init.rc revision 8175bb235277f637faf30138b30e97e07fb85b8e
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.${ro.zygote}.rc 11import /init.trace.rc 12 13on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_score_adj -1000 16 17 # Set the security context of /adb_keys if present. 18 restorecon /adb_keys 19 20 start ueventd 21 22on init 23 sysclktz 0 24 25 # Backward compatibility. 26 symlink /system/etc /etc 27 symlink /sys/kernel/debug /d 28 29 # Link /vendor to /system/vendor for devices without a vendor partition. 30 symlink /system/vendor /vendor 31 32 # Create cgroup mount point for cpu accounting 33 mkdir /acct 34 mount cgroup none /acct cpuacct 35 mkdir /acct/uid 36 37 # Create cgroup mount point for memory 38 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 39 mkdir /sys/fs/cgroup/memory 0750 root system 40 mount cgroup none /sys/fs/cgroup/memory memory 41 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 42 chown root system /sys/fs/cgroup/memory/tasks 43 chmod 0660 /sys/fs/cgroup/memory/tasks 44 mkdir /sys/fs/cgroup/memory/sw 0750 root system 45 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 46 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 47 chown root system /sys/fs/cgroup/memory/sw/tasks 48 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 49 50 mkdir /system 51 mkdir /data 0771 system system 52 mkdir /cache 0770 system cache 53 mkdir /config 0500 root root 54 55 # Mount staging areas for devices managed by vold 56 # See storage config details at http://source.android.com/tech/storage/ 57 mkdir /mnt 0755 root system 58 mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000 59 restorecon_recursive /mnt 60 61 mkdir /mnt/secure 0700 root root 62 mkdir /mnt/secure/asec 0700 root root 63 mkdir /mnt/asec 0755 root system 64 mkdir /mnt/obb 0755 root system 65 mkdir /mnt/media_rw 0750 root media_rw 66 mkdir /mnt/user 0755 root root 67 mkdir /mnt/user/0 0755 root root 68 mkdir /mnt/expand 0771 system system 69 70 # sdcard_r is GID 1028 71 mkdir /storage 0751 root sdcard_r 72 mount tmpfs tmpfs /storage mode=0751,uid=0,gid=1028 73 restorecon_recursive /storage 74 75 # Symlink to keep legacy apps working in multi-user world 76 mkdir /storage/self 0751 root sdcard_r 77 symlink /storage/self/primary /sdcard 78 symlink /mnt/user/0/primary /storage/self/primary 79 80 # memory control cgroup 81 mkdir /dev/memcg 0700 root system 82 mount cgroup none /dev/memcg memory 83 84 write /proc/sys/kernel/panic_on_oops 1 85 write /proc/sys/kernel/hung_task_timeout_secs 0 86 write /proc/cpu/alignment 4 87 write /proc/sys/kernel/sched_latency_ns 10000000 88 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 89 write /proc/sys/kernel/sched_compat_yield 1 90 write /proc/sys/kernel/sched_child_runs_first 0 91 write /proc/sys/kernel/randomize_va_space 2 92 write /proc/sys/kernel/kptr_restrict 2 93 write /proc/sys/vm/mmap_min_addr 32768 94 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 95 write /proc/sys/net/unix/max_dgram_qlen 300 96 write /proc/sys/kernel/sched_rt_runtime_us 950000 97 write /proc/sys/kernel/sched_rt_period_us 1000000 98 99 # reflect fwmark from incoming packets onto generated replies 100 write /proc/sys/net/ipv4/fwmark_reflect 1 101 write /proc/sys/net/ipv6/fwmark_reflect 1 102 103 # set fwmark on accepted sockets 104 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 105 106 # disable icmp redirects 107 write /proc/sys/net/ipv4/conf/all/accept_redirects 0 108 write /proc/sys/net/ipv6/conf/all/accept_redirects 0 109 110 # Create cgroup mount points for process groups 111 mkdir /dev/cpuctl 112 mount cgroup none /dev/cpuctl cpu 113 chown system system /dev/cpuctl 114 chown system system /dev/cpuctl/tasks 115 chmod 0666 /dev/cpuctl/tasks 116 write /dev/cpuctl/cpu.shares 1024 117 write /dev/cpuctl/cpu.rt_runtime_us 800000 118 write /dev/cpuctl/cpu.rt_period_us 1000000 119 120 mkdir /dev/cpuctl/bg_non_interactive 121 chown system system /dev/cpuctl/bg_non_interactive/tasks 122 chmod 0666 /dev/cpuctl/bg_non_interactive/tasks 