init.rc revision 64dffd3975824512353244684c960845be8bdde2 
1# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7import /init.environ.rc
8import /init.usb.rc
9import /init.${ro.hardware}.rc
10import /init.${ro.zygote}.rc
11import /init.trace.rc
12
13on early-init
14    # Set init and its forked children's oom_adj.
15    write /proc/1/oom_score_adj -1000
16
17    # Set the security context of /adb_keys if present.
18    restorecon /adb_keys
19
20    start ueventd
21
22on init
23    sysclktz 0
24
25    # Backward compatibility.
26    symlink /system/etc /etc
27    symlink /sys/kernel/debug /d
28
29    # Link /vendor to /system/vendor for devices without a vendor partition.
30    symlink /system/vendor /vendor
31
32    # Mount cgroup mount point for cpu accounting
33    mount cgroup none /acct cpuacct
34    mkdir /acct/uid
35
36    # Create cgroup mount point for memory
37    mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
38    mkdir /sys/fs/cgroup/memory 0750 root system
39    mount cgroup none /sys/fs/cgroup/memory memory
40    write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
41    chown root system /sys/fs/cgroup/memory/tasks
42    chmod 0660 /sys/fs/cgroup/memory/tasks
43    mkdir /sys/fs/cgroup/memory/sw 0750 root system
44    write /sys/fs/cgroup/memory/sw/memory.swappiness 100
45    write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
46    chown root system /sys/fs/cgroup/memory/sw/tasks
47    chmod 0660 /sys/fs/cgroup/memory/sw/tasks
48
49    # See storage config details at http://source.android.com/tech/storage/
50    mkdir /mnt/shell 0700 shell shell
51    mkdir /mnt/media_rw 0700 media_rw media_rw
52    mkdir /storage 0751 root sdcard_r
53
54    # Directory for putting things only root should see.
55    mkdir /mnt/secure 0700 root root
56
57    # Directory for staging bindmounts
58    mkdir /mnt/secure/staging 0700 root root
59
60    # Directory-target for where the secure container
61    # imagefile directory will be bind-mounted
62    mkdir /mnt/secure/asec  0700 root root
63
64    # Secure container public mount points.
65    mkdir /mnt/asec  0700 root system
66    mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
67
68    # Filesystem image public mount points.
69    mkdir /mnt/obb 0700 root system
70    mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
71
72    # memory control cgroup
73    mkdir /dev/memcg 0700 root system
74    mount cgroup none /dev/memcg memory
75
76    write /proc/sys/kernel/panic_on_oops 1
77    write /proc/sys/kernel/hung_task_timeout_secs 0
78    write /proc/cpu/alignment 4
79    write /proc/sys/kernel/sched_latency_ns 10000000
80    write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
81    write /proc/sys/kernel/sched_compat_yield 1
82    write /proc/sys/kernel/sched_child_runs_first 0
83    write /proc/sys/kernel/randomize_va_space 2
84    write /proc/sys/kernel/kptr_restrict 2
85    write /proc/sys/vm/mmap_min_addr 32768
86    write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
87    write /proc/sys/net/unix/max_dgram_qlen 300
88    write /proc/sys/kernel/sched_rt_runtime_us 950000
89    write /proc/sys/kernel/sched_rt_period_us 1000000
90
91    # reflect fwmark from incoming packets onto generated replies
92    write /proc/sys/net/ipv4/fwmark_reflect 1
93    write /proc/sys/net/ipv6/fwmark_reflect 1
94
95    # set fwmark on accepted sockets
96    write /proc/sys/net/ipv4/tcp_fwmark_accept 1
97
98    # Create cgroup mount points for process groups
99    mkdir /dev/cpuctl
100    mount cgroup none /dev/cpuctl cpu
101    chown system system /dev/cpuctl
102    chown system system /dev/cpuctl/tasks
103    chmod 0666 /dev/cpuctl/tasks
104    write /dev/cpuctl/cpu.shares 1024
105    write /dev/cpuctl/cpu.rt_runtime_us 800000
106    write /dev/cpuctl/cpu.rt_period_us 1000000
107
108    mkdir /dev/cpuctl/bg_non_interactive
109    chown system system /dev/cpuctl/bg_non_interactive/tasks
110    chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
111    # 5.0 %
112    write /dev/cpuctl/bg_non_interactive/cpu.shares 52
113    write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
114    write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
115
116    # qtaguid will limit access to specific data based on group memberships.
