init.rc revision 3878ebd72493427ea5537b36dfb9cd7cb38677bb
1# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7import /init.environ.rc
8import /init.usb.rc
9import /init.${ro.hardware}.rc
10import /init.${ro.zygote}.rc
11import /init.trace.rc
12
13on early-init
14    # Set init and its forked children's oom_adj.
15    write /proc/1/oom_adj -16
16
17    # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
18    write /sys/fs/selinux/checkreqprot 0
19
20    # Set the security context for the init process.
21    # This should occur before anything else (e.g. ueventd) is started.
22    setcon u:r:init:s0
23
24    # Set the security context of /adb_keys if present.
25    restorecon /adb_keys
26
27    start ueventd
28
29    # create mountpoints
30    mkdir /mnt 0775 root system
31
32on init
33    sysclktz 0
34
35    loglevel 3
36
37    # Backward compatibility
38    symlink /system/etc /etc
39    symlink /sys/kernel/debug /d
40
41    # Right now vendor lives on the same filesystem as system,
42    # but someday that may change.
43    symlink /system/vendor /vendor
44
45    # Create cgroup mount point for cpu accounting
46    mkdir /acct
47    mount cgroup none /acct cpuacct
48    mkdir /acct/uid
49
50    # Create cgroup mount point for memory
51    mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
52    mkdir /sys/fs/cgroup/memory 0750 root system
53    mount cgroup none /sys/fs/cgroup/memory memory
54    write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
55    chown root system /sys/fs/cgroup/memory/tasks
56    chmod 0660 /sys/fs/cgroup/memory/tasks
57    mkdir /sys/fs/cgroup/memory/sw 0750 root system
58    write /sys/fs/cgroup/memory/sw/memory.swappiness 100
59    write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
60    chown root system /sys/fs/cgroup/memory/sw/tasks
61    chmod 0660 /sys/fs/cgroup/memory/sw/tasks
62
63    mkdir /system
64    mkdir /data 0771 system system
65    mkdir /cache 0770 system cache
66    mkdir /config 0500 root root
67
68    # See storage config details at http://source.android.com/tech/storage/
69    mkdir /mnt/shell 0700 shell shell
70    mkdir /mnt/media_rw 0700 media_rw media_rw
71    mkdir /storage 0751 root sdcard_r
72
73    # Directory for putting things only root should see.
74    mkdir /mnt/secure 0700 root root
75
76    # Directory for staging bindmounts
77    mkdir /mnt/secure/staging 0700 root root
78
79    # Directory-target for where the secure container
80    # imagefile directory will be bind-mounted
81    mkdir /mnt/secure/asec  0700 root root
82
83    # Secure container public mount points.
84    mkdir /mnt/asec  0700 root system
85    mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
86
87    # Filesystem image public mount points.
88    mkdir /mnt/obb 0700 root system
89    mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
90
91    write /proc/sys/kernel/panic_on_oops 1
92    write /proc/sys/kernel/hung_task_timeout_secs 0
93    write /proc/cpu/alignment 4
94    write /proc/sys/kernel/sched_latency_ns 10000000
95    write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
96    write /proc/sys/kernel/sched_compat_yield 1
97    write /proc/sys/kernel/sched_child_runs_first 0
98    write /proc/sys/kernel/randomize_va_space 2
99    write /proc/sys/kernel/kptr_restrict 2
100    write /proc/sys/vm/mmap_min_addr 32768
101    write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
102    write /proc/sys/net/unix/max_dgram_qlen 300
103    write /proc/sys/kernel/sched_rt_runtime_us 950000
104    write /proc/sys/kernel/sched_rt_period_us 1000000
105
106    # reflect fwmark from incoming packets onto generated replies
107    write /proc/sys/net/ipv4/fwmark_reflect 1
108    write /proc/sys/net/ipv6/fwmark_reflect 1
109
110    # set fwmark on accepted sockets
111    write /proc/sys/net/ipv4/tcp_fwmark_accept 1
112
113    # Create cgroup mount points for process groups
114    mkdir /dev/cpuctl
115    mount cgroup none /dev/cpuctl cpu
116    chown system system /dev/cpuctl
117    chown system system /dev/cpuctl/tasks
118    chmod 0660 /dev/cpuctl/tasks
119    write /dev/cpuctl/cpu.shares 1024
120    write /dev/cpuctl/cpu.rt_runtime_us 950000
121    write /dev/cpuctl/cpu.rt_period_us 1000000
122
123    mkdir /dev/cpuctl/apps
124    chown system system /dev/cpuctl/apps/tasks
125    chmod 0666 /dev/cpuctl/apps/tasks
126    write /dev/cpuctl/apps/cpu.shares 1024
127    write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
128    write /dev/cpuctl/apps/cpu.rt_period_us 1000000
129
130    mkdir /dev/cpuctl/apps/bg_non_interactive
131    chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
132    chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
133    # 5.0 %
134    write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
135    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
136    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
137
138    # qtaguid will limit access to specific data based on group memberships.