123 # 5.0 % 124 write /dev/cpuctl/bg_non_interactive/cpu.shares 52 125 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000 126 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000 127 128 # sets up initial cpusets for ActivityManager 129 mkdir /dev/cpuset 130 mount cpuset none /dev/cpuset 131 mkdir /dev/cpuset/foreground 132 mkdir /dev/cpuset/background 133 # this ensures that the cpusets are present and usable, but the device's 134 # init.rc must actually set the correct cpus 135 write /dev/cpuset/foreground/cpus 0 136 write /dev/cpuset/background/cpus 0 137 write /dev/cpuset/foreground/mems 0 138 write /dev/cpuset/background/mems 0 139 chown system system /dev/cpuset 140 chown system system /dev/cpuset/foreground 141 chown system system /dev/cpuset/background 142 chown system system /dev/cpuset/tasks 143 chown system system /dev/cpuset/foreground/tasks 144 chown system system /dev/cpuset/background/tasks 145 chmod 0644 /dev/cpuset/foreground/tasks 146 chmod 0644 /dev/cpuset/background/tasks 147 chmod 0644 /dev/cpuset/tasks 148 149 150 # qtaguid will limit access to specific data based on group memberships. 151 # net_bw_acct grants impersonation of socket owners. 152 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 153 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 154 chown root net_bw_stats /proc/net/xt_qtaguid/stats 155 156 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 157 # This is needed by any process that uses socket tagging. 158 chmod 0644 /dev/xt_qtaguid 159 160 # Create location for fs_mgr to store abbreviated output from filesystem 161 # checker programs. 162 mkdir /dev/fscklogs 0770 root system 163 164 # pstore/ramoops previous console log 165 mount pstore pstore /sys/fs/pstore 166 chown system log /sys/fs/pstore/console-ramoops 167 chmod 0440 /sys/fs/pstore/console-ramoops 168 chown system log /sys/fs/pstore/pmsg-ramoops-0 169 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 170 171 # enable armv8_deprecated instruction hooks 172 write /proc/sys/abi/swp 1 173 174# Healthd can trigger a full boot from charger mode by signaling this 175# property when the power button is held. 176on property:sys.boot_from_charger_mode=1 177 class_stop charger 178 trigger late-init 179 180# Load properties from /system/ + /factory after fs mount. 181on load_all_props_action 182 load_all_props 183 start logd 184 start logd-reinit 185 186# Indicate to fw loaders that the relevant mounts are up. 187on firmware_mounts_complete 188 rm /dev/.booting 189 190# Mount filesystems and start core system services. 191on late-init 192 trigger early-fs 193 trigger fs 194 trigger post-fs 195 trigger post-fs-data 196 197 # Load properties from /system/ + /factory after fs mount. Place 198 # this in another action so that the load will be scheduled after the prior 199 # issued fs triggers have completed. 200 trigger load_all_props_action 201 202 # Remove a file to wake up anything waiting for firmware. 203 trigger firmware_mounts_complete 204 205 trigger early-boot 206 trigger boot 207 208 209on post-fs 210 start logd 211 # once everything is setup, no need to modify / 212 mount rootfs rootfs / ro remount 213 # mount shared so changes propagate into child namespaces 214 mount rootfs rootfs / shared rec 215 216 # We chown/chmod /cache again so because mount is run as root + defaults 217 chown system cache /cache 218 chmod 0770 /cache 219 # We restorecon /cache in case the cache partition has been reset. 220 restorecon_recursive /cache 221 222 # Create /cache/recovery in case it's not there. It'll also fix the odd 223 # permissions if created by the recovery system. 