init.rc revision 3a5d71ac60ea1769aa5a0c4d0d76b08238392247
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.${ro.zygote}.rc 11import /init.trace.rc 12 13on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_score_adj -1000 16 17 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. 18 write /sys/fs/selinux/checkreqprot 0 19 20 # Set the security context for the init process. 21 # This should occur before anything else (e.g. ueventd) is started. 22 setcon u:r:init:s0 23 24 # Set the security context of /adb_keys if present. 25 restorecon /adb_keys 26 27 start ueventd 28 29 # create mountpoints 30 mkdir /mnt 0775 root system 31 32on init 33 sysclktz 0 34 35 loglevel 3 36 37 # Backward compatibility. 38 symlink /system/etc /etc 39 symlink /sys/kernel/debug /d 40 41 # Link /vendor to /system/vendor for devices without a vendor partition. 42 symlink /system/vendor /vendor 43 44 # Create cgroup mount point for cpu accounting 45 mkdir /acct 46 mount cgroup none /acct cpuacct 47 mkdir /acct/uid 48 49 # Create cgroup mount point for memory 50 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 51 mkdir /sys/fs/cgroup/memory 0750 root system 52 mount cgroup none /sys/fs/cgroup/memory memory 53 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 54 chown root system /sys/fs/cgroup/memory/tasks 55 chmod 0660 /sys/fs/cgroup/memory/tasks 56 mkdir /sys/fs/cgroup/memory/sw 0750 root system 57 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 58 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 59 chown root system /sys/fs/cgroup/memory/sw/tasks 60 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 61 62 mkdir /system 63 mkdir /data 0771 system system 64 mkdir /cache 0770 system cache 65 mkdir /config 0500 root root 66 67 # See storage config details at http://source.android.com/tech/storage/ 68 mkdir /mnt/shell 0700 shell shell 69 mkdir /mnt/media_rw 0700 media_rw media_rw 70 mkdir /storage 0751 root sdcard_r 71 72 # Directory for putting things only root should see. 73 mkdir /mnt/secure 0700 root root 74 75 # Directory for staging bindmounts 76 mkdir /mnt/secure/staging 0700 root root 77 78 # Directory-target for where the secure container 79 # imagefile directory will be bind-mounted 80 mkdir /mnt/secure/asec 0700 root root 81 82 # Secure container public mount points. 83 mkdir /mnt/asec 0700 root system 84 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 85 86 # Filesystem image public mount points. 87 mkdir /mnt/obb 0700 root system 88 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 89 90 # memory control cgroup 91 mkdir /dev/memcg 0700 root system 92 mount cgroup none /dev/memcg memory 93 94 write /proc/sys/kernel/panic_on_oops 1 95 write /proc/sys/kernel/hung_task_timeout_secs 0 96 write /proc/cpu/alignment 4 97 write /proc/sys/kernel/sched_latency_ns 10000000 98 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 99 write /proc/sys/kernel/sched_compat_yield 1 100 write /proc/sys/kernel/sched_child_runs_first 0 101 write /proc/sys/kernel/randomize_va_space 2 102 write /proc/sys/kernel/kptr_restrict 2 103 write /proc/sys/vm/mmap_min_addr 32768 104 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 105 write /proc/sys/net/unix/max_dgram_qlen 300 106 write /proc/sys/kernel/sched_rt_runtime_us 950000 107 write /proc/sys/kernel/sched_rt_period_us 1000000 108 109 # reflect fwmark from incoming packets onto generated replies 110 write /proc/sys/net/ipv4/fwmark_reflect 1 111 write /proc/sys/net/ipv6/fwmark_reflect 1 112 113 # set fwmark on accepted sockets 114 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 115 116 # Create cgroup mount points for process groups 117 mkdir /dev/cpuctl 118 mount cgroup none /dev/cpuctl cpu 119 chown system system /dev/cpuctl 120 chown system system /dev/cpuctl/tasks 121 chmod 0660 /dev/cpuctl/tasks 122 write /dev/cpuctl/cpu.shares 1024 123 write /dev/cpuctl/cpu.rt_runtime_us 950000 124 write /dev/cpuctl/cpu.rt_period_us 1000000 125 126 mkdir /dev/cpuctl/apps 127 chown system system /dev/cpuctl/apps/tasks 128 chmod 0666 /dev/cpuctl/apps/tasks 129 write /dev/cpuctl/apps/cpu.shares 1024 130 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000 131 write /dev/cpuctl/apps/cpu.rt_period_us 1000000 132 133 mkdir /dev/cpuctl/apps/bg_non_interactive 134 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks 135 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks 136 # 5.0 % 137 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52 138 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000 139 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000 140 141 # qtaguid will limit access to specific data based on group memberships. 