init.rc revision 25dd43a9a5073f0e59102750cb0410b8e9bc9847
1import /init.${ro.hardware}.rc
2
3on early-init
4    # Set init and its forked children's oom_adj.
5    write /proc/1/oom_adj -16
6
7    start ueventd
8
9# create mountpoints
10    mkdir /mnt 0775 root system
11
12on init
13
14sysclktz 0
15
16loglevel 3
17
18# setup the global environment
19    export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
20    export LD_LIBRARY_PATH /vendor/lib:/system/lib
21    export ANDROID_BOOTLOGO 1
22    export ANDROID_ROOT /system
23    export ANDROID_ASSETS /system/app
24    export ANDROID_DATA /data
25    export ASEC_MOUNTPOINT /mnt/asec
26    export LOOP_MOUNTPOINT /mnt/obb
27    export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar:/system/framework/filterfw.jar
28
29# Backward compatibility
30    symlink /system/etc /etc
31    symlink /sys/kernel/debug /d
32
33# Right now vendor lives on the same filesystem as system,
34# but someday that may change.
35    symlink /system/vendor /vendor
36
37# Create cgroup mount point for cpu accounting
38    mkdir /acct
39    mount cgroup none /acct cpuacct
40    mkdir /acct/uid
41
42    mkdir /system
43    mkdir /data 0771 system system
44    mkdir /cache 0770 system cache
45    mkdir /config 0500 root root
46
47    # Directory for putting things only root should see.
48    mkdir /mnt/secure 0700 root root
49
50    # Directory for staging bindmounts
51    mkdir /mnt/secure/staging 0700 root root
52
53    # Directory-target for where the secure container
54    # imagefile directory will be bind-mounted
55    mkdir /mnt/secure/asec  0700 root root
56
57    # Secure container public mount points.
58    mkdir /mnt/asec  0700 root system
59    mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
60
61    # Filesystem image public mount points.
62    mkdir /mnt/obb 0700 root system
63    mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
64
65    write /proc/sys/kernel/panic_on_oops 1
66    write /proc/sys/kernel/hung_task_timeout_secs 0
67    write /proc/cpu/alignment 4
68    write /proc/sys/kernel/sched_latency_ns 10000000
69    write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
70    write /proc/sys/kernel/sched_compat_yield 1
71    write /proc/sys/kernel/sched_child_runs_first 0
72    write /proc/sys/kernel/randomize_va_space 2
73
74# Create cgroup mount points for process groups
75    mkdir /dev/cpuctl
76    mount cgroup none /dev/cpuctl cpu
77    chown system system /dev/cpuctl
78    chown system system /dev/cpuctl/tasks
79    chmod 0777 /dev/cpuctl/tasks
80    write /dev/cpuctl/cpu.shares 1024
81
82    mkdir /dev/cpuctl/fg_boost
83    chown system system /dev/cpuctl/fg_boost/tasks
84    chmod 0777 /dev/cpuctl/fg_boost/tasks
85    write /dev/cpuctl/fg_boost/cpu.shares 1024
86
87    mkdir /dev/cpuctl/bg_non_interactive
88    chown system system /dev/cpuctl/bg_non_interactive/tasks
89    chmod 0777 /dev/cpuctl/bg_non_interactive/tasks
90    # 5.0 %
91    write /dev/cpuctl/bg_non_interactive/cpu.shares 52
92
93# Allow everybody to read the xt_qtaguid resource tracking misc dev.
94# This is needed by any process that uses socket tagging.
95    chmod 0644 /dev/xt_qtaguid
96
97on fs
98# mount mtd partitions
99    # Mount /system rw first to give the filesystem a chance to save a checkpoint
100    mount yaffs2 mtd@system /system
101    mount yaffs2 mtd@system /system ro remount
102    mount yaffs2 mtd@userdata /data nosuid nodev
103    mount yaffs2 mtd@cache /cache nosuid nodev
104
105on post-fs
106    # once everything is setup, no need to modify /
107    mount rootfs rootfs / ro remount
108
109    # We chown/chmod /cache again so because mount is run as root + defaults
110    chown system cache /cache
111    chmod 0770 /cache
112
113    # This may have been created by the recovery system with odd permissions
114    chown system cache /cache/recovery
115    chmod 0770 /cache/recovery
116
117    #change permissions on vmallocinfo so we can grab it from bugreports
118    chown root log /proc/vmallocinfo
119    chmod 0440 /proc/vmallocinfo
120
121    #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
122    chown root system /proc/kmsg
123    chmod 0440 /proc/kmsg
124    chown root system /proc/sysrq-trigger
125    chmod 0220 /proc/sysrq-trigger
126
127    # create the lost+found directories, so as to enforce our permissions
128    mkdir /cache/lost+found 0770 root root
129
130on post-fs-data
131    # We chown/chmod /data again so because mount is run as root + defaults
132    chown system system /data
133    chmod 0771 /data
134
135    # Create dump dir and collect dumps.