117    #   net_bw_acct grants impersonation of socket owners.
118    #   net_bw_stats grants access to other apps' detailed tagged-socket stats.
119    chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
120    chown root net_bw_stats /proc/net/xt_qtaguid/stats
121
122    # Allow everybody to read the xt_qtaguid resource tracking misc dev.
123    # This is needed by any process that uses socket tagging.
124    chmod 0644 /dev/xt_qtaguid
125
126    # Create location for fs_mgr to store abbreviated output from filesystem
127    # checker programs.
128    mkdir /dev/fscklogs 0770 root system
129
130    # pstore/ramoops previous console log
131    mount pstore pstore /sys/fs/pstore
132    chown system log /sys/fs/pstore/console-ramoops
133    chmod 0440 /sys/fs/pstore/console-ramoops
134    chown system log /sys/fs/pstore/pmsg-ramoops-0
135    chmod 0440 /sys/fs/pstore/pmsg-ramoops-0
136
137    # enable armv8_deprecated instruction hooks
138    write /proc/sys/abi/swp 1
139
140# Healthd can trigger a full boot from charger mode by signaling this
141# property when the power button is held.
142on property:sys.boot_from_charger_mode=1
143    class_stop charger
144    trigger late-init
145
146# Load properties from /system/ + /factory after fs mount.
147on load_all_props_action
148    load_all_props
149    start logd
150    start logd-reinit
151
152# Indicate to fw loaders that the relevant mounts are up.
153on firmware_mounts_complete
154    rm /dev/.booting
155
156# Mount filesystems and start core system services.
157on late-init
158    trigger early-fs
159    trigger fs
160    trigger post-fs
161    trigger post-fs-data
162
163    # Load properties from /system/ + /factory after fs mount. Place
164    # this in another action so that the load will be scheduled after the prior
165    # issued fs triggers have completed.
166    trigger load_all_props_action
167
168    # Remove a file to wake up anything waiting for firmware.
169    trigger firmware_mounts_complete
170
171    trigger early-boot
172    trigger boot
173
174
175on post-fs
176    start logd
177    # once everything is setup, no need to modify /
178    mount rootfs rootfs / ro remount
179    # mount shared so changes propagate into child namespaces
180    mount rootfs rootfs / shared rec
181
182    # We chown/chmod /cache again so because mount is run as root + defaults
183    chown system cache /cache
184    chmod 0770 /cache
185    # We restorecon /cache in case the cache partition has been reset.
186    restorecon_recursive /cache
187
188    # Create /cache/recovery in case it's not there. It'll also fix the odd
189    # permissions if created by the recovery system.
190    mkdir /cache/recovery 0770 system cache
191
192    #change permissions on vmallocinfo so we can grab it from bugreports
193    chown root log /proc/vmallocinfo
194    chmod 0440 /proc/vmallocinfo
195
196    chown root log /proc/slabinfo
197    chmod 0440 /proc/slabinfo
198
199    #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
200    chown root system /proc/kmsg
201    chmod 0440 /proc/kmsg
202    chown root system /proc/sysrq-trigger
203    chmod 0220 /proc/sysrq-trigger
204    chown system log /proc/last_kmsg
205    chmod 0440 /proc/last_kmsg
206
207    # make the selinux kernel policy world-readable
208    chmod 0444 /sys/fs/selinux/policy
209
210    # create the lost+found directories, so as to enforce our permissions
211    mkdir /cache/lost+found 0770 root root
212
213on post-fs-data
214    # We chown/chmod /data again so because mount is run as root + defaults
215    chown system system /data
216    chmod 0771 /data
217    # We restorecon /data in case the userdata partition has been reset.
218    restorecon /data
219
220    # Make sure we have the device encryption key
221    start logd
222    start vold
223    installkey /data
224
225    # Start bootcharting as soon as possible after the data partition is
226    # mounted to collect more data.
227    mkdir /data/bootchart 0755 shell shell
228    bootchart_init
229
230    # Avoid predictable entropy pool. Carry over entropy from previous boot.