142 # net_bw_acct grants impersonation of socket owners. 143 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 144 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 145 chown root net_bw_stats /proc/net/xt_qtaguid/stats 146 147 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 148 # This is needed by any process that uses socket tagging. 149 chmod 0644 /dev/xt_qtaguid 150 151 # Create location for fs_mgr to store abbreviated output from filesystem 152 # checker programs. 153 mkdir /dev/fscklogs 0770 root system 154 155 # pstore/ramoops previous console log 156 mount pstore pstore /sys/fs/pstore 157 chown system log /sys/fs/pstore/console-ramoops 158 chmod 0440 /sys/fs/pstore/console-ramoops 159 chown system log /sys/fs/pstore/pmsg-ramoops-0 160 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 161 162 # enable armv8_deprecated instruction hooks 163 write /proc/sys/abi/swp 1 164 165# Healthd can trigger a full boot from charger mode by signaling this 166# property when the power button is held. 167on property:sys.boot_from_charger_mode=1 168 class_stop charger 169 trigger late-init 170 171# Load properties from /system/ + /factory after fs mount. 172on load_all_props_action 173 load_all_props 174 175# Indicate to fw loaders that the relevant mounts are up. 176on firmware_mounts_complete 177 rm /dev/.booting 178 179# Mount filesystems and start core system services. 180on late-init 181 trigger early-fs 182 trigger fs 183 trigger post-fs 184 trigger post-fs-data 185 186 # Load properties from /system/ + /factory after fs mount. Place 187 # this in another action so that the load will be scheduled after the prior 188 # issued fs triggers have completed. 189 trigger load_all_props_action 190 191 # Remove a file to wake up anything waiting for firmware. 192 trigger firmware_mounts_complete 193 194 trigger early-boot 195 trigger boot 196 197 198on post-fs 199 # once everything is setup, no need to modify / 200 mount rootfs rootfs / ro remount 201 # mount shared so changes propagate into child namespaces 202 mount rootfs rootfs / shared rec 203 204 # We chown/chmod /cache again so because mount is run as root + defaults 205 chown system cache /cache 206 chmod 0770 /cache 207 # We restorecon /cache in case the cache partition has been reset. 208 restorecon_recursive /cache 209 210 # This may have been created by the recovery system with odd permissions 211 chown system cache /cache/recovery 212 chmod 0770 /cache/recovery 213 214 #change permissions on vmallocinfo so we can grab it from bugreports 215 chown root log /proc/vmallocinfo 216 chmod 0440 /proc/vmallocinfo 217 218 chown root log /proc/slabinfo 219 chmod 0440 /proc/slabinfo 220 221 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 222 chown root system /proc/kmsg 223 chmod 0440 /proc/kmsg 224 chown root system /proc/sysrq-trigger 225 chmod 0220 /proc/sysrq-trigger 226 chown system log /proc/last_kmsg 227 chmod 0440 /proc/last_kmsg 228 229 # make the selinux kernel policy world-readable 230 chmod 0444 /sys/fs/selinux/policy 231 232 # create the lost+found directories, so as to enforce our permissions 233 mkdir /cache/lost+found 0770 root root 234 235on post-fs-data 236 # We chown/chmod /data again so because mount is run as root + defaults 237 chown system system /data 238 chmod 0771 /data 239 # We restorecon /data in case the userdata partition has been reset. 240 restorecon /data 241 242 # Start bootcharting as soon as possible after the data partition is 243 # mounted to collect more data. 244 mkdir /data/bootchart 0755 shell shell 245 bootchart_init 246 247 # Avoid predictable entropy pool. Carry over entropy from previous boot. 248 copy /data/system/entropy.dat /dev/urandom 249 250 # Create dump dir and collect dumps. 251 # Do this before we mount cache so eventually we can use cache for 252 # storing dumps on platforms which do not have a dedicated dump partition. 