136    # Do this before we mount cache so eventually we can use cache for
137    # storing dumps on platforms which do not have a dedicated dump partition.
138    mkdir /data/dontpanic 0750 root log
139
140    # Collect apanic data, free resources and re-arm trigger
141    copy /proc/apanic_console /data/dontpanic/apanic_console
142    chown root log /data/dontpanic/apanic_console
143    chmod 0640 /data/dontpanic/apanic_console
144
145    copy /proc/apanic_threads /data/dontpanic/apanic_threads
146    chown root log /data/dontpanic/apanic_threads
147    chmod 0640 /data/dontpanic/apanic_threads
148
149    write /proc/apanic_console 1
150
151    # create basic filesystem structure
152    mkdir /data/misc 01771 system misc
153    mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
154    mkdir /data/misc/bluetooth 0770 system system
155    mkdir /data/misc/keystore 0700 keystore keystore
156    mkdir /data/misc/keychain 0771 system system
157    mkdir /data/misc/vpn 0770 system vpn
158    mkdir /data/misc/systemkeys 0700 system system
159    # give system access to wpa_supplicant.conf for backup and restore
160    mkdir /data/misc/wifi 0770 wifi wifi
161    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
162    mkdir /data/local 0751 root root
163    mkdir /data/local/tmp 0771 shell shell
164    mkdir /data/data 0771 system system
165    mkdir /data/app-private 0771 system system
166    mkdir /data/app 0771 system system
167    mkdir /data/property 0700 root root
168
169    # create dalvik-cache, so as to enforce our permissions
170    mkdir /data/dalvik-cache 0771 system system
171
172    # create resource-cache and double-check the perms
173    mkdir /data/resource-cache 0771 system system
174    chown system system /data/resource-cache
175    chmod 0771 /data/resource-cache
176
177    # create the lost+found directories, so as to enforce our permissions
178    mkdir /data/lost+found 0770 root root
179
180    # create directory for DRM plug-ins - give drm the read/write access to
181    # the following directory.
182    mkdir /data/drm 0770 drm drm
183
184    # If there is no fs-post-data action in the init.<device>.rc file, you
185    # must uncomment this line, otherwise encrypted filesystems
186    # won't work.
187    # Set indication (checked by vold) that we have finished this action
188    #setprop vold.post_fs_data_done 1
189
190    chown system system /sys/class/android_usb/android0/f_mass_storage/lun/file
191    chmod 0660 /sys/class/android_usb/android0/f_mass_storage/lun/file
192    chown system system /sys/class/android_usb/android0/f_rndis/ethaddr
193    chmod 0660 /sys/class/android_usb/android0/f_rndis/ethaddr
194
195on boot
196# basic network init
197    ifup lo
198    hostname localhost
199    domainname localdomain
200
201# set RLIMIT_NICE to allow priorities from 19 to -20
202    setrlimit 13 40 40
203
204# Memory management.  Basic kernel parameters, and allow the high
205# level system server to be able to adjust the kernel OOM driver
206# paramters to match how it is managing things.
207    write /proc/sys/vm/overcommit_memory 1
208    write /proc/sys/vm/min_free_order_shift 4
209    chown root system /sys/module/lowmemorykiller/parameters/adj
210    chmod 0664 /sys/module/lowmemorykiller/parameters/adj
211    chown root system /sys/module/lowmemorykiller/parameters/minfree
212    chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
213
214    # Tweak background writeout
215    write /proc/sys/vm/dirty_expire_centisecs 200
216    write /proc/sys/vm/dirty_background_ratio  5
217
218    # Permissions for System Server and daemons.