139    #   net_bw_acct grants impersonation of socket owners.
140    #   net_bw_stats grants access to other apps' detailed tagged-socket stats.
141    chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
142    chown root net_bw_stats /proc/net/xt_qtaguid/stats
143
144    # Allow everybody to read the xt_qtaguid resource tracking misc dev.
145    # This is needed by any process that uses socket tagging.
146    chmod 0644 /dev/xt_qtaguid
147
148    # Create location for fs_mgr to store abbreviated output from filesystem
149    # checker programs.
150    mkdir /dev/fscklogs 0770 root system
151
152    # pstore/ramoops previous console log
153    mount pstore pstore /sys/fs/pstore
154    chown system log /sys/fs/pstore/console-ramoops
155    chmod 0440 /sys/fs/pstore/console-ramoops
156
157# Healthd can trigger a full boot from charger mode by signaling this
158# property when the power button is held.
159on property:sys.boot_from_charger_mode=1
160    class_stop charger
161    trigger late-init
162
163# Load properties from /system/ + /factory after fs mount.
164on load_all_props_action
165    load_all_props
166
167# Indicate to fw loaders that the relevant mounts are up.
168on firmware_mounts_complete
169    rm /dev/.booting
170
171# Mount filesystems and start core system services.
172on late-init
173    trigger early-fs
174    trigger fs
175    trigger post-fs
176    trigger post-fs-data
177
178    # Load properties from /system/ + /factory after fs mount. Place
179    # this in another action so that the load will be scheduled after the prior
180    # issued fs triggers have completed.
181    trigger load_all_props_action
182
183    # Remove a file to wake up anything waiting for firmware.
184    trigger firmware_mounts_complete
185
186    trigger early-boot
187    trigger boot
188
189
190on post-fs
191    # once everything is setup, no need to modify /
192    mount rootfs rootfs / ro remount
193    # mount shared so changes propagate into child namespaces
194    mount rootfs rootfs / shared rec
195
196    # We chown/chmod /cache again so because mount is run as root + defaults
197    chown system cache /cache
198    chmod 0770 /cache
199    # We restorecon /cache in case the cache partition has been reset.
200    restorecon_recursive /cache
201
202    # This may have been created by the recovery system with odd permissions
203    chown system cache /cache/recovery
204    chmod 0770 /cache/recovery
205
206    #change permissions on vmallocinfo so we can grab it from bugreports
207    chown root log /proc/vmallocinfo
208    chmod 0440 /proc/vmallocinfo
209
210    chown root log /proc/slabinfo
211    chmod 0440 /proc/slabinfo
212
213    #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
214    chown root system /proc/kmsg
215    chmod 0440 /proc/kmsg
216    chown root system /proc/sysrq-trigger
217    chmod 0220 /proc/sysrq-trigger
218    chown system log /proc/last_kmsg
219    chmod 0440 /proc/last_kmsg
220
221    # make the selinux kernel policy world-readable
222    chmod 0444 /sys/fs/selinux/policy
223
224    # create the lost+found directories, so as to enforce our permissions
225    mkdir /cache/lost+found 0770 root root
226
227on post-fs-data
228    # We chown/chmod /data again so because mount is run as root + defaults
229    chown system system /data
230    chmod 0771 /data
231    # We restorecon /data in case the userdata partition has been reset.
232    restorecon /data
233
234    # Avoid predictable entropy pool. Carry over entropy from previous boot.
235    copy /data/system/entropy.dat /dev/urandom
236
237    # Create dump dir and collect dumps.
238    # Do this before we mount cache so eventually we can use cache for
239    # storing dumps on platforms which do not have a dedicated dump partition.
