init.rc revision 3a5d71ac60ea1769aa5a0c4d0d76b08238392247 
1# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7import /init.environ.rc
8import /init.usb.rc
9import /init.${ro.hardware}.rc
10import /init.${ro.zygote}.rc
11import /init.trace.rc
12
13on early-init
14    # Set init and its forked children's oom_adj.
15    write /proc/1/oom_score_adj -1000
16
17    # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
18    write /sys/fs/selinux/checkreqprot 0
19
20    # Set the security context for the init process.
21    # This should occur before anything else (e.g. ueventd) is started.
22    setcon u:r:init:s0
23
24    # Set the security context of /adb_keys if present.
25    restorecon /adb_keys
26
27    start ueventd
28
29    # create mountpoints
30    mkdir /mnt 0775 root system
31
32on init
33    sysclktz 0
34
35    loglevel 3
36
37    # Backward compatibility.
38    symlink /system/etc /etc
39    symlink /sys/kernel/debug /d
40
41    # Link /vendor to /system/vendor for devices without a vendor partition.
42    symlink /system/vendor /vendor
43
44    # Create cgroup mount point for cpu accounting
45    mkdir /acct
46    mount cgroup none /acct cpuacct
47    mkdir /acct/uid
48
49    # Create cgroup mount point for memory
50    mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
51    mkdir /sys/fs/cgroup/memory 0750 root system
52    mount cgroup none /sys/fs/cgroup/memory memory
53    write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
54    chown root system /sys/fs/cgroup/memory/tasks
55    chmod 0660 /sys/fs/cgroup/memory/tasks
56    mkdir /sys/fs/cgroup/memory/sw 0750 root system
57    write /sys/fs/cgroup/memory/sw/memory.swappiness 100
58    write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
59    chown root system /sys/fs/cgroup/memory/sw/tasks
60    chmod 0660 /sys/fs/cgroup/memory/sw/tasks
61
62    mkdir /system
63    mkdir /data 0771 system system
64    mkdir /cache 0770 system cache
65    mkdir /config 0500 root root
66
67    # See storage config details at http://source.android.com/tech/storage/
68    mkdir /mnt/shell 0700 shell shell
69    mkdir /mnt/media_rw 0700 media_rw media_rw
70    mkdir /storage 0751 root sdcard_r
71
72    # Directory for putting things only root should see.
73    mkdir /mnt/secure 0700 root root
74
75    # Directory for staging bindmounts
76    mkdir /mnt/secure/staging 0700 root root
77
78    # Directory-target for where the secure container
79    # imagefile directory will be bind-mounted
80    mkdir /mnt/secure/asec  0700 root root
81
82    # Secure container public mount points.
83    mkdir /mnt/asec  0700 root system
84    mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
85
86    # Filesystem image public mount points.
87    mkdir /mnt/obb 0700 root system
88    mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
89
90    # memory control cgroup
91    mkdir /dev/memcg 0700 root system
92    mount cgroup none /dev/memcg memory
93
94    write /proc/sys/kernel/panic_on_oops 1
95    write /proc/sys/kernel/hung_task_timeout_secs 0
96    write /proc/cpu/alignment 4
97    write /proc/sys/kernel/sched_latency_ns 10000000
98    write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
99    write /proc/sys/kernel/sched_compat_yield 1
100    write /proc/sys/kernel/sched_child_runs_first 0
101    write /proc/sys/kernel/randomize_va_space 2
102    write /proc/sys/kernel/kptr_restrict 2
103    write /proc/sys/vm/mmap_min_addr 32768
104    write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
105    write /proc/sys/net/unix/max_dgram_qlen 300
106    write /proc/sys/kernel/sched_rt_runtime_us 950000
107    write /proc/sys/kernel/sched_rt_period_us 1000000
108
109    # reflect fwmark from incoming packets onto generated replies
110    write /proc/sys/net/ipv4/fwmark_reflect 1
111    write /proc/sys/net/ipv6/fwmark_reflect 1
112
113    # set fwmark on accepted sockets
114    write /proc/sys/net/ipv4/tcp_fwmark_accept 1
115
116    # Create cgroup mount points for process groups
117    mkdir /dev/cpuctl
118    mount cgroup none /dev/cpuctl cpu
119    chown system system /dev/cpuctl
120    chown system system /dev/cpuctl/tasks
121    chmod 0660 /dev/cpuctl/tasks
122    write /dev/cpuctl/cpu.shares 1024
123    write /dev/cpuctl/cpu.rt_runtime_us 950000
124    write /dev/cpuctl/cpu.rt_period_us 1000000
125
126    mkdir /dev/cpuctl/apps
127    chown system system /dev/cpuctl/apps/tasks
128    chmod 0666 /dev/cpuctl/apps/tasks
129    write /dev/cpuctl/apps/cpu.shares 1024
130    write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
131    write /dev/cpuctl/apps/cpu.rt_period_us 1000000
132
133    mkdir /dev/cpuctl/apps/bg_non_interactive
134    chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
135    chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
136    # 5.0 %
137    write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
138    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
139    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
140
141    # qtaguid will limit access to specific data based on group memberships.