253 mkdir /data/dontpanic 0750 root log 254 255 # Collect apanic data, free resources and re-arm trigger 256 copy /proc/apanic_console /data/dontpanic/apanic_console 257 chown root log /data/dontpanic/apanic_console 258 chmod 0640 /data/dontpanic/apanic_console 259 260 copy /proc/apanic_threads /data/dontpanic/apanic_threads 261 chown root log /data/dontpanic/apanic_threads 262 chmod 0640 /data/dontpanic/apanic_threads 263 264 write /proc/apanic_console 1 265 266 # create basic filesystem structure 267 mkdir /data/misc 01771 system misc 268 mkdir /data/misc/adb 02750 system shell 269 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack 270 mkdir /data/misc/bluetooth 0770 system system 271 mkdir /data/misc/keystore 0700 keystore keystore 272 mkdir /data/misc/keychain 0771 system system 273 mkdir /data/misc/net 0750 root shell 274 mkdir /data/misc/radio 0770 system radio 275 mkdir /data/misc/sms 0770 system radio 276 mkdir /data/misc/zoneinfo 0775 system system 277 mkdir /data/misc/vpn 0770 system vpn 278 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 279 mkdir /data/misc/systemkeys 0700 system system 280 mkdir /data/misc/wifi 0770 wifi wifi 281 mkdir /data/misc/wifi/sockets 0770 wifi wifi 282 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 283 mkdir /data/misc/ethernet 0770 system system 284 mkdir /data/misc/dhcp 0770 dhcp dhcp 285 mkdir /data/misc/user 0771 root root 286 # give system access to wpa_supplicant.conf for backup and restore 287 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 288 mkdir /data/local 0751 root root 289 mkdir /data/misc/media 0700 media media 290 291 # For security reasons, /data/local/tmp should always be empty. 292 # Do not place files or directories in /data/local/tmp 293 mkdir /data/local/tmp 0771 shell shell 294 mkdir /data/data 0771 system system 295 mkdir /data/app-private 0771 system system 296 mkdir /data/app-asec 0700 root root 297 mkdir /data/app-lib 0771 system system 298 mkdir /data/app 0771 system system 299 mkdir /data/property 0700 root root 300 mkdir /data/tombstones 0771 system system 301 302 # create dalvik-cache, so as to enforce our permissions 303 mkdir /data/dalvik-cache 0771 root root 304 mkdir /data/dalvik-cache/profiles 0711 system system 305 306 # create resource-cache and double-check the perms 307 mkdir /data/resource-cache 0771 system system 308 chown system system /data/resource-cache 309 chmod 0771 /data/resource-cache 310 311 # create the lost+found directories, so as to enforce our permissions 312 mkdir /data/lost+found 0770 root root 313 314 # create directory for DRM plug-ins - give drm the read/write access to 315 # the following directory. 316 mkdir /data/drm 0770 drm drm 317 318 # create directory for MediaDrm plug-ins - give drm the read/write access to 319 # the following directory. 320 mkdir /data/mediadrm 0770 mediadrm mediadrm 321 322 mkdir /data/adb 0700 root root 323 324 # symlink to bugreport storage location 325 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 326 327 # Separate location for storing security policy files on data 328 mkdir /data/security 0711 system system 329 330 # Reload policy from /data/security if present. 331 setprop selinux.reload_policy 1 332 333 # Set SELinux security contexts on upgrade or policy update. 334 restorecon_recursive /data 335 336 # If there is no fs-post-data action in the init.<device>.rc file, you 337 # must uncomment this line, otherwise encrypted filesystems 338 # won't work. 339 # Set indication (checked by vold) that we have finished this action 340 #setprop vold.post_fs_data_done 1 341 342on boot 343 # basic network init 344 ifup lo 345 hostname localhost 346 domainname localdomain 347 348 # set RLIMIT_NICE to allow priorities from 19 to -20 349 setrlimit 13 40 40 350 351 # Memory management. Basic kernel parameters, and allow the high 352 # level system server to be able to adjust the kernel OOM driver 353 # parameters to match how it is managing things. 354 write /proc/sys/vm/overcommit_memory 1 355 write /proc/sys/vm/min_free_order_shift 4 356 chown root system /sys/module/lowmemorykiller/parameters/adj 357 chmod 0220 /sys/module/lowmemorykiller/parameters/adj 358 chown root system /sys/module/lowmemorykiller/parameters/minfree 359 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree 360 361 # Tweak background writeout 362 write /proc/sys/vm/dirty_expire_centisecs 200 363 write /proc/sys/vm/dirty_background_ratio 5 364 365 # Permissions for System Server and daemons. 