224 mkdir /cache/recovery 0770 system cache 225 226 #change permissions on vmallocinfo so we can grab it from bugreports 227 chown root log /proc/vmallocinfo 228 chmod 0440 /proc/vmallocinfo 229 230 chown root log /proc/slabinfo 231 chmod 0440 /proc/slabinfo 232 233 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 234 chown root system /proc/kmsg 235 chmod 0440 /proc/kmsg 236 chown root system /proc/sysrq-trigger 237 chmod 0220 /proc/sysrq-trigger 238 chown system log /proc/last_kmsg 239 chmod 0440 /proc/last_kmsg 240 241 # make the selinux kernel policy world-readable 242 chmod 0444 /sys/fs/selinux/policy 243 244 # create the lost+found directories, so as to enforce our permissions 245 mkdir /cache/lost+found 0770 root root 246 247on post-fs-data 248 # We chown/chmod /data again so because mount is run as root + defaults 249 chown system system /data 250 chmod 0771 /data 251 # We restorecon /data in case the userdata partition has been reset. 252 restorecon /data 253 254 # Emulated internal storage area 255 mkdir /data/media 0770 media_rw media_rw 256 257 # Make sure we have the device encryption key 258 start logd 259 start vold 260 installkey /data 261 262 # Start bootcharting as soon as possible after the data partition is 263 # mounted to collect more data. 264 mkdir /data/bootchart 0755 shell shell 265 bootchart_init 266 267 # Avoid predictable entropy pool. Carry over entropy from previous boot. 268 copy /data/system/entropy.dat /dev/urandom 269 270 # create basic filesystem structure 271 mkdir /data/misc 01771 system misc 272 mkdir /data/misc/adb 02750 system shell 273 mkdir /data/misc/bluedroid 02770 bluetooth net_bt_stack 274 # Fix the access permissions and group ownership for 'bt_config.conf' 275 chmod 0660 /data/misc/bluedroid/bt_config.conf 276 chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf 277 mkdir /data/misc/bluetooth 0770 system system 278 mkdir /data/misc/keystore 0700 keystore keystore 279 mkdir /data/misc/gatekeeper 0700 system system 280 mkdir /data/misc/keychain 0771 system system 281 mkdir /data/misc/net 0750 root shell 282 mkdir /data/misc/radio 0770 system radio 283 mkdir /data/misc/sms 0770 system radio 284 mkdir /data/misc/zoneinfo 0775 system system 285 mkdir /data/misc/vpn 0770 system vpn 286 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 287 mkdir /data/misc/systemkeys 0700 system system 288 mkdir /data/misc/wifi 0770 wifi wifi 289 mkdir /data/misc/wifi/sockets 0770 wifi wifi 290 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 291 mkdir /data/misc/ethernet 0770 system system 292 mkdir /data/misc/dhcp 0770 dhcp dhcp 293 mkdir /data/misc/user 0771 root root 294 mkdir /data/misc/perfprofd 0775 root root 295 # give system access to wpa_supplicant.conf for backup and restore 296 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 297 mkdir /data/local 0751 root root 298 mkdir /data/misc/media 0700 media media 299 mkdir /data/misc/vold 0700 root root 300 301 # For security reasons, /data/local/tmp should always be empty. 302 # Do not place files or directories in /data/local/tmp 303 mkdir /data/local/tmp 0771 shell shell 304 mkdir /data/data 0771 system system 305 mkdir /data/app-private 0771 system system 306 mkdir /data/app-asec 0700 root root 307 mkdir /data/app-lib 0771 system system 308 mkdir /data/app 0771 system system 309 mkdir /data/property 0700 root root 310 mkdir /data/tombstones 0771 system system 311 312 # create dalvik-cache, so as to enforce our permissions 313 mkdir /data/dalvik-cache 0771 root root 314 mkdir /data/dalvik-cache/profiles 0711 system system 315 316 # create resource-cache and double-check the perms 317 mkdir /data/resource-cache 0771 system system 318 chown system system /data/resource-cache 319 chmod 0771 /data/resource-cache 320 321 # create the lost+found directories, so as to enforce our permissions 322 mkdir /data/lost+found 0770 root root 323 324 # create directory for DRM plug-ins - give drm the read/write access to 325 # the following directory. 326 mkdir /data/drm 0770 drm drm 327 328 # create directory for MediaDrm plug-ins - give drm the read/write access to 329 # the following directory. 