init.rc revision 667230074b6e4e306a50d84a88a57bf4f1ec0291
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.${ro.zygote}.rc 11import /init.trace.rc 12 13on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_score_adj -1000 16 17 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. 18 write /sys/fs/selinux/checkreqprot 0 19 20 # Set the security context for the init process. 21 # This should occur before anything else (e.g. ueventd) is started. 22 setcon u:r:init:s0 23 24 # Set the security context of /adb_keys if present. 25 restorecon /adb_keys 26 27 start ueventd 28 29 # create mountpoints 30 mkdir /mnt 0775 root system 31 32on init 33 sysclktz 0 34 35 loglevel 3 36 37 # Backward compatibility 38 symlink /system/etc /etc 39 symlink /sys/kernel/debug /d 40 41 # Right now vendor lives on the same filesystem as system, 42 # but someday that may change. 43 symlink /system/vendor /vendor 44 45 # Create cgroup mount point for cpu accounting 46 mkdir /acct 47 mount cgroup none /acct cpuacct 48 mkdir /acct/uid 49 50 # Create cgroup mount point for memory 51 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 52 mkdir /sys/fs/cgroup/memory 0750 root system 53 mount cgroup none /sys/fs/cgroup/memory memory 54 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 55 chown root system /sys/fs/cgroup/memory/tasks 56 chmod 0660 /sys/fs/cgroup/memory/tasks 57 mkdir /sys/fs/cgroup/memory/sw 0750 root system 58 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 59 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 60 chown root system /sys/fs/cgroup/memory/sw/tasks 61 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 62 63 mkdir /system 64 mkdir /data 0771 system system 65 mkdir /cache 0770 system cache 66 mkdir /config 0500 root root 67 68 # See storage config details at http://source.android.com/tech/storage/ 69 mkdir /mnt/shell 0700 shell shell 70 mkdir /mnt/media_rw 0700 media_rw media_rw 71 mkdir /storage 0751 root sdcard_r 72 73 # Directory for putting things only root should see. 74 mkdir /mnt/secure 0700 root root 75 76 # Directory for staging bindmounts 77 mkdir /mnt/secure/staging 0700 root root 78 79 # Directory-target for where the secure container 80 # imagefile directory will be bind-mounted 81 mkdir /mnt/secure/asec 0700 root root 82 83 # Secure container public mount points. 84 mkdir /mnt/asec 0700 root system 85 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 86 87 # Filesystem image public mount points. 88 mkdir /mnt/obb 0700 root system 89 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 90 91 # memory control cgroup 92 mkdir /dev/memcg 0700 root system 93 mount cgroup none /dev/memcg memory 94 95 write /proc/sys/kernel/panic_on_oops 1 96 write /proc/sys/kernel/hung_task_timeout_secs 0 97 write /proc/cpu/alignment 4 98 write /proc/sys/kernel/sched_latency_ns 10000000 99 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 100 write /proc/sys/kernel/sched_compat_yield 1 101 write /proc/sys/kernel/sched_child_runs_first 0 102 write /proc/sys/kernel/randomize_va_space 2 103 write /proc/sys/kernel/kptr_restrict 2 104 write /proc/sys/vm/mmap_min_addr 32768 105 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 106 write /proc/sys/net/unix/max_dgram_qlen 300 107 write /proc/sys/kernel/sched_rt_runtime_us 950000 108 write /proc/sys/kernel/sched_rt_period_us 1000000 109 110 # reflect fwmark from incoming packets onto generated replies 111 write /proc/sys/net/ipv4/fwmark_reflect 1 112 write /proc/sys/net/ipv6/fwmark_reflect 1 113 114 # set fwmark on accepted sockets 115 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 116 117 # Create cgroup mount points for process groups 118 mkdir /dev/cpuctl 119 mount cgroup none /dev/cpuctl cpu 120 chown system system /dev/cpuctl 121 chown system system /dev/cpuctl/tasks 122 chmod 0660 /dev/cpuctl/tasks 123 write /dev/cpuctl/cpu.shares 1024 124 write /dev/cpuctl/cpu.rt_runtime_us 950000 125 write /dev/cpuctl/cpu.rt_period_us 1000000 126 127 mkdir /dev/cpuctl/apps 128 chown system system /dev/cpuctl/apps/tasks 129 chmod 0666 /dev/cpuctl/apps/tasks 130 write /dev/cpuctl/apps/cpu.shares 1024 131 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000 132 write /dev/cpuctl/apps/cpu.rt_period_us 1000000 133 134 mkdir /dev/cpuctl/apps/bg_non_interactive 135 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks 136 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks 137 # 5.0 % 138 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52 139 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000 140 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000 141 142 # qtaguid will limit access to specific data based on group memberships. 