231    copy /data/system/entropy.dat /dev/urandom
232
233    # create basic filesystem structure
234    mkdir /data/misc 01771 system misc
235    mkdir /data/misc/adb 02750 system shell
236    mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
237    mkdir /data/misc/bluetooth 0770 system system
238    mkdir /data/misc/keystore 0700 keystore keystore
239    mkdir /data/misc/gatekeeper 0700 system system
240    mkdir /data/misc/keychain 0771 system system
241    mkdir /data/misc/net 0750 root shell
242    mkdir /data/misc/radio 0770 system radio
243    mkdir /data/misc/sms 0770 system radio
244    mkdir /data/misc/zoneinfo 0775 system system
245    mkdir /data/misc/vpn 0770 system vpn
246    mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
247    mkdir /data/misc/systemkeys 0700 system system
248    mkdir /data/misc/wifi 0770 wifi wifi
249    mkdir /data/misc/wifi/sockets 0770 wifi wifi
250    mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
251    mkdir /data/misc/ethernet 0770 system system
252    mkdir /data/misc/dhcp 0770 dhcp dhcp
253    mkdir /data/misc/user 0771 root root
254    mkdir /data/misc/perfprofd 0775 root root
255    # give system access to wpa_supplicant.conf for backup and restore
256    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
257    mkdir /data/local 0751 root root
258    mkdir /data/misc/media 0700 media media
259
260    # For security reasons, /data/local/tmp should always be empty.
261    # Do not place files or directories in /data/local/tmp
262    mkdir /data/local/tmp 0771 shell shell
263    mkdir /data/data 0771 system system
264    mkdir /data/app-private 0771 system system
265    mkdir /data/app-asec 0700 root root
266    mkdir /data/app-lib 0771 system system
267    mkdir /data/app 0771 system system
268    mkdir /data/property 0700 root root
269    mkdir /data/tombstones 0771 system system
270
271    # create dalvik-cache, so as to enforce our permissions
272    mkdir /data/dalvik-cache 0771 root root
273    mkdir /data/dalvik-cache/profiles 0711 system system
274
275    # create resource-cache and double-check the perms
276    mkdir /data/resource-cache 0771 system system
277    chown system system /data/resource-cache
278    chmod 0771 /data/resource-cache
279
280    # create the lost+found directories, so as to enforce our permissions
281    mkdir /data/lost+found 0770 root root
282
283    # create directory for DRM plug-ins - give drm the read/write access to
284    # the following directory.
285    mkdir /data/drm 0770 drm drm
286
287    # create directory for MediaDrm plug-ins - give drm the read/write access to
288    # the following directory.
289    mkdir /data/mediadrm 0770 mediadrm mediadrm
290
291    mkdir /data/adb 0700 root root
292
293    # symlink to bugreport storage location
294    symlink /data/data/com.android.shell/files/bugreports /data/bugreports
295
296    # Separate location for storing security policy files on data
297    mkdir /data/security 0711 system system
298
299    # Create all remaining /data root dirs so that they are made through init
300    # and get proper encryption policy installed
301    mkdir /data/backup 0700 system system
302    mkdir /data/media 0770 media_rw media_rw
303    mkdir /data/ss 0700 system system
304    mkdir /data/system 0775 system system
305    mkdir /data/system/heapdump 0700 system system
306    mkdir /data/user 0711 system system
307
308    # Reload policy from /data/security if present.
309    setprop selinux.reload_policy 1
310
311    # Set SELinux security contexts on upgrade or policy update.
312    restorecon_recursive /data
313
314    # Check any timezone data in /data is newer than the copy in /system, delete if not.
315    exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo
316
317    # If there is no fs-post-data action in the init.<device>.rc file, you
318    # must uncomment this line, otherwise encrypted filesystems
319    # won't work.
320    # Set indication (checked by vold) that we have finished this action
321    #setprop vold.post_fs_data_done 1
322
323on boot
324    # basic network init
325    ifup lo
326    hostname localhost
327    domainname localdomain
328
329    # set RLIMIT_NICE to allow priorities from 19 to -20
330    setrlimit 13 40 40
331
332    # Memory management.  Basic kernel parameters, and allow the high
333    # level system server to be able to adjust the kernel OOM driver
334    # parameters to match how it is managing things.
335    write /proc/sys/vm/overcommit_memory 1
336    write /proc/sys/vm/min_free_order_shift 4
337    chown root system /sys/module/lowmemorykiller/parameters/adj
338    chmod 0220 /sys/module/lowmemorykiller/parameters/adj
339    chown root system /sys/module/lowmemorykiller/parameters/minfree
340    chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
341
342    # Tweak background writeout
343    write /proc/sys/vm/dirty_expire_centisecs 200
344    write /proc/sys/vm/dirty_background_ratio  5
345
346    # Permissions for System Server and daemons.