366 chown radio system /sys/android_power/state 367 chown radio system /sys/android_power/request_state 368 chown radio system /sys/android_power/acquire_full_wake_lock 369 chown radio system /sys/android_power/acquire_partial_wake_lock 370 chown radio system /sys/android_power/release_wake_lock 371 chown system system /sys/power/autosleep 372 chown system system /sys/power/state 373 chown system system /sys/power/wakeup_count 374 chown radio system /sys/power/wake_lock 375 chown radio system /sys/power/wake_unlock 376 chmod 0660 /sys/power/state 377 chmod 0660 /sys/power/wake_lock 378 chmod 0660 /sys/power/wake_unlock 379 380 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 381 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 382 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 383 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 384 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 385 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 386 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 387 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 388 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 389 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 390 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 391 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 392 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 393 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 394 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 395 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 396 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 397 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 398 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 399 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 400 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 401 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 402 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 403 404 # Assume SMP uses shared cpufreq policy for all CPUs 405 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 406 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 407 408 chown system system /sys/class/timed_output/vibrator/enable 409 chown system system /sys/class/leds/keyboard-backlight/brightness 410 chown system system /sys/class/leds/lcd-backlight/brightness 411 chown system system /sys/class/leds/button-backlight/brightness 412 chown system system /sys/class/leds/jogball-backlight/brightness 413 chown system system /sys/class/leds/red/brightness 414 chown system system /sys/class/leds/green/brightness 415 chown system system /sys/class/leds/blue/brightness 416 chown system system /sys/class/leds/red/device/grpfreq 417 chown system system /sys/class/leds/red/device/grppwm 418 chown system system /sys/class/leds/red/device/blink 419 chown system system /sys/class/timed_output/vibrator/enable 420 chown system system /sys/module/sco/parameters/disable_esco 421 chown system system /sys/kernel/ipv4/tcp_wmem_min 422 chown system system /sys/kernel/ipv4/tcp_wmem_def 423 chown system system /sys/kernel/ipv4/tcp_wmem_max 424 chown system system /sys/kernel/ipv4/tcp_rmem_min 425 chown system system /sys/kernel/ipv4/tcp_rmem_def 426 chown system system /sys/kernel/ipv4/tcp_rmem_max 427 chown root radio /proc/cmdline 428 429 # Define default initial receive window size in segments. 430 setprop net.tcp.default_init_rwnd 60 431 432 class_start core 433 434on nonencrypted 435 class_start main 436 class_start late_start 437 438on property:vold.decrypt=trigger_default_encryption 439 start defaultcrypto 440 441on property:vold.decrypt=trigger_encryption 442 start surfaceflinger 443 start encrypt 444 445on property:sys.init_log_level=* 446 loglevel ${sys.init_log_level} 447 448on charger 449 class_start charger 450 451on property:vold.decrypt=trigger_reset_main 452 class_reset main 453 454on property:vold.decrypt=trigger_load_persist_props 455 load_persist_props 456 457on property:vold.decrypt=trigger_post_fs_data 458 trigger post-fs-data 459 460on property:vold.decrypt=trigger_restart_min_framework 461 class_start main 462 463on property:vold.decrypt=trigger_restart_framework 464 class_start main 465 class_start late_start 466 467on property:vold.decrypt=trigger_shutdown_framework 468 class_reset late_start 469 class_reset main 470 471on property:sys.powerctl=* 472 powerctl ${sys.powerctl} 473 474# system server cannot write to /proc/sys files, 475# and chown/chmod does not work for /proc/sys/ entries. 