240    mkdir /data/dontpanic 0750 root log
241
242    # Collect apanic data, free resources and re-arm trigger
243    copy /proc/apanic_console /data/dontpanic/apanic_console
244    chown root log /data/dontpanic/apanic_console
245    chmod 0640 /data/dontpanic/apanic_console
246
247    copy /proc/apanic_threads /data/dontpanic/apanic_threads
248    chown root log /data/dontpanic/apanic_threads
249    chmod 0640 /data/dontpanic/apanic_threads
250
251    write /proc/apanic_console 1
252
253    # create basic filesystem structure
254    mkdir /data/misc 01771 system misc
255    mkdir /data/misc/adb 02750 system shell
256    mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
257    mkdir /data/misc/bluetooth 0770 system system
258    mkdir /data/misc/keystore 0700 keystore keystore
259    mkdir /data/misc/keychain 0771 system system
260    mkdir /data/misc/net 0750 root shell
261    mkdir /data/misc/radio 0770 system radio
262    mkdir /data/misc/sms 0770 system radio
263    mkdir /data/misc/zoneinfo 0775 system system
264    mkdir /data/misc/vpn 0770 system vpn
265    mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
266    mkdir /data/misc/systemkeys 0700 system system
267    mkdir /data/misc/wifi 0770 wifi wifi
268    mkdir /data/misc/wifi/sockets 0770 wifi wifi
269    mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
270    mkdir /data/misc/dhcp 0770 dhcp dhcp
271    mkdir /data/misc/user 0771 root root
272    # give system access to wpa_supplicant.conf for backup and restore
273    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
274    mkdir /data/local 0751 root root
275    mkdir /data/misc/media 0700 media media
276
277    # For security reasons, /data/local/tmp should always be empty.
278    # Do not place files or directories in /data/local/tmp
279    mkdir /data/local/tmp 0771 shell shell
280    mkdir /data/data 0771 system system
281    mkdir /data/app-private 0771 system system
282    mkdir /data/app-asec 0700 root root
283    mkdir /data/app-lib 0771 system system
284    mkdir /data/app 0771 system system
285    mkdir /data/property 0700 root root
286
287    # create dalvik-cache, so as to enforce our permissions
288    mkdir /data/dalvik-cache 0771 root root
289    mkdir /data/dalvik-cache/profiles 0711 system system
290
291    # create resource-cache and double-check the perms
292    mkdir /data/resource-cache 0771 system system
293    chown system system /data/resource-cache
294    chmod 0771 /data/resource-cache
295
296    # create the lost+found directories, so as to enforce our permissions
297    mkdir /data/lost+found 0770 root root
298
299    # create directory for DRM plug-ins - give drm the read/write access to
300    # the following directory.
301    mkdir /data/drm 0770 drm drm
302
303    # create directory for MediaDrm plug-ins - give drm the read/write access to
304    # the following directory.
305    mkdir /data/mediadrm 0770 mediadrm mediadrm
306
307    # symlink to bugreport storage location
308    symlink /data/data/com.android.shell/files/bugreports /data/bugreports
309
310    # Separate location for storing security policy files on data
311    mkdir /data/security 0711 system system
312
313    # Reload policy from /data/security if present.
314    setprop selinux.reload_policy 1
315
316    # Set SELinux security contexts on upgrade or policy update.
317    restorecon_recursive /data
318
319    # If there is no fs-post-data action in the init.<device>.rc file, you
320    # must uncomment this line, otherwise encrypted filesystems
321    # won't work.
322    # Set indication (checked by vold) that we have finished this action
323    #setprop vold.post_fs_data_done 1
324
325on boot
326    # basic network init
327    ifup lo
328    hostname localhost
329    domainname localdomain
330
331    # set RLIMIT_NICE to allow priorities from 19 to -20
332    setrlimit 13 40 40
333
334    # Memory management.  Basic kernel parameters, and allow the high
335    # level system server to be able to adjust the kernel OOM driver
336    # parameters to match how it is managing things.
337    write /proc/sys/vm/overcommit_memory 1
338    write /proc/sys/vm/min_free_order_shift 4
339    chown root system /sys/module/lowmemorykiller/parameters/adj
340    chmod 0664 /sys/module/lowmemorykiller/parameters/adj
341    chown root system /sys/module/lowmemorykiller/parameters/minfree
342    chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
343
344    # Tweak background writeout
345    write /proc/sys/vm/dirty_expire_centisecs 200
346    write /proc/sys/vm/dirty_background_ratio  5
347
348    # Permissions for System Server and daemons.
