq 249 chown system system /sys/class/leds/red/device/grppwm 250 chown system system /sys/class/leds/red/device/blink 251 chown system system /sys/class/leds/red/brightness 252 chown system system /sys/class/leds/green/brightness 253 chown system system /sys/class/leds/blue/brightness 254 chown system system /sys/class/leds/red/device/grpfreq 255 chown system system /sys/class/leds/red/device/grppwm 256 chown system system /sys/class/leds/red/device/blink 257 chown system system /sys/class/timed_output/vibrator/enable 258 chown system system /sys/module/sco/parameters/disable_esco 259 chown system system /sys/kernel/ipv4/tcp_wmem_min 260 chown system system /sys/kernel/ipv4/tcp_wmem_def 261 chown system system /sys/kernel/ipv4/tcp_wmem_max 262 chown system system /sys/kernel/ipv4/tcp_rmem_min 263 chown system system /sys/kernel/ipv4/tcp_rmem_def 264 chown system system /sys/kernel/ipv4/tcp_rmem_max 265 chown root radio /proc/cmdline 266 267# Define TCP buffer sizes for various networks 268# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax, 269 setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208 270 setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576 271 setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576 272 setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208 273 setprop net.tcp.buffersize.hspa 4094,87380,262144,4096,16384,262144 274 setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040 275 setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680 276 277# Set this property so surfaceflinger is not started by system_init 278 setprop system_init.startsurfaceflinger 0 279 280 class_start core 281 class_start main 282 283on nonencrypted 284 class_start late_start 285 286on charger 287 class_start charger 288 289on property:vold.decrypt=trigger_reset_main 290 class_reset main 291 292on property:vold.decrypt=trigger_load_persist_props 293 load_persist_props 294 295on property:vold.decrypt=trigger_post_fs_data 296 trigger post-fs-data 297 298on property:vold.decrypt=trigger_restart_min_framework 299 class_start main 300 301on property:vold.decrypt=trigger_restart_framework 302 class_start main 303 class_start late_start 304 305on property:vold.decrypt=trigger_shutdown_framework 306 class_reset late_start 307 class_reset main 308 309# Used to disable USB when switching states 310on property:sys.usb.config=none 311 stop adbd 312 write /sys/class/android_usb/android0/enable 0 313 write /sys/class/android_usb/android0/bDeviceClass 0 314 setprop sys.usb.state ${sys.usb.config} 315 316# adb only USB configuration 317# This should only be used during device bringup 318# and as a fallback if the USB manager fails to set a standard configuration 319on property:sys.usb.config=adb 320 write /sys/class/android_usb/android0/enable 0 321 write /sys/class/android_usb/android0/idVendor 18d1 322 write /sys/class/android_usb/android0/idProduct D002 323 write /sys/class/android_usb/android0/functions ${sys.usb.config} 324 write /sys/class/android_usb/android0/enable 1 325 start adbd 326 setprop sys.usb.state ${sys.usb.config} 327 328# USB accessory configuration 329on property:sys.usb.config=accessory 330 write /sys/class/android_usb/android0/enable 0 331 write /sys/class/android_usb/android0/idVendor 18d1 332 write /sys/class/android_usb/android0/idProduct 2d00 333 write /sys/class/android_usb/android0/functions ${sys.usb.config} 334 write /sys/class/android_usb/android0/enable 1 335 setprop sys.usb.state ${sys.usb.config} 336 337# USB accessory configuration, with adb 338on property:sys.usb.config=accessory,adb 339 write /sys/class/android_usb/android0/enable 0 340 write /sys/class/android_usb/android0/idVendor 18d1 341 write /sys/class/android_usb/android0/idProduct 2d01 342 write /sys/class/android_usb/android0/functions ${sys.usb.config} 343 write /sys/class/android_usb/android0/enable 1 344 start adbd 345 setprop sys.usb.state ${sys.usb.config} 346 347# Used to set USB configuration at boot and to switch the configuration 348# when changing the default configuration 349on property:persist.sys.usb.config=* 350 setprop sys.usb.config ${persist.sys.usb.config} 351 352## Daemon processes to be run by init. 353## 354service ueventd /sbin/ueventd 355 class core 356 critical 357 seclabel u:r:ueventd:s0 358 359service console /system/bin/sh 360 class core 361 console 362 disabled 363 user shell 364 group log 365 366on property:ro.debuggable=1 367 start console 368 369# adbd is controlled via property triggers in init.