143 # net_bw_acct grants impersonation of socket owners. 144 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 145 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 146 chown root net_bw_stats /proc/net/xt_qtaguid/stats 147 148 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 149 # This is needed by any process that uses socket tagging. 150 chmod 0644 /dev/xt_qtaguid 151 152 # Create location for fs_mgr to store abbreviated output from filesystem 153 # checker programs. 154 mkdir /dev/fscklogs 0770 root system 155 156 # pstore/ramoops previous console log 157 mount pstore pstore /sys/fs/pstore 158 chown system log /sys/fs/pstore/console-ramoops 159 chmod 0440 /sys/fs/pstore/console-ramoops 160 161# Healthd can trigger a full boot from charger mode by signaling this 162# property when the power button is held. 163on property:sys.boot_from_charger_mode=1 164 class_stop charger 165 trigger late-init 166 167# Load properties from /system/ + /factory after fs mount. 168on load_all_props_action 169 load_all_props 170 171# Indicate to fw loaders that the relevant mounts are up. 172on firmware_mounts_complete 173 rm /dev/.booting 174 175# Mount filesystems and start core system services. 176on late-init 177 trigger early-fs 178 trigger fs 179 trigger post-fs 180 trigger post-fs-data 181 182 # Load properties from /system/ + /factory after fs mount. Place 183 # this in another action so that the load will be scheduled after the prior 184 # issued fs triggers have completed. 185 trigger load_all_props_action 186 187 # Remove a file to wake up anything waiting for firmware. 188 trigger firmware_mounts_complete 189 190 trigger early-boot 191 trigger boot 192 193 194on post-fs 195 # once everything is setup, no need to modify / 196 mount rootfs rootfs / ro remount 197 # mount shared so changes propagate into child namespaces 198 mount rootfs rootfs / shared rec 199 200 # We chown/chmod /cache again so because mount is run as root + defaults 201 chown system cache /cache 202 chmod 0770 /cache 203 # We restorecon /cache in case the cache partition has been reset. 204 restorecon_recursive /cache 205 206 # This may have been created by the recovery system with odd permissions 207 chown system cache /cache/recovery 208 chmod 0770 /cache/recovery 209 210 #change permissions on vmallocinfo so we can grab it from bugreports 211 chown root log /proc/vmallocinfo 212 chmod 0440 /proc/vmallocinfo 213 214 chown root log /proc/slabinfo 215 chmod 0440 /proc/slabinfo 216 217 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 218 chown root system /proc/kmsg 219 chmod 0440 /proc/kmsg 220 chown root system /proc/sysrq-trigger 221 chmod 0220 /proc/sysrq-trigger 222 chown system log /proc/last_kmsg 223 chmod 0440 /proc/last_kmsg 224 225 # make the selinux kernel policy world-readable 226 chmod 0444 /sys/fs/selinux/policy 227 228 # create the lost+found directories, so as to enforce our permissions 229 mkdir /cache/lost+found 0770 root root 230 231on post-fs-data 232 # We chown/chmod /data again so because mount is run as root + defaults 233 chown system system /data 234 chmod 0771 /data 235 # We restorecon /data in case the userdata partition has been reset. 236 restorecon /data 237 238 # Avoid predictable entropy pool. Carry over entropy from previous boot. 239 copy /data/system/entropy.dat /dev/urandom 240 241 # Create dump dir and collect dumps. 242 # Do this before we mount cache so eventually we can use cache for 243 # storing dumps on platforms which do not have a dedicated dump partition. 