476# So proxy writes through init. 477on property:sys.sysctl.extra_free_kbytes=* 478 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 479 480# "tcp_default_init_rwnd" Is too long! 481on property:sys.sysctl.tcp_def_init_rwnd=* 482 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 483 484 485## Daemon processes to be run by init. 486## 487service ueventd /sbin/ueventd 488 class core 489 critical 490 seclabel u:r:ueventd:s0 491 492service logd /system/bin/logd 493 class core 494 socket logd stream 0666 logd logd 495 socket logdr seqpacket 0666 logd logd 496 socket logdw dgram 0222 logd logd 497 seclabel u:r:logd:s0 498 499service healthd /sbin/healthd 500 class core 501 critical 502 seclabel u:r:healthd:s0 503 504service console /system/bin/sh 505 class core 506 console 507 disabled 508 user shell 509 group shell log 510 seclabel u:r:shell:s0 511 512on property:ro.debuggable=1 513 start console 514 515# adbd is controlled via property triggers in init.<platform>.usb.rc 516service adbd /sbin/adbd --root_seclabel=u:r:su:s0 517 class core 518 socket adbd stream 660 system system 519 disabled 520 seclabel u:r:adbd:s0 521 522# adbd on at boot in emulator 523on property:ro.kernel.qemu=1 524 start adbd 525 526service lmkd /system/bin/lmkd 527 class core 528 critical 529 socket lmkd seqpacket 0660 system system 530 531service servicemanager /system/bin/servicemanager 532 class core 533 user system 534 group system 535 critical 536 onrestart restart healthd 537 onrestart restart zygote 538 onrestart restart media 539 onrestart restart surfaceflinger 540 onrestart restart drm 541 542service vold /system/bin/vold 543 class core 544 socket vold stream 0660 root mount 545 ioprio be 2 546 547service netd /system/bin/netd 548 class main 549 socket netd stream 0660 root system 550 socket dnsproxyd stream 0660 root inet 551 socket mdns stream 0660 root system 552 socket fwmarkd stream 0660 root inet 553 554service debuggerd /system/bin/debuggerd 555 class main 556 557service debuggerd64 /system/bin/debuggerd64 558 class main 559 560service ril-daemon /system/bin/rild 561 class main 562 socket rild stream 660 root radio 563 socket rild-debug stream 660 radio system 564 user root 565 group radio cache inet misc audio log 566 567service surfaceflinger /system/bin/surfaceflinger 568 class core 569 user system 570 group graphics drmrpc 571 onrestart restart zygote 572 573service drm /system/bin/drmserver 574 class main 575 user drm 576 group drm system inet drmrpc 577 578service media /system/bin/mediaserver 579 class main 580 user media 581 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 582 ioprio rt 4 583 584# One shot invocation to deal with encrypted volume. 585service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 586 disabled 587 oneshot 588 # vold will set vold.decrypt to trigger_restart_framework (default 589 # encryption) or trigger_restart_min_framework (other encryption) 590 591# One shot invocation to encrypt unencrypted volumes 592service encrypt /system/bin/vdc --wait cryptfs maybeenabledefaultcrypto 593 disabled 594 oneshot 595 # vold will set vold.decrypt to trigger_restart_framework (default 596 # encryption) 597 598service bootanim /system/bin/bootanimation 599 class core 600 user graphics 601 group graphics audio 602 disabled 603 oneshot 604 605service installd /system/bin/installd 606 class main 607 socket installd stream 600 system system 608 609service flash_recovery /system/bin/install-recovery.sh 610 class main 611 seclabel u:r:install_recovery:s0 612 oneshot 613 614service racoon /system/bin/racoon 615 class main 616 socket racoon stream 600 system system 617 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 618 group vpn net_admin inet 619 disabled 620 oneshot 621 622service mtpd /system/bin/mtpd 623 class main 624 socket mtpd stream 600 system system 625 user vpn 626 group vpn net_admin inet net_raw 627 disabled 628 oneshot 629 630service keystore /system/bin/keystore /data/misc/keystore 631 class main 632 user keystore 633 group keystore drmrpc 634 635service dumpstate /system/bin/dumpstate -s 636 class main 637 socket dumpstate stream 0660 shell log 638 disabled 639 oneshot 640 641service mdnsd /system/bin/mdnsd 642 class main 643 user mdnsr 644 group inet net_raw 645 socket mdnsd stream 0660 mdnsr inet 646 disabled 647 oneshot 648 649service pre-recovery /system/bin/uncrypt 650 class main 651 disabled 652 oneshot 653