<platform>.usb.rc 370service adbd /sbin/adbd 371 class core 372 disabled 373 seclabel u:r:adbd:s0 374 375# adbd on at boot in emulator 376on property:ro.kernel.qemu=1 377 start adbd 378 379# This property trigger has added to imitiate the previous behavior of "adb root". 380# The adb gadget driver used to reset the USB bus when the adbd daemon exited, 381# and the host side adb relied on this behavior to force it to reconnect with the 382# new adbd instance after init relaunches it. So now we force the USB bus to reset 383# here when adbd sets the service.adb.root property to 1. We also restart adbd here 384# rather than waiting for init to notice its death and restarting it so the timing 385# of USB resetting and adb restarting more closely matches the previous behavior. 386on property:service.adb.root=1 387 write /sys/class/android_usb/android0/enable 0 388 restart adbd 389 write /sys/class/android_usb/android0/enable 1 390 391service servicemanager /system/bin/servicemanager 392 class core 393 user system 394 group system 395 critical 396 onrestart restart zygote 397 onrestart restart media 398 onrestart restart surfaceflinger 399 onrestart restart drm 400 401service vold /system/bin/vold 402 class core 403 socket vold stream 0660 root mount 404 ioprio be 2 405 406service netd /system/bin/netd 407 class main 408 socket netd stream 0660 root system 409 socket dnsproxyd stream 0660 root inet 410 411service debuggerd /system/bin/debuggerd 412 class main 413 414service ril-daemon /system/bin/rild 415 class main 416 socket rild stream 660 root radio 417 socket rild-debug stream 660 radio system 418 user root 419 group radio cache inet misc audio sdcard_rw log 420 421service surfaceflinger /system/bin/surfaceflinger 422 class main 423 user system 424 group graphics 425 onrestart restart zygote 426 427service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server 428 class main 429 socket zygote stream 660 root system 430 onrestart write /sys/android_power/request_state wake 431 onrestart write /sys/power/state on 432 onrestart restart media 433 onrestart restart netd 434 435service drm /system/bin/drmserver 436 class main 437 user drm 438 group system inet drmrpc 439 440service media /system/bin/mediaserver 441 class main 442 user media 443 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc 444 ioprio rt 4 445 446service bootanim /system/bin/bootanimation 447 class main 448 user graphics 449 group graphics 450 disabled 451 oneshot 452 453service dbus /system/bin/dbus-daemon --system --nofork 454 class main 455 socket dbus stream 660 bluetooth bluetooth 456 user bluetooth 457 group bluetooth net_bt_admin 458 459service bluetoothd /system/bin/bluetoothd -n 460 class main 461 socket bluetooth stream 660 bluetooth bluetooth 462 socket dbus_bluetooth stream 660 bluetooth bluetooth 463 # init.rc does not yet support applying capabilities, so run as root and 464 # let bluetoothd drop uid to bluetooth with the right linux capabilities 465 group bluetooth net_bt_admin misc 466 disabled 467 468service installd /system/bin/installd 469 class main 470 socket installd stream 600 system system 471 472service flash_recovery /system/etc/install-recovery.sh 473 class main 474 oneshot 475 476service racoon /system/bin/racoon 477 class main 478 socket racoon stream 600 system system 479 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 480 group vpn net_admin inet 481 disabled 482 oneshot 483 484service mtpd /system/bin/mtpd 485 class main 486 socket mtpd stream 600 system system 487 user vpn 488 group vpn net_admin inet net_raw 489 disabled 490 oneshot 491 492service keystore /system/bin/keystore /data/misc/keystore 493 class main 494 user keystore 495 group keystore 496 socket keystore stream 666 497 498service dumpstate /system/bin/dumpstate -s 499 class main 500 socket dumpstate stream 0660 shell log 501 disabled 502 oneshot 503