244 mkdir /data/dontpanic 0750 root log 245 246 # Collect apanic data, free resources and re-arm trigger 247 copy /proc/apanic_console /data/dontpanic/apanic_console 248 chown root log /data/dontpanic/apanic_console 249 chmod 0640 /data/dontpanic/apanic_console 250 251 copy /proc/apanic_threads /data/dontpanic/apanic_threads 252 chown root log /data/dontpanic/apanic_threads 253 chmod 0640 /data/dontpanic/apanic_threads 254 255 write /proc/apanic_console 1 256 257 # create basic filesystem structure 258 mkdir /data/misc 01771 system misc 259 mkdir /data/misc/adb 02750 system shell 260 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack 261 mkdir /data/misc/bluetooth 0770 system system 262 mkdir /data/misc/keystore 0700 keystore keystore 263 mkdir /data/misc/keychain 0771 system system 264 mkdir /data/misc/net 0750 root shell 265 mkdir /data/misc/radio 0770 system radio 266 mkdir /data/misc/sms 0770 system radio 267 mkdir /data/misc/zoneinfo 0775 system system 268 mkdir /data/misc/vpn 0770 system vpn 269 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 270 mkdir /data/misc/systemkeys 0700 system system 271 mkdir /data/misc/wifi 0770 wifi wifi 272 mkdir /data/misc/wifi/sockets 0770 wifi wifi 273 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 274 mkdir /data/misc/ethernet 0770 system system 275 mkdir /data/misc/dhcp 0770 dhcp dhcp 276 mkdir /data/misc/user 0771 root root 277 # give system access to wpa_supplicant.conf for backup and restore 278 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 279 mkdir /data/local 0751 root root 280 mkdir /data/misc/media 0700 media media 281 282 # For security reasons, /data/local/tmp should always be empty. 283 # Do not place files or directories in /data/local/tmp 284 mkdir /data/local/tmp 0771 shell shell 285 mkdir /data/data 0771 system system 286 mkdir /data/app-private 0771 system system 287 mkdir /data/app-asec 0700 root root 288 mkdir /data/app-lib 0771 system system 289 mkdir /data/app 0771 system system 290 mkdir /data/property 0700 root root 291 292 # create dalvik-cache, so as to enforce our permissions 293 mkdir /data/dalvik-cache 0771 root root 294 mkdir /data/dalvik-cache/profiles 0711 system system 295 296 # create resource-cache and double-check the perms 297 mkdir /data/resource-cache 0771 system system 298 chown system system /data/resource-cache 299 chmod 0771 /data/resource-cache 300 301 # create the lost+found directories, so as to enforce our permissions 302 mkdir /data/lost+found 0770 root root 303 304 # create directory for DRM plug-ins - give drm the read/write access to 305 # the following directory. 306 mkdir /data/drm 0770 drm drm 307 308 # create directory for MediaDrm plug-ins - give drm the read/write access to 309 # the following directory. 310 mkdir /data/mediadrm 0770 mediadrm mediadrm 311 312 mkdir /data/adb 0700 root root 313 314 # symlink to bugreport storage location 315 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 316 317 # Separate location for storing security policy files on data 318 mkdir /data/security 0711 system system 319 320 # Reload policy from /data/security if present. 321 setprop selinux.reload_policy 1 322 323 # Set SELinux security contexts on upgrade or policy update. 324 restorecon_recursive /data 325 326 # If there is no fs-post-data action in the init.<device>.rc file, you 327 # must uncomment this line, otherwise encrypted filesystems 328 # won't work. 329 # Set indication (checked by vold) that we have finished this action 330 #setprop vold.post_fs_data_done 1 331 332on boot 333 # basic network init 334 ifup lo 335 hostname localhost 336 domainname localdomain 337 338 # set RLIMIT_NICE to allow priorities from 19 to -20 339 setrlimit 13 40 40 340 341 # Memory management. Basic kernel parameters, and allow the high 342 # level system server to be able to adjust the kernel OOM driver 343 # parameters to match how it is managing things. 344 write /proc/sys/vm/overcommit_memory 1 345 write /proc/sys/vm/min_free_order_shift 4 346 chown root system /sys/module/lowmemorykiller/parameters/adj 347 chmod 0220 /sys/module/lowmemorykiller/parameters/adj 348 chown root system /sys/module/lowmemorykiller/parameters/minfree 349 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree 350 351 # Tweak background writeout 352 write /proc/sys/vm/dirty_expire_centisecs 200 353 write /proc/sys/vm/dirty_background_ratio 5 354 355 # Permissions for System Server and daemons. 