349    chown radio system /sys/android_power/state
350    chown radio system /sys/android_power/request_state
351    chown radio system /sys/android_power/acquire_full_wake_lock
352    chown radio system /sys/android_power/acquire_partial_wake_lock
353    chown radio system /sys/android_power/release_wake_lock
354    chown system system /sys/power/autosleep
355    chown system system /sys/power/state
356    chown system system /sys/power/wakeup_count
357    chown radio system /sys/power/wake_lock
358    chown radio system /sys/power/wake_unlock
359    chmod 0660 /sys/power/state
360    chmod 0660 /sys/power/wake_lock
361    chmod 0660 /sys/power/wake_unlock
362
363    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
364    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
365    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
366    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
367    chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
368    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
369    chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
370    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
371    chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
372    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
373    chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
374    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
375    chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
376    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
377    chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
378    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
379    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
380    chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
381    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
382    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
383    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
384    chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
385    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
386
387    # Assume SMP uses shared cpufreq policy for all CPUs
388    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
389    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
390
391    chown system system /sys/class/timed_output/vibrator/enable
392    chown system system /sys/class/leds/keyboard-backlight/brightness
393    chown system system /sys/class/leds/lcd-backlight/brightness
394    chown system system /sys/class/leds/button-backlight/brightness
395    chown system system /sys/class/leds/jogball-backlight/brightness
396    chown system system /sys/class/leds/red/brightness
397    chown system system /sys/class/leds/green/brightness
398    chown system system /sys/class/leds/blue/brightness
399    chown system system /sys/class/leds/red/device/grpfreq
400    chown system system /sys/class/leds/red/device/grppwm
401    chown system system /sys/class/leds/red/device/blink
402    chown system system /sys/class/timed_output/vibrator/enable
403    chown system system /sys/module/sco/parameters/disable_esco
404    chown system system /sys/kernel/ipv4/tcp_wmem_min
405    chown system system /sys/kernel/ipv4/tcp_wmem_def
406    chown system system /sys/kernel/ipv4/tcp_wmem_max
407    chown system system /sys/kernel/ipv4/tcp_rmem_min
408    chown system system /sys/kernel/ipv4/tcp_rmem_def
409    chown system system /sys/kernel/ipv4/tcp_rmem_max
410    chown root radio /proc/cmdline
411
412    # Define TCP buffer sizes for various networks
413    #   ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
414    setprop net.tcp.buffersize.default  4096,87380,110208,4096,16384,110208
415    setprop net.tcp.buffersize.wifi     524288,1048576,2097152,262144,524288,1048576
416    setprop net.tcp.buffersize.ethernet 524288,1048576,3145728,524288,1048576,2097152
417    setprop net.tcp.buffersize.lte      524288,1048576,2097152,262144,524288,1048576
418    setprop net.tcp.buffersize.umts     58254,349525,1048576,58254,349525,1048576
419    setprop net.tcp.buffersize.hspa     40778,244668,734003,16777,100663,301990
420    setprop net.tcp.buffersize.hsupa    40778,244668,734003,16777,100663,301990
421    setprop net.tcp.buffersize.hsdpa    61167,367002,1101005,8738,52429,262114
422    setprop net.tcp.buffersize.hspap    122334,734003,2202010,32040,192239,576717
423    setprop net.tcp.buffersize.edge     4093,26280,70800,4096,16384,70800
424    setprop net.tcp.buffersize.gprs     4092,8760,48000,4096,8760,48000
425    setprop net.tcp.buffersize.evdo     4094,87380,262144,4096,16384,262144
426
427    # Define default initial receive window size in segments.
428    setprop net.tcp.default_init_rwnd 60
429
430    class_start core
431    class_start main
432
433on nonencrypted
434    class_start late_start
435
436on property:sys.init_log_level=*
437    loglevel ${sys.init_log_level}
438
439on charger
440    class_start charger
441
442on property:vold.decrypt=trigger_reset_main
443    class_reset main
444
445on property:vold.decrypt=trigger_load_persist_props
446    load_persist_props
447
448on property:vold.decrypt=trigger_post_fs_data
449    trigger post-fs-data
450
451on property:vold.decrypt=trigger_restart_min_framework
452    class_start main
453
454on property:vold.decrypt=trigger_restart_framework
455    class_start main
456    class_start late_start
457
458on property:vold.decrypt=trigger_shutdown_framework
459    class_reset late_start
460    class_reset main
461
462on property:sys.powerctl=*
463    powerctl ${sys.powerctl}
464
465# system server cannot write to /proc/sys files,
466# and chown/chmod does not work for /proc/sys/ entries.