330 mkdir /data/mediadrm 0770 mediadrm mediadrm 331 332 mkdir /data/adb 0700 root root 333 334 # symlink to bugreport storage location 335 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 336 337 # Separate location for storing security policy files on data 338 mkdir /data/security 0711 system system 339 340 # Create all remaining /data root dirs so that they are made through init 341 # and get proper encryption policy installed 342 mkdir /data/backup 0700 system system 343 mkdir /data/media 0770 media_rw media_rw 344 mkdir /data/ss 0700 system system 345 mkdir /data/system 0775 system system 346 mkdir /data/system/heapdump 0700 system system 347 mkdir /data/user 0711 system system 348 349 # Reload policy from /data/security if present. 350 setprop selinux.reload_policy 1 351 352 # Set SELinux security contexts on upgrade or policy update. 353 restorecon_recursive /data 354 355 # Check any timezone data in /data is newer than the copy in /system, delete if not. 356 exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo 357 358 # If there is no fs-post-data action in the init.<device>.rc file, you 359 # must uncomment this line, otherwise encrypted filesystems 360 # won't work. 361 # Set indication (checked by vold) that we have finished this action 362 #setprop vold.post_fs_data_done 1 363 364on boot 365 # basic network init 366 ifup lo 367 hostname localhost 368 domainname localdomain 369 370 # set RLIMIT_NICE to allow priorities from 19 to -20 371 setrlimit 13 40 40 372 373 # Memory management. Basic kernel parameters, and allow the high 374 # level system server to be able to adjust the kernel OOM driver 375 # parameters to match how it is managing things. 376 write /proc/sys/vm/overcommit_memory 1 377 write /proc/sys/vm/min_free_order_shift 4 378 chown root system /sys/module/lowmemorykiller/parameters/adj 379 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 380 chown root system /sys/module/lowmemorykiller/parameters/minfree 381 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 382 383 # Tweak background writeout 384 write /proc/sys/vm/dirty_expire_centisecs 200 385 write /proc/sys/vm/dirty_background_ratio 5 386 387 # Permissions for System Server and daemons. 388 chown radio system /sys/android_power/state 389 chown radio system /sys/android_power/request_state 390 chown radio system /sys/android_power/acquire_full_wake_lock 391 chown radio system /sys/android_power/acquire_partial_wake_lock 392 chown radio system /sys/android_power/release_wake_lock 393 chown system system /sys/power/autosleep 394 chown system system /sys/power/state 395 chown system system /sys/power/wakeup_count 396 chown radio system /sys/power/wake_lock 397 chown radio system /sys/power/wake_unlock 398 chmod 0660 /sys/power/state 399 chmod 0660 /sys/power/wake_lock 400 chmod 0660 /sys/power/wake_unlock 401 402 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 403 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 404 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 405 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 406 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 407 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 408 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 409 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 410 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 411 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 412 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 413 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 414 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 415 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 416 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 417 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 418 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 419 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 420 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 421 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 422 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 423 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 424 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 425 426 # Assume SMP uses shared cpufreq policy for all CPUs 427 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 