356 chown radio system /sys/android_power/state 357 chown radio system /sys/android_power/request_state 358 chown radio system /sys/android_power/acquire_full_wake_lock 359 chown radio system /sys/android_power/acquire_partial_wake_lock 360 chown radio system /sys/android_power/release_wake_lock 361 chown system system /sys/power/autosleep 362 chown system system /sys/power/state 363 chown system system /sys/power/wakeup_count 364 chown radio system /sys/power/wake_lock 365 chown radio system /sys/power/wake_unlock 366 chmod 0660 /sys/power/state 367 chmod 0660 /sys/power/wake_lock 368 chmod 0660 /sys/power/wake_unlock 369 370 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 371 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 372 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 373 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 374 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 375 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 376 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 377 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 378 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 379 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 380 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 381 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 382 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 383 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 384 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 385 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 386 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 387 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 388 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 389 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 390 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 391 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 392 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 393 394 # Assume SMP uses shared cpufreq policy for all CPUs 395 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 396 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 397 398 chown system system /sys/class/timed_output/vibrator/enable 399 chown system system /sys/class/leds/keyboard-backlight/brightness 400 chown system system /sys/class/leds/lcd-backlight/brightness 401 chown system system /sys/class/leds/button-backlight/brightness 402 chown system system /sys/class/leds/jogball-backlight/brightness 403 chown system system /sys/class/leds/red/brightness 404 chown system system /sys/class/leds/green/brightness 405 chown system system /sys/class/leds/blue/brightness 406 chown system system /sys/class/leds/red/device/grpfreq 407 chown system system /sys/class/leds/red/device/grppwm 408 chown system system /sys/class/leds/red/device/blink 409 chown system system /sys/class/timed_output/vibrator/enable 410 chown system system /sys/module/sco/parameters/disable_esco 411 chown system system /sys/kernel/ipv4/tcp_wmem_min 412 chown system system /sys/kernel/ipv4/tcp_wmem_def 413 chown system system /sys/kernel/ipv4/tcp_wmem_max 414 chown system system /sys/kernel/ipv4/tcp_rmem_min 415 chown system system /sys/kernel/ipv4/tcp_rmem_def 416 chown system system /sys/kernel/ipv4/tcp_rmem_max 417 chown root radio /proc/cmdline 418 419 # Define default initial receive window size in segments. 420 setprop net.tcp.default_init_rwnd 60 421 422 class_start core 423 424on nonencrypted 425 class_start main 426 class_start late_start 427 428on property:vold.decrypt=trigger_default_encryption 429 start defaultcrypto 430 431on property:vold.decrypt=trigger_encryption 432 start surfaceflinger 433 start encrypt 434 435on property:sys.init_log_level=* 436 loglevel ${sys.init_log_level} 437 438on charger 439 class_start charger 440 441on property:vold.decrypt=trigger_reset_main 442 class_reset main 443 444on property:vold.decrypt=trigger_load_persist_props 445 load_persist_props 446 447on property:vold.decrypt=trigger_post_fs_data 448 trigger post-fs-data 449 450on property:vold.decrypt=trigger_restart_min_framework 451 class_start main 452 453on property:vold.decrypt=trigger_restart_framework 454 class_start main 455 class_start late_start 456 457on property:vold.decrypt=trigger_shutdown_framework 458 class_reset late_start 459 class_reset main 460 461on property:sys.powerctl=* 462 powerctl ${sys.powerctl} 463 464# system server cannot write to /proc/sys files, 465# and chown/chmod does not work for /proc/sys/ entries. 