142    #   net_bw_acct grants impersonation of socket owners.
143    #   net_bw_stats grants access to other apps' detailed tagged-socket stats.
144    chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
145    chown root net_bw_stats /proc/net/xt_qtaguid/stats
146
147    # Allow everybody to read the xt_qtaguid resource tracking misc dev.
148    # This is needed by any process that uses socket tagging.
149    chmod 0644 /dev/xt_qtaguid
150
151    # Create location for fs_mgr to store abbreviated output from filesystem
152    # checker programs.
153    mkdir /dev/fscklogs 0770 root system
154
155    # pstore/ramoops previous console log
156    mount pstore pstore /sys/fs/pstore
157    chown system log /sys/fs/pstore/console-ramoops
158    chmod 0440 /sys/fs/pstore/console-ramoops
159    chown system log /sys/fs/pstore/pmsg-ramoops-0
160    chmod 0440 /sys/fs/pstore/pmsg-ramoops-0
161
162    # enable armv8_deprecated instruction hooks
163    write /proc/sys/abi/swp 1
164
165# Healthd can trigger a full boot from charger mode by signaling this
166# property when the power button is held.
167on property:sys.boot_from_charger_mode=1
168    class_stop charger
169    trigger late-init
170
171# Load properties from /system/ + /factory after fs mount.
172on load_all_props_action
173    load_all_props
174
175# Indicate to fw loaders that the relevant mounts are up.
176on firmware_mounts_complete
177    rm /dev/.booting
178
179# Mount filesystems and start core system services.
180on late-init
181    trigger early-fs
182    trigger fs
183    trigger post-fs
184    trigger post-fs-data
185
186    # Load properties from /system/ + /factory after fs mount. Place
187    # this in another action so that the load will be scheduled after the prior
188    # issued fs triggers have completed.
189    trigger load_all_props_action
190
191    # Remove a file to wake up anything waiting for firmware.
192    trigger firmware_mounts_complete
193
194    trigger early-boot
195    trigger boot
196
197
198on post-fs
199    # once everything is setup, no need to modify /
200    mount rootfs rootfs / ro remount
201    # mount shared so changes propagate into child namespaces
202    mount rootfs rootfs / shared rec
203
204    # We chown/chmod /cache again so because mount is run as root + defaults
205    chown system cache /cache
206    chmod 0770 /cache
207    # We restorecon /cache in case the cache partition has been reset.
208    restorecon_recursive /cache
209
210    # This may have been created by the recovery system with odd permissions
211    chown system cache /cache/recovery
212    chmod 0770 /cache/recovery
213
214    #change permissions on vmallocinfo so we can grab it from bugreports
215    chown root log /proc/vmallocinfo
216    chmod 0440 /proc/vmallocinfo
217
218    chown root log /proc/slabinfo
219    chmod 0440 /proc/slabinfo
220
221    #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
222    chown root system /proc/kmsg
223    chmod 0440 /proc/kmsg
224    chown root system /proc/sysrq-trigger
225    chmod 0220 /proc/sysrq-trigger
226    chown system log /proc/last_kmsg
227    chmod 0440 /proc/last_kmsg
228
229    # make the selinux kernel policy world-readable
230    chmod 0444 /sys/fs/selinux/policy
231
232    # create the lost+found directories, so as to enforce our permissions
233    mkdir /cache/lost+found 0770 root root
234
235on post-fs-data
236    # We chown/chmod /data again so because mount is run as root + defaults
237    chown system system /data
238    chmod 0771 /data
239    # We restorecon /data in case the userdata partition has been reset.
240    restorecon /data
241
242    # Start bootcharting as soon as possible after the data partition is
243    # mounted to collect more data.