428 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 429 430 chown system system /sys/class/timed_output/vibrator/enable 431 chown system system /sys/class/leds/keyboard-backlight/brightness 432 chown system system /sys/class/leds/lcd-backlight/brightness 433 chown system system /sys/class/leds/button-backlight/brightness 434 chown system system /sys/class/leds/jogball-backlight/brightness 435 chown system system /sys/class/leds/red/brightness 436 chown system system /sys/class/leds/green/brightness 437 chown system system /sys/class/leds/blue/brightness 438 chown system system /sys/class/leds/red/device/grpfreq 439 chown system system /sys/class/leds/red/device/grppwm 440 chown system system /sys/class/leds/red/device/blink 441 chown system system /sys/class/timed_output/vibrator/enable 442 chown system system /sys/module/sco/parameters/disable_esco 443 chown system system /sys/kernel/ipv4/tcp_wmem_min 444 chown system system /sys/kernel/ipv4/tcp_wmem_def 445 chown system system /sys/kernel/ipv4/tcp_wmem_max 446 chown system system /sys/kernel/ipv4/tcp_rmem_min 447 chown system system /sys/kernel/ipv4/tcp_rmem_def 448 chown system system /sys/kernel/ipv4/tcp_rmem_max 449 chown root radio /proc/cmdline 450 451 # Define default initial receive window size in segments. 452 setprop net.tcp.default_init_rwnd 60 453 454 class_start core 455 456on nonencrypted 457 class_start main 458 class_start late_start 459 460on property:vold.decrypt=trigger_default_encryption 461 start defaultcrypto 462 463on property:vold.decrypt=trigger_encryption 464 start surfaceflinger 465 start encrypt 466 467on property:sys.init_log_level=* 468 loglevel ${sys.init_log_level} 469 470on charger 471 class_start charger 472 473on property:vold.decrypt=trigger_reset_main 474 class_reset main 475 476on property:vold.decrypt=trigger_load_persist_props 477 load_persist_props 478 start logd 479 start logd-reinit 480 481on property:vold.decrypt=trigger_post_fs_data 482 trigger post-fs-data 483 484on property:vold.decrypt=trigger_restart_min_framework 485 class_start main 486 487on property:vold.decrypt=trigger_restart_framework 488 class_start main 489 class_start late_start 490 491on property:vold.decrypt=trigger_shutdown_framework 492 class_reset late_start 493 class_reset main 494 495on property:sys.powerctl=* 496 powerctl ${sys.powerctl} 497 498# system server cannot write to /proc/sys files, 499# and chown/chmod does not work for /proc/sys/ entries. 500# So proxy writes through init. 501on property:sys.sysctl.extra_free_kbytes=* 502 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 503 504# "tcp_default_init_rwnd" Is too long! 505on property:sys.sysctl.tcp_def_init_rwnd=* 506 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 507 508 509## Daemon processes to be run by init. 510## 511service ueventd /sbin/ueventd 512 class core 513 critical 514 seclabel u:r:ueventd:s0 515 516service logd /system/bin/logd 517 class core 518 socket logd stream 0666 logd logd 519 socket logdr seqpacket 0666 logd logd 520 socket logdw dgram 0222 logd logd 521 522service logd-reinit /system/bin/logd --reinit 523 oneshot 524 disabled 525 526service healthd /sbin/healthd 527 class core 528 critical 529 seclabel u:r:healthd:s0 530 531service console /system/bin/sh 532 class core 533 console 534 disabled 535 user shell 536 group shell log 537 seclabel u:r:shell:s0 538 539on property:ro.debuggable=1 540 start console 541 542# adbd is controlled via property triggers in init.