347    chown radio system /sys/android_power/state
348    chown radio system /sys/android_power/request_state
349    chown radio system /sys/android_power/acquire_full_wake_lock
350    chown radio system /sys/android_power/acquire_partial_wake_lock
351    chown radio system /sys/android_power/release_wake_lock
352    chown system system /sys/power/autosleep
353    chown system system /sys/power/state
354    chown system system /sys/power/wakeup_count
355    chown radio system /sys/power/wake_lock
356    chown radio system /sys/power/wake_unlock
357    chmod 0660 /sys/power/state
358    chmod 0660 /sys/power/wake_lock
359    chmod 0660 /sys/power/wake_unlock
360
361    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
362    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
363    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
364    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
365    chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
366    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
367    chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
368    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
369    chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
370    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
371    chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
372    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
373    chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
374    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
375    chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
376    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
377    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
378    chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
379    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
380    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
381    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
382    chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
383    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
384
385    # Assume SMP uses shared cpufreq policy for all CPUs
386    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
387    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
388
389    chown system system /sys/class/timed_output/vibrator/enable
390    chown system system /sys/class/leds/keyboard-backlight/brightness
391    chown system system /sys/class/leds/lcd-backlight/brightness
392    chown system system /sys/class/leds/button-backlight/brightness
393    chown system system /sys/class/leds/jogball-backlight/brightness
394    chown system system /sys/class/leds/red/brightness
395    chown system system /sys/class/leds/green/brightness
396    chown system system /sys/class/leds/blue/brightness
397    chown system system /sys/class/leds/red/device/grpfreq
398    chown system system /sys/class/leds/red/device/grppwm
399    chown system system /sys/class/leds/red/device/blink
400    chown system system /sys/class/timed_output/vibrator/enable
401    chown system system /sys/module/sco/parameters/disable_esco
402    chown system system /sys/kernel/ipv4/tcp_wmem_min
403    chown system system /sys/kernel/ipv4/tcp_wmem_def
404    chown system system /sys/kernel/ipv4/tcp_wmem_max
405    chown system system /sys/kernel/ipv4/tcp_rmem_min
406    chown system system /sys/kernel/ipv4/tcp_rmem_def
407    chown system system /sys/kernel/ipv4/tcp_rmem_max
408    chown root radio /proc/cmdline
409
410    # Define default initial receive window size in segments.
411    setprop net.tcp.default_init_rwnd 60
412
413    class_start core
414
415on nonencrypted
416    class_start main
417    class_start late_start
418
419on property:vold.decrypt=trigger_default_encryption
420    start defaultcrypto
421
422on property:vold.decrypt=trigger_encryption
423    start surfaceflinger
424    start encrypt
425
426on property:sys.init_log_level=*
427    loglevel ${sys.init_log_level}
428
429on charger
430    class_start charger
431
432on property:vold.decrypt=trigger_reset_main
433    class_reset main
434
435on property:vold.decrypt=trigger_load_persist_props
436    load_persist_props
437    start logd
438    start logd-reinit
439
440on property:vold.decrypt=trigger_post_fs_data
441    trigger post-fs-data
442
443on property:vold.decrypt=trigger_restart_min_framework
444    class_start main
445
446on property:vold.decrypt=trigger_restart_framework
447    class_start main
448    class_start late_start
449
450on property:vold.decrypt=trigger_shutdown_framework
451    class_reset late_start
452    class_reset main
453
454on property:sys.powerctl=*
455    powerctl ${sys.powerctl}
456
457# system server cannot write to /proc/sys files,
458# and chown/chmod does not work for /proc/sys/ entries.
459# So proxy writes through init.
460on property:sys.sysctl.extra_free_kbytes=*
461    write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
462
463# "tcp_default_init_rwnd" Is too long!
464on property:sys.sysctl.tcp_def_init_rwnd=*
465    write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
466
467
468## Daemon processes to be run by init.