244    mkdir /data/bootchart 0755 shell shell
245    bootchart_init
246
247    # Avoid predictable entropy pool. Carry over entropy from previous boot.
248    copy /data/system/entropy.dat /dev/urandom
249
250    # Create dump dir and collect dumps.
251    # Do this before we mount cache so eventually we can use cache for
252    # storing dumps on platforms which do not have a dedicated dump partition.
253    mkdir /data/dontpanic 0750 root log
254
255    # Collect apanic data, free resources and re-arm trigger
256    copy /proc/apanic_console /data/dontpanic/apanic_console
257    chown root log /data/dontpanic/apanic_console
258    chmod 0640 /data/dontpanic/apanic_console
259
260    copy /proc/apanic_threads /data/dontpanic/apanic_threads
261    chown root log /data/dontpanic/apanic_threads
262    chmod 0640 /data/dontpanic/apanic_threads
263
264    write /proc/apanic_console 1
265
266    # create basic filesystem structure
267    mkdir /data/misc 01771 system misc
268    mkdir /data/misc/adb 02750 system shell
269    mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
270    mkdir /data/misc/bluetooth 0770 system system
271    mkdir /data/misc/keystore 0700 keystore keystore
272    mkdir /data/misc/keychain 0771 system system
273    mkdir /data/misc/net 0750 root shell
274    mkdir /data/misc/radio 0770 system radio
275    mkdir /data/misc/sms 0770 system radio
276    mkdir /data/misc/zoneinfo 0775 system system
277    mkdir /data/misc/vpn 0770 system vpn
278    mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
279    mkdir /data/misc/systemkeys 0700 system system
280    mkdir /data/misc/wifi 0770 wifi wifi
281    mkdir /data/misc/wifi/sockets 0770 wifi wifi
282    mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
283    mkdir /data/misc/ethernet 0770 system system
284    mkdir /data/misc/dhcp 0770 dhcp dhcp
285    mkdir /data/misc/user 0771 root root
286    # give system access to wpa_supplicant.conf for backup and restore
287    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
288    mkdir /data/local 0751 root root
289    mkdir /data/misc/media 0700 media media
290
291    # For security reasons, /data/local/tmp should always be empty.
292    # Do not place files or directories in /data/local/tmp
293    mkdir /data/local/tmp 0771 shell shell
294    mkdir /data/data 0771 system system
295    mkdir /data/app-private 0771 system system
296    mkdir /data/app-asec 0700 root root
297    mkdir /data/app-lib 0771 system system
298    mkdir /data/app 0771 system system
299    mkdir /data/property 0700 root root
300    mkdir /data/tombstones 0771 system system
301
302    # create dalvik-cache, so as to enforce our permissions
303    mkdir /data/dalvik-cache 0771 root root
304    mkdir /data/dalvik-cache/profiles 0711 system system
305
306    # create resource-cache and double-check the perms
307    mkdir /data/resource-cache 0771 system system
308    chown system system /data/resource-cache
309    chmod 0771 /data/resource-cache
310
311    # create the lost+found directories, so as to enforce our permissions
312    mkdir /data/lost+found 0770 root root
313
314    # create directory for DRM plug-ins - give drm the read/write access to
315    # the following directory.
316    mkdir /data/drm 0770 drm drm
317
318    # create directory for MediaDrm plug-ins - give drm the read/write access to
319    # the following directory.
320    mkdir /data/mediadrm 0770 mediadrm mediadrm
321
322    mkdir /data/adb 0700 root root
323
324    # symlink to bugreport storage location
325    symlink /data/data/com.android.shell/files/bugreports /data/bugreports
326
327    # Separate location for storing security policy files on data
328    mkdir /data/security 0711 system system
329
330    # Reload policy from /data/security if present.
331    setprop selinux.reload_policy 1
332
333    # Set SELinux security contexts on upgrade or policy update.
334    restorecon_recursive /data
335
336    # If there is no fs-post-data action in the init.<device>.rc file, you
337    # must uncomment this line, otherwise encrypted filesystems
338    # won't work.
339    # Set indication (checked by vold) that we have finished this action
340    #setprop vold.post_fs_data_done 1
341
342on boot
343    # basic network init
344    ifup lo
345    hostname localhost
346    domainname localdomain
347
348    # set RLIMIT_NICE to allow priorities from 19 to -20
349    setrlimit 13 40 40
350
351    # Memory management.  Basic kernel parameters, and allow the high
352    # level system server to be able to adjust the kernel OOM driver
353    # parameters to match how it is managing things.