<platform>.usb.rc 543service adbd /sbin/adbd --root_seclabel=u:r:su:s0 544 class core 545 socket adbd stream 660 system system 546 disabled 547 seclabel u:r:adbd:s0 548 549# adbd on at boot in emulator 550on property:ro.kernel.qemu=1 551 start adbd 552 553service lmkd /system/bin/lmkd 554 class core 555 critical 556 socket lmkd seqpacket 0660 system system 557 558service servicemanager /system/bin/servicemanager 559 class core 560 user system 561 group system 562 critical 563 onrestart restart healthd 564 onrestart restart zygote 565 onrestart restart media 566 onrestart restart surfaceflinger 567 onrestart restart drm 568 569service vold /system/bin/vold \ 570 --blkid_context=u:r:blkid:s0 --blkid_untrusted_context=u:r:blkid_untrusted:s0 \ 571 --fsck_context=u:r:fsck:s0 --fsck_untrusted_context=u:r:fsck_untrusted:s0 572 class core 573 socket vold stream 0660 root mount 574 socket cryptd stream 0660 root mount 575 ioprio be 2 576 577service netd /system/bin/netd 578 class main 579 socket netd stream 0660 root system 580 socket dnsproxyd stream 0660 root inet 581 socket mdns stream 0660 root system 582 socket fwmarkd stream 0660 root inet 583 584service debuggerd /system/bin/debuggerd 585 class main 586 587service debuggerd64 /system/bin/debuggerd64 588 class main 589 590service ril-daemon /system/bin/rild 591 class main 592 socket rild stream 660 root radio 593 socket sap_uim_socket1 stream 660 bluetooth bluetooth 594 socket rild-debug stream 660 radio system 595 user root 596 group radio cache inet misc audio log 597 598service surfaceflinger /system/bin/surfaceflinger 599 class core 600 user system 601 group graphics drmrpc 602 onrestart restart zygote 603 604service drm /system/bin/drmserver 605 class main 606 user drm 607 group drm system inet drmrpc 608 609service media /system/bin/mediaserver 610 class main 611 user media 612 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 613 ioprio rt 4 614 615# One shot invocation to deal with encrypted volume. 616service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 617 disabled 618 oneshot 619 # vold will set vold.decrypt to trigger_restart_framework (default 620 # encryption) or trigger_restart_min_framework (other encryption) 621 622# One shot invocation to encrypt unencrypted volumes 623service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default 624 disabled 625 oneshot 626 # vold will set vold.decrypt to trigger_restart_framework (default 627 # encryption) 628 629service bootanim /system/bin/bootanimation 630 class core 631 user graphics 632 group graphics audio 633 disabled 634 oneshot 635 636service gatekeeperd /system/bin/gatekeeperd /data/misc/gatekeeper 637 class main 638 user system 639 640service installd /system/bin/installd 641 class main 642 socket installd stream 600 system system 643 644service flash_recovery /system/bin/install-recovery.sh 645 class main 646 oneshot 647 648service racoon /system/bin/racoon 649 class main 650 socket racoon stream 600 system system 651 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 652 group vpn net_admin inet 653 disabled 654 oneshot 655 656service mtpd /system/bin/mtpd 657 class main 658 socket mtpd stream 600 system system 659 user vpn 660 group vpn net_admin inet net_raw 661 disabled 662 oneshot 663 664service keystore /system/bin/keystore /data/misc/keystore 665 class main 666 user keystore 667 group keystore drmrpc 668 669service dumpstate /system/bin/dumpstate -s 670 class main 671 socket dumpstate stream 0660 shell log 672 disabled 673 oneshot 674 675service mdnsd /system/bin/mdnsd 676 class main 677 user mdnsr 678 group inet net_raw 679 socket mdnsd stream 0660 mdnsr inet 680 disabled 681 oneshot 682 683service uncrypt /system/bin/uncrypt 684 class main 685 disabled 686 oneshot 687 688service pre-recovery /system/bin/uncrypt --reboot 689 class main 690 disabled 691 oneshot 692 693service perfprofd /system/xbin/perfprofd 694 class late_start 695 user root 696 oneshot 697 698on property:persist.logd.logpersistd=logcatd 699 # all exec/services are called with umask(077), so no gain beyond 0700 700 mkdir /data/misc/logd 0700 logd log 701 # logd for write to /data/misc/logd, log group for read from pstore (-L) 702 exec - logd log -- /system/bin/logcat -L -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256 703 start logcatd 704 705service logcatd /system/bin/logcat -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256 706 class late_start 707 disabled 708 # logd for write to /data/misc/logd, log group for read from log daemon 709 user logd 710 group log 711