219    chown radio system /sys/android_power/state
220    chown radio system /sys/android_power/request_state
221    chown radio system /sys/android_power/acquire_full_wake_lock
222    chown radio system /sys/android_power/acquire_partial_wake_lock
223    chown radio system /sys/android_power/release_wake_lock
224    chown radio system /sys/power/state
225    chown radio system /sys/power/wake_lock
226    chown radio system /sys/power/wake_unlock
227    chmod 0660 /sys/power/state
228    chmod 0660 /sys/power/wake_lock
229    chmod 0660 /sys/power/wake_unlock
230    chown system system /sys/class/timed_output/vibrator/enable
231    chown system system /sys/class/leds/keyboard-backlight/brightness
232    chown system system /sys/class/leds/lcd-backlight/brightness
233    chown system system /sys/class/leds/button-backlight/brightness
234    chown system system /sys/class/leds/jogball-backlight/brightness
235    chown system system /sys/class/leds/red/brightness
236    chown system system /sys/class/leds/green/brightness
237    chown system system /sys/class/leds/blue/brightness
238    chown system system /sys/class/leds/red/device/grpfreq
239    chown system system /sys/class/leds/red/device/grppwm
240    chown system system /sys/class/leds/red/device/blink
241    chown system system /sys/class/leds/red/brightness
242    chown system system /sys/class/leds/green/brightness
243    chown system system /sys/class/leds/blue/brightness
244    chown system system /sys/class/leds/red/device/grpfreq
245    chown system system /sys/class/leds/red/device/grppwm
246    chown system system /sys/class/leds/red/device/blink
247    chown system system /sys/class/timed_output/vibrator/enable
248    chown system system /sys/module/sco/parameters/disable_esco
249    chown system system /sys/kernel/ipv4/tcp_wmem_min
250    chown system system /sys/kernel/ipv4/tcp_wmem_def
251    chown system system /sys/kernel/ipv4/tcp_wmem_max
252    chown system system /sys/kernel/ipv4/tcp_rmem_min
253    chown system system /sys/kernel/ipv4/tcp_rmem_def
254    chown system system /sys/kernel/ipv4/tcp_rmem_max
255    chown root radio /proc/cmdline
256
257# Define TCP buffer sizes for various networks
258#   ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
259    setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
260    setprop net.tcp.buffersize.wifi    524288,1048576,2097152,262144,524288,1048576
261    setprop net.tcp.buffersize.lte     524288,1048576,2097152,262144,524288,1048576
262    setprop net.tcp.buffersize.umts    4094,87380,110208,4096,16384,110208
263    setprop net.tcp.buffersize.hspa    4094,87380,262144,4096,16384,262144
264    setprop net.tcp.buffersize.edge    4093,26280,35040,4096,16384,35040
265    setprop net.tcp.buffersize.gprs    4092,8760,11680,4096,8760,11680
266
267# Set this property so surfaceflinger is not started by system_init
268    setprop system_init.startsurfaceflinger 0
269
270    class_start core
271    class_start main
272
273on nonencrypted
274    class_start late_start
275
276on charger
277    class_start charger
278
279on property:vold.decrypt=trigger_reset_main
280    class_reset main
281
282on property:vold.decrypt=trigger_load_persist_props
283    load_persist_props
284
285on property:vold.decrypt=trigger_post_fs_data
286    trigger post-fs-data
287
288on property:vold.decrypt=trigger_restart_min_framework
289    class_start main
290
291on property:vold.decrypt=trigger_restart_framework
292    class_start main
293    class_start late_start
294
295on property:vold.decrypt=trigger_shutdown_framework
296    class_reset late_start
297    class_reset main
298
299# Used to disable USB when switching states
300on property:sys.usb.config=none
301    stop adbd
302    write /sys/class/android_usb/android0/enable 0
303    write /sys/class/android_usb/android0/bDeviceClass 0
304    setprop sys.usb.state ${sys.usb.config}
305
306# adb only USB configuration
307# This should only be used during device bringup
308# and as a fallback if the USB manager fails to set a standard configuration
309on property:sys.usb.config=adb
310    write /sys/class/android_usb/android0/enable 0
311    write /sys/class/android_usb/android0/idVendor 18d1
312    write /sys/class/android_usb/android0/idProduct D002
313    write /sys/class/android_usb/android0/functions ${sys.usb.config}
314    write /sys/class/android_usb/android0/enable 1
315    start adbd
316    setprop sys.usb.state ${sys.usb.config}
317
318# USB accessory configuration
319on property:sys.usb.config=accessory
320    write /sys/class/android_usb/android0/enable 0
321    write /sys/class/android_usb/android0/idVendor 18d1
322    write /sys/class/android_usb/android0/idProduct 2d00
323    write /sys/class/android_usb/android0/functions ${sys.usb.config}
324    write /sys/class/android_usb/android0/enable 1
325    setprop sys.usb.state ${sys.usb.config}
326
327# USB accessory configuration, with adb
328on property:sys.usb.config=accessory,adb
329    write /sys/class/android_usb/android0/enable 0
330    write /sys/class/android_usb/android0/idVendor 18d1
331    write /sys/class/android_usb/android0/idProduct 2d01
332    write /sys/class/android_usb/android0/functions ${sys.usb.config}
333    write /sys/class/android_usb/android0/enable 1
334    start adbd
335    setprop sys.usb.state ${sys.usb.config}
336
337# Used to set USB configuration at boot and to switch the configuration
338# when changing the default configuration
339on property:persist.sys.usb.config=*
340    setprop sys.usb.config ${persist.sys.usb.config}
341
342## Daemon processes to be run by init.