354    write /proc/sys/vm/overcommit_memory 1
355    write /proc/sys/vm/min_free_order_shift 4
356    chown root system /sys/module/lowmemorykiller/parameters/adj
357    chmod 0220 /sys/module/lowmemorykiller/parameters/adj
358    chown root system /sys/module/lowmemorykiller/parameters/minfree
359    chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
360
361    # Tweak background writeout
362    write /proc/sys/vm/dirty_expire_centisecs 200
363    write /proc/sys/vm/dirty_background_ratio  5
364
365    # Permissions for System Server and daemons.
366    chown radio system /sys/android_power/state
367    chown radio system /sys/android_power/request_state
368    chown radio system /sys/android_power/acquire_full_wake_lock
369    chown radio system /sys/android_power/acquire_partial_wake_lock
370    chown radio system /sys/android_power/release_wake_lock
371    chown system system /sys/power/autosleep
372    chown system system /sys/power/state
373    chown system system /sys/power/wakeup_count
374    chown radio system /sys/power/wake_lock
375    chown radio system /sys/power/wake_unlock
376    chmod 0660 /sys/power/state
377    chmod 0660 /sys/power/wake_lock
378    chmod 0660 /sys/power/wake_unlock
379
380    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
381    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
382    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
383    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
384    chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
385    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
386    chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
387    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
388    chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
389    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
390    chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
391    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
392    chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
393    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
394    chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
395    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
396    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
397    chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
398    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
399    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
400    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
401    chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
402    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
403
404    # Assume SMP uses shared cpufreq policy for all CPUs
405    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
406    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
407
408    chown system system /sys/class/timed_output/vibrator/enable
409    chown system system /sys/class/leds/keyboard-backlight/brightness
410    chown system system /sys/class/leds/lcd-backlight/brightness
411    chown system system /sys/class/leds/button-backlight/brightness
412    chown system system /sys/class/leds/jogball-backlight/brightness
413    chown system system /sys/class/leds/red/brightness
414    chown system system /sys/class/leds/green/brightness
415    chown system system /sys/class/leds/blue/brightness
416    chown system system /sys/class/leds/red/device/grpfreq
417    chown system system /sys/class/leds/red/device/grppwm
418    chown system system /sys/class/leds/red/device/blink
419    chown system system /sys/class/timed_output/vibrator/enable
420    chown system system /sys/module/sco/parameters/disable_esco
421    chown system system /sys/kernel/ipv4/tcp_wmem_min
422    chown system system /sys/kernel/ipv4/tcp_wmem_def
423    chown system system /sys/kernel/ipv4/tcp_wmem_max
424    chown system system /sys/kernel/ipv4/tcp_rmem_min
425    chown system system /sys/kernel/ipv4/tcp_rmem_def
426    chown system system /sys/kernel/ipv4/tcp_rmem_max
427    chown root radio /proc/cmdline
428
429    # Define default initial receive window size in segments.
430    setprop net.tcp.default_init_rwnd 60
431
432    class_start core
433
434on nonencrypted
435    class_start main
436    class_start late_start
437
438on property:vold.decrypt=trigger_default_encryption
439    start defaultcrypto
440
441on property:vold.decrypt=trigger_encryption
442    start surfaceflinger
443    start encrypt
444
445on property:sys.init_log_level=*
446    loglevel ${sys.init_log_level}
447
448on charger
449    class_start charger
450
451on property:vold.decrypt=trigger_reset_main
452    class_reset main
453
454on property:vold.decrypt=trigger_load_persist_props
455    load_persist_props
456
457on property:vold.decrypt=trigger_post_fs_data
458    trigger post-fs-data
459
460on property:vold.decrypt=trigger_restart_min_framework
461    class_start main
462
463on property:vold.decrypt=trigger_restart_framework
464    class_start main
465    class_start late_start
466
467on property:vold.decrypt=trigger_shutdown_framework
468    class_reset late_start
469    class_reset main
470
471on property:sys.powerctl=*
472    powerctl ${sys.powerctl}
473
474# system server cannot write to /proc/sys files,
475# and chown/chmod does not work for /proc/sys/ entries.
476# So proxy writes through init.
477on property:sys.sysctl.extra_free_kbytes=*
478    write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
479
480# "tcp_default_init_rwnd" Is too long!