466# So proxy writes through init. 467on property:sys.sysctl.extra_free_kbytes=* 468 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 469 470# "tcp_default_init_rwnd" Is too long! 471on property:sys.sysctl.tcp_def_init_rwnd=* 472 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 473 474 475## Daemon processes to be run by init. 476## 477service ueventd /sbin/ueventd 478 class core 479 critical 480 seclabel u:r:ueventd:s0 481 482service logd /system/bin/logd 483 class core 484 socket logd stream 0666 logd logd 485 socket logdr seqpacket 0666 logd logd 486 socket logdw dgram 0222 logd logd 487 seclabel u:r:logd:s0 488 489service healthd /sbin/healthd 490 class core 491 critical 492 seclabel u:r:healthd:s0 493 494service console /system/bin/sh 495 class core 496 console 497 disabled 498 user shell 499 group shell log 500 seclabel u:r:shell:s0 501 502on property:ro.debuggable=1 503 start console 504 505# adbd is controlled via property triggers in init.<platform>.usb.rc 506service adbd /sbin/adbd --root_seclabel=u:r:su:s0 507 class core 508 socket adbd stream 660 system system 509 disabled 510 seclabel u:r:adbd:s0 511 512# adbd on at boot in emulator 513on property:ro.kernel.qemu=1 514 start adbd 515 516service lmkd /system/bin/lmkd 517 class core 518 critical 519 socket lmkd seqpacket 0660 system system 520 521service servicemanager /system/bin/servicemanager 522 class core 523 user system 524 group system 525 critical 526 onrestart restart healthd 527 onrestart restart zygote 528 onrestart restart media 529 onrestart restart surfaceflinger 530 onrestart restart drm 531 532service vold /system/bin/vold 533 class core 534 socket vold stream 0660 root mount 535 ioprio be 2 536 537service netd /system/bin/netd 538 class main 539 socket netd stream 0660 root system 540 socket dnsproxyd stream 0660 root inet 541 socket mdns stream 0660 root system 542 socket fwmarkd stream 0660 root inet 543 544service debuggerd /system/bin/debuggerd 545 class main 546 547service debuggerd64 /system/bin/debuggerd64 548 class main 549 550service ril-daemon /system/bin/rild 551 class main 552 socket rild stream 660 root radio 553 socket rild-debug stream 660 radio system 554 user root 555 group radio cache inet misc audio log 556 557service surfaceflinger /system/bin/surfaceflinger 558 class core 559 user system 560 group graphics drmrpc 561 onrestart restart zygote 562 563service drm /system/bin/drmserver 564 class main 565 user drm 566 group drm system inet drmrpc 567 568service media /system/bin/mediaserver 569 class main 570 user media 571 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 572 ioprio rt 4 573 574# One shot invocation to deal with encrypted volume. 575service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 576 disabled 577 oneshot 578 # vold will set vold.decrypt to trigger_restart_framework (default 579 # encryption) or trigger_restart_min_framework (other encryption) 580 581# One shot invocation to encrypt unencrypted volumes 582service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default 583 disabled 584 oneshot 585 # vold will set vold.decrypt to trigger_restart_framework (default 586 # encryption) 587 588service bootanim /system/bin/bootanimation 589 class core 590 user graphics 591 group graphics audio 592 disabled 593 oneshot 594 595service installd /system/bin/installd 596 class main 597 socket installd stream 600 system system 598 599service flash_recovery /system/bin/install-recovery.sh 600 class main 601 seclabel u:r:install_recovery:s0 602 oneshot 603 604service racoon /system/bin/racoon 605 class main 606 socket racoon stream 600 system system 607 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 608 group vpn net_admin inet 609 disabled 610 oneshot 611 612service mtpd /system/bin/mtpd 613 class main 614 socket mtpd stream 600 system system 615 user vpn 616 group vpn net_admin inet net_raw 617 disabled 618 oneshot 619 620service keystore /system/bin/keystore /data/misc/keystore 621 class main 622 user keystore 623 group keystore drmrpc 624 625service dumpstate /system/bin/dumpstate -s 626 class main 627 socket dumpstate stream 0660 shell log 628 disabled 629 oneshot 630 631service mdnsd /system/bin/mdnsd 632 class main 633 user mdnsr 634 group inet net_raw 635 socket mdnsd stream 0660 mdnsr inet 636 disabled 637 oneshot 638 639service pre-recovery /system/bin/uncrypt 640 class main 641 disabled 642 oneshot 643