469##
470service ueventd /sbin/ueventd
471    class core
472    critical
473    seclabel u:r:ueventd:s0
474
475service logd /system/bin/logd
476    class core
477    socket logd stream 0666 logd logd
478    socket logdr seqpacket 0666 logd logd
479    socket logdw dgram 0222 logd logd
480
481service logd-reinit /system/bin/logd --reinit
482    oneshot
483    disabled
484
485service healthd /sbin/healthd
486    class core
487    critical
488    seclabel u:r:healthd:s0
489
490service console /system/bin/sh
491    class core
492    console
493    disabled
494    user shell
495    group shell log
496    seclabel u:r:shell:s0
497
498on property:ro.debuggable=1
499    start console
500
501# adbd is controlled via property triggers in init.<platform>.usb.rc
502service adbd /sbin/adbd --root_seclabel=u:r:su:s0
503    class core
504    socket adbd stream 660 system system
505    disabled
506    seclabel u:r:adbd:s0
507
508# adbd on at boot in emulator
509on property:ro.kernel.qemu=1
510    start adbd
511
512service lmkd /system/bin/lmkd
513    class core
514    critical
515    socket lmkd seqpacket 0660 system system
516
517service servicemanager /system/bin/servicemanager
518    class core
519    user system
520    group system
521    critical
522    onrestart restart healthd
523    onrestart restart zygote
524    onrestart restart media
525    onrestart restart surfaceflinger
526    onrestart restart drm
527
528service vold /system/bin/vold
529    class core
530    socket vold stream 0660 root mount
531    ioprio be 2
532
533service netd /system/bin/netd
534    class main
535    socket netd stream 0660 root system
536    socket dnsproxyd stream 0660 root inet
537    socket mdns stream 0660 root system
538    socket fwmarkd stream 0660 root inet
539
540service debuggerd /system/bin/debuggerd
541    class main
542
543service debuggerd64 /system/bin/debuggerd64
544    class main
545
546service ril-daemon /system/bin/rild
547    class main
548    socket rild stream 660 root radio
549    socket rild-debug stream 660 radio system
550    user root
551    group radio cache inet misc audio log
552
553service surfaceflinger /system/bin/surfaceflinger
554    class core
555    user system
556    group graphics drmrpc
557    onrestart restart zygote
558
559service drm /system/bin/drmserver
560    class main
561    user drm
562    group drm system inet drmrpc
563
564service media /system/bin/mediaserver
565    class main
566    user media
567    group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
568    ioprio rt 4
569
570# One shot invocation to deal with encrypted volume.
571service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
572    disabled
573    oneshot
574    # vold will set vold.decrypt to trigger_restart_framework (default
575    # encryption) or trigger_restart_min_framework (other encryption)
576
577# One shot invocation to encrypt unencrypted volumes
578service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
579    disabled
580    oneshot
581    # vold will set vold.decrypt to trigger_restart_framework (default
582    # encryption)
583
584service bootanim /system/bin/bootanimation
585    class core
586    user graphics
587    group graphics audio
588    disabled
589    oneshot
590
591service installd /system/bin/installd
592    class main
593    socket installd stream 600 system system
594
595service flash_recovery /system/bin/install-recovery.sh
596    class main
597    oneshot
598
599service racoon /system/bin/racoon
600    class main
601    socket racoon stream 600 system system
602    # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
603    group vpn net_admin inet
604    disabled
605    oneshot
606
607service mtpd /system/bin/mtpd
608    class main
609    socket mtpd stream 600 system system
610    user vpn
611    group vpn net_admin inet net_raw
612    disabled
613    oneshot
614
615service keystore /system/bin/keystore /data/misc/keystore
616    class main
617    user keystore
618    group keystore drmrpc
619
620service dumpstate /system/bin/dumpstate -s
621    class main
622    socket dumpstate stream 0660 shell log
623    disabled
624    oneshot
625
626service mdnsd /system/bin/mdnsd
627    class main
628    user mdnsr
629    group inet net_raw
630    socket mdnsd stream 0660 mdnsr inet
631    disabled
632    oneshot
633
634service uncrypt /system/bin/uncrypt
635    class main
636    disabled
637    oneshot
638
639service pre-recovery /system/bin/uncrypt --reboot
640    class main
641    disabled
642    oneshot
643
644service perfprofd /system/xbin/perfprofd
645    class late_start
646    user root
647    oneshot
648
649on property:persist.logd.logpersistd=logcatd
650    # all exec/services are called with umask(077), so no gain beyond 0700
651    mkdir /data/misc/logd 0700 logd log
652    # logd for write to /data/misc/logd, log group for read from pstore (-L)
653    exec - logd log -- /system/bin/logcat -L -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256
654    start logcatd
655
656service logcatd /system/bin/logcat -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256
657    class late_start
658    disabled
659    # logd for write to /data/misc/logd, log group for read from log daemon
660    user logd
661    group log
662