481on property:sys.sysctl.tcp_def_init_rwnd=*
482    write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
483
484
485## Daemon processes to be run by init.
486##
487service ueventd /sbin/ueventd
488    class core
489    critical
490    seclabel u:r:ueventd:s0
491
492service logd /system/bin/logd
493    class core
494    socket logd stream 0666 logd logd
495    socket logdr seqpacket 0666 logd logd
496    socket logdw dgram 0222 logd logd
497    seclabel u:r:logd:s0
498
499service healthd /sbin/healthd
500    class core
501    critical
502    seclabel u:r:healthd:s0
503
504service console /system/bin/sh
505    class core
506    console
507    disabled
508    user shell
509    group shell log
510    seclabel u:r:shell:s0
511
512on property:ro.debuggable=1
513    start console
514
515# adbd is controlled via property triggers in init.<platform>.usb.rc
516service adbd /sbin/adbd --root_seclabel=u:r:su:s0
517    class core
518    socket adbd stream 660 system system
519    disabled
520    seclabel u:r:adbd:s0
521
522# adbd on at boot in emulator
523on property:ro.kernel.qemu=1
524    start adbd
525
526service lmkd /system/bin/lmkd
527    class core
528    critical
529    socket lmkd seqpacket 0660 system system
530
531service servicemanager /system/bin/servicemanager
532    class core
533    user system
534    group system
535    critical
536    onrestart restart healthd
537    onrestart restart zygote
538    onrestart restart media
539    onrestart restart surfaceflinger
540    onrestart restart drm
541
542service vold /system/bin/vold
543    class core
544    socket vold stream 0660 root mount
545    ioprio be 2
546
547service netd /system/bin/netd
548    class main
549    socket netd stream 0660 root system
550    socket dnsproxyd stream 0660 root inet
551    socket mdns stream 0660 root system
552    socket fwmarkd stream 0660 root inet
553
554service debuggerd /system/bin/debuggerd
555    class main
556
557service debuggerd64 /system/bin/debuggerd64
558    class main
559
560service ril-daemon /system/bin/rild
561    class main
562    socket rild stream 660 root radio
563    socket rild-debug stream 660 radio system
564    user root
565    group radio cache inet misc audio log
566
567service surfaceflinger /system/bin/surfaceflinger
568    class core
569    user system
570    group graphics drmrpc
571    onrestart restart zygote
572
573service drm /system/bin/drmserver
574    class main
575    user drm
576    group drm system inet drmrpc
577
578service media /system/bin/mediaserver
579    class main
580    user media
581    group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
582    ioprio rt 4
583
584# One shot invocation to deal with encrypted volume.
585service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
586    disabled
587    oneshot
588    # vold will set vold.decrypt to trigger_restart_framework (default
589    # encryption) or trigger_restart_min_framework (other encryption)
590
591# One shot invocation to encrypt unencrypted volumes
592service encrypt /system/bin/vdc --wait cryptfs maybeenabledefaultcrypto
593    disabled
594    oneshot
595    # vold will set vold.decrypt to trigger_restart_framework (default
596    # encryption)
597
598service bootanim /system/bin/bootanimation
599    class core
600    user graphics
601    group graphics audio
602    disabled
603    oneshot
604
605service installd /system/bin/installd
606    class main
607    socket installd stream 600 system system
608
609service flash_recovery /system/bin/install-recovery.sh
610    class main
611    seclabel u:r:install_recovery:s0
612    oneshot
613
614service racoon /system/bin/racoon
615    class main
616    socket racoon stream 600 system system
617    # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
618    group vpn net_admin inet
619    disabled
620    oneshot
621
622service mtpd /system/bin/mtpd
623    class main
624    socket mtpd stream 600 system system
625    user vpn
626    group vpn net_admin inet net_raw
627    disabled
628    oneshot
629
630service keystore /system/bin/keystore /data/misc/keystore
631    class main
632    user keystore
633    group keystore drmrpc
634
635service dumpstate /system/bin/dumpstate -s
636    class main
637    socket dumpstate stream 0660 shell log
638    disabled
639    oneshot
640
641service mdnsd /system/bin/mdnsd
642    class main
643    user mdnsr
644    group inet net_raw
645    socket mdnsd stream 0660 mdnsr inet
646    disabled
647    oneshot
648
649service pre-recovery /system/bin/uncrypt
650    class main
651    disabled
652    oneshot
653