343##
344service ueventd /sbin/ueventd
345    class core
346    critical
347
348service console /system/bin/sh
349    class core
350    console
351    disabled
352    user shell
353    group log
354
355on property:ro.debuggable=1
356    start console
357
358# adbd is controlled via property triggers in init.<platform>.usb.rc
359service adbd /sbin/adbd
360    class core
361    disabled
362
363# adbd on at boot in emulator
364on property:ro.kernel.qemu=1
365    start adbd
366
367# This property trigger has added to imitiate the previous behavior of "adb root".
368# The adb gadget driver used to reset the USB bus when the adbd daemon exited,
369# and the host side adb relied on this behavior to force it to reconnect with the
370# new adbd instance after init relaunches it. So now we force the USB bus to reset
371# here when adbd sets the service.adb.root property to 1.  We also restart adbd here
372# rather than waiting for init to notice its death and restarting it so the timing
373# of USB resetting and adb restarting more closely matches the previous behavior.
374on property:service.adb.root=1
375    write /sys/class/android_usb/android0/enable 0
376    restart adbd
377    write /sys/class/android_usb/android0/enable 1
378
379service servicemanager /system/bin/servicemanager
380    class core
381    user system
382    group system
383    critical
384    onrestart restart zygote
385    onrestart restart media
386    onrestart restart surfaceflinger
387    onrestart restart drm
388
389service vold /system/bin/vold
390    class core
391    socket vold stream 0660 root mount
392    ioprio be 2
393
394service netd /system/bin/netd
395    class main
396    socket netd stream 0660 root system
397    socket dnsproxyd stream 0660 root inet
398
399service debuggerd /system/bin/debuggerd
400    class main
401
402service ril-daemon /system/bin/rild
403    class main
404    socket rild stream 660 root radio
405    socket rild-debug stream 660 radio system
406    user root
407    group radio cache inet misc audio sdcard_rw log
408
409service surfaceflinger /system/bin/surfaceflinger
410    class main
411    user system
412    group graphics
413    onrestart restart zygote
414
415service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
416    class main
417    socket zygote stream 660 root system
418    onrestart write /sys/android_power/request_state wake
419    onrestart write /sys/power/state on
420    onrestart restart media
421    onrestart restart netd
422
423service drm /system/bin/drmserver
424    class main
425    user drm
426    group system inet drmrpc
427
428service media /system/bin/mediaserver
429    class main
430    user media
431    group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc
432    ioprio rt 4
433
434service bootanim /system/bin/bootanimation
435    class main
436    user graphics
437    group graphics
438    disabled
439    oneshot
440
441service dbus /system/bin/dbus-daemon --system --nofork
442    class main
443    socket dbus stream 660 bluetooth bluetooth
444    user bluetooth
445    group bluetooth net_bt_admin
446
447service bluetoothd /system/bin/bluetoothd -n
448    class main
449    socket bluetooth stream 660 bluetooth bluetooth
450    socket dbus_bluetooth stream 660 bluetooth bluetooth
451    # init.rc does not yet support applying capabilities, so run as root and
452    # let bluetoothd drop uid to bluetooth with the right linux capabilities
453    group bluetooth net_bt_admin misc
454    disabled
455
456service installd /system/bin/installd
457    class main
458    socket installd stream 600 system system
459
460service flash_recovery /system/etc/install-recovery.sh
461    class main
462    oneshot
463
464service racoon /system/bin/racoon
465    class main
466    socket racoon stream 600 system system
467    # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
468    group vpn net_admin inet
469    disabled
470    oneshot
471
472service mtpd /system/bin/mtpd
473    class main
474    socket mtpd stream 600 system system
475    user vpn
476    group vpn net_admin inet net_raw
477    disabled
478    oneshot
479
480service keystore /system/bin/keystore /data/misc/keystore
481    class main
482    user keystore
483    group keystore
484    socket keystore stream 666
485
486service dumpstate /system/bin/dumpstate -s
487    class main
488    socket dumpstate stream 0660 shell log
489    disabled
490    oneshot
491