467# So proxy writes through init.
468on property:sys.sysctl.extra_free_kbytes=*
469    write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
470
471# "tcp_default_init_rwnd" Is too long!
472on property:sys.sysctl.tcp_def_init_rwnd=*
473    write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
474
475
476## Daemon processes to be run by init.
477##
478service ueventd /sbin/ueventd
479    class core
480    critical
481    seclabel u:r:ueventd:s0
482
483service logd /system/bin/logd
484    class core
485    socket logd stream 0666 logd logd
486    socket logdr seqpacket 0666 logd logd
487    socket logdw dgram 0222 logd logd
488    seclabel u:r:logd:s0
489
490service healthd /sbin/healthd
491    class core
492    critical
493    seclabel u:r:healthd:s0
494
495service healthd-charger /sbin/healthd -n
496    class charger
497    critical
498    seclabel u:r:healthd:s0
499
500service console /system/bin/sh
501    class core
502    console
503    disabled
504    user shell
505    group shell log
506    seclabel u:r:shell:s0
507
508on property:ro.debuggable=1
509    start console
510
511# adbd is controlled via property triggers in init.<platform>.usb.rc
512service adbd /sbin/adbd --root_seclabel=u:r:su:s0
513    class core
514    socket adbd stream 660 system system
515    disabled
516    seclabel u:r:adbd:s0
517
518# adbd on at boot in emulator
519on property:ro.kernel.qemu=1
520    start adbd
521
522service servicemanager /system/bin/servicemanager
523    class core
524    user system
525    group system
526    critical
527    onrestart restart healthd
528    onrestart restart zygote
529    onrestart restart media
530    onrestart restart surfaceflinger
531    onrestart restart drm
532
533service vold /system/bin/vold
534    class core
535    socket vold stream 0660 root mount
536    ioprio be 2
537
538service netd /system/bin/netd
539    class main
540    socket netd stream 0660 root system
541    socket dnsproxyd stream 0660 root inet
542    socket mdns stream 0660 root system
543    socket fwmarkd stream 0660 root inet
544
545service debuggerd /system/bin/debuggerd
546    class main
547
548service debuggerd64 /system/bin/debuggerd64
549    class main
550
551service ril-daemon /system/bin/rild
552    class main
553    socket rild stream 660 root radio
554    socket rild-debug stream 660 radio system
555    user root
556    group radio cache inet misc audio log
557
558service surfaceflinger /system/bin/surfaceflinger
559    class main
560    user system
561    group graphics drmrpc
562    onrestart restart zygote
563
564service drm /system/bin/drmserver
565    class main
566    user drm
567    group drm system inet drmrpc
568
569service media /system/bin/mediaserver
570    class main
571    user media
572    group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
573    ioprio rt 4
574
575service bootanim /system/bin/bootanimation
576    class main
577    user graphics
578    group graphics
579    disabled
580    oneshot
581
582service installd /system/bin/installd
583    class main
584    socket installd stream 600 system system
585
586service flash_recovery /system/etc/install-recovery.sh
587    class main
588    oneshot
589
590service racoon /system/bin/racoon
591    class main
592    socket racoon stream 600 system system
593    # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
594    group vpn net_admin inet
595    disabled
596    oneshot
597
598service mtpd /system/bin/mtpd
599    class main
600    socket mtpd stream 600 system system
601    user vpn
602    group vpn net_admin inet net_raw
603    disabled
604    oneshot
605
606service keystore /system/bin/keystore /data/misc/keystore
607    class main
608    user keystore
609    group keystore drmrpc
610
611service dumpstate /system/bin/dumpstate -s
612    class main
613    socket dumpstate stream 0660 shell log
614    disabled
615    oneshot
616
617service mdnsd /system/bin/mdnsd
618    class main
619    user mdnsr
620    group inet net_raw
621    socket mdnsd stream 0660 mdnsr inet
622    disabled
623    oneshot
624