init.rc revision b37c45e90aa311b4d32a5b21dad5fce93c9761a7
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.${ro.zygote}.rc 11import /init.trace.rc 12 13on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_score_adj -1000 16 17 # Set the security context of /adb_keys if present. 18 restorecon /adb_keys 19 20 start ueventd 21 22on init 23 sysclktz 0 24 25 # Backward compatibility. 26 symlink /system/etc /etc 27 symlink /sys/kernel/debug /d 28 29 # Link /vendor to /system/vendor for devices without a vendor partition. 30 symlink /system/vendor /vendor 31 32 # Create cgroup mount point for cpu accounting 33 mkdir /acct 34 mount cgroup none /acct cpuacct 35 mkdir /acct/uid 36 37 # Create cgroup mount point for memory 38 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 39 mkdir /sys/fs/cgroup/memory 0750 root system 40 mount cgroup none /sys/fs/cgroup/memory memory 41 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 42 chown root system /sys/fs/cgroup/memory/tasks 43 chmod 0660 /sys/fs/cgroup/memory/tasks 44 mkdir /sys/fs/cgroup/memory/sw 0750 root system 45 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 46 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 47 chown root system /sys/fs/cgroup/memory/sw/tasks 48 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 49 50 mkdir /system 51 mkdir /data 0771 system system 52 mkdir /cache 0770 system cache 53 mkdir /config 0500 root root 54 55 # Mount staging areas for devices managed by vold 56 # See storage config details at http://source.android.com/tech/storage/ 57 mkdir /mnt 0755 root system 58 mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000 59 restorecon_recursive /mnt 60 61 mkdir /mnt/secure 0700 root root 62 mkdir /mnt/secure/asec 0700 root root 63 mkdir /mnt/asec 0755 root system 64 mkdir /mnt/obb 0755 root system 65 mkdir /mnt/media_rw 0750 root media_rw 66 mkdir /mnt/user 0755 root root 67 mkdir /mnt/user/0 0755 root root 68 mkdir /mnt/expand 0771 system system 69 70 # sdcard_r is GID 1028 71 mkdir /storage 0751 root sdcard_r 72 mount tmpfs tmpfs /storage mode=0751,uid=0,gid=1028 73 restorecon_recursive /storage 74 75 # Symlink to keep legacy apps working in multi-user world 76 mkdir /storage/self 0751 root sdcard_r 77 symlink /storage/self/primary /sdcard 78 symlink /mnt/user/0/primary /storage/self/primary 79 80 # memory control cgroup 81 mkdir /dev/memcg 0700 root system 82 mount cgroup none /dev/memcg memory 83 84 write /proc/sys/kernel/panic_on_oops 1 85 write /proc/sys/kernel/hung_task_timeout_secs 0 86 write /proc/cpu/alignment 4 87 write /proc/sys/kernel/sched_latency_ns 10000000 88 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 89 write /proc/sys/kernel/sched_compat_yield 1 90 write /proc/sys/kernel/sched_child_runs_first 0 91 write /proc/sys/kernel/randomize_va_space 2 92 write /proc/sys/kernel/kptr_restrict 2 93 write /proc/sys/vm/mmap_min_addr 32768 94 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 95 write /proc/sys/net/unix/max_dgram_qlen 300 96 write /proc/sys/kernel/sched_rt_runtime_us 950000 97 write /proc/sys/kernel/sched_rt_period_us 1000000 98 99 # reflect fwmark from incoming packets onto generated replies 100 write /proc/sys/net/ipv4/fwmark_reflect 1 101 write /proc/sys/net/ipv6/fwmark_reflect 1 102 103 # set fwmark on accepted sockets 104 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 105 106 # disable icmp redirects 107 write /proc/sys/net/ipv4/conf/all/accept_redirects 0 108 write /proc/sys/net/ipv6/conf/all/accept_redirects 0 109 110 # Create cgroup mount points for process groups 111 mkdir /dev/cpuctl 112 mount cgroup none /dev/cpuctl cpu 113 chown system system /dev/cpuctl 114 chown system system /dev/cpuctl/tasks 115 chmod 0666 /dev/cpuctl/tasks 116 write /dev/cpuctl/cpu.shares 1024 117 write /dev/cpuctl/cpu.rt_runtime_us 800000 118 write /dev/cpuctl/cpu.rt_period_us 1000000 119 120 mkdir /dev/cpuctl/bg_non_interactive 121 chown system system /dev/cpuctl/bg_non_interactive/tasks 122 chmod 0666 /dev/cpuctl/bg_non_interactive/tasks 123 # 5.0 % 124 write /dev/cpuctl/bg_non_interactive/cpu.shares 52 125 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000 126 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000 127 128 # qtaguid will limit access to specific data based on group memberships. 129 # net_bw_acct grants impersonation of socket owners. 130 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 131 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 132 chown root net_bw_stats /proc/net/xt_qtaguid/stats 133 134 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 135 # This is needed by any process that uses socket tagging. 136 chmod 0644 /dev/xt_qtaguid 137 138 # Create location for fs_mgr to store abbreviated output from filesystem 139 # checker programs. 140 mkdir /dev/fscklogs 0770 root system 141 142 # pstore/ramoops previous console log 143 mount pstore pstore /sys/fs/pstore 144 chown system log /sys/fs/pstore/console-ramoops 145 chmod 0440 /sys/fs/pstore/console-ramoops 146 chown system log /sys/fs/pstore/pmsg-ramoops-0 147 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 148 149 # enable armv8_deprecated instruction hooks 150 write /proc/sys/abi/swp 1 151 152# Healthd can trigger a full boot from charger mode by signaling this 153# property when the power button is held. 154on property:sys.boot_from_charger_mode=1 155 class_stop charger 156 trigger late-init 157 158# Load properties from /system/ + /factory after fs mount. 159on load_all_props_action 160 load_all_props 161 start logd 162 start logd-reinit 163 164# Indicate to fw loaders that the relevant mounts are up. 165on firmware_mounts_complete 166 rm /dev/.booting 167 168# Mount filesystems and start core system services. 169on late-init 170 trigger early-fs 171 trigger fs 172 trigger post-fs 173 trigger post-fs-data 174 175 # Load properties from /system/ + /factory after fs mount. Place 176 # this in another action so that the load will be scheduled after the prior 177 # issued fs triggers have completed. 178 trigger load_all_props_action 179 180 # Remove a file to wake up anything waiting for firmware. 181 trigger firmware_mounts_complete 182 183 trigger early-boot 184 trigger boot 185 186 187on post-fs 188 start logd 189 # once everything is setup, no need to modify / 190 mount rootfs rootfs / ro remount 191 # mount shared so changes propagate into child namespaces 192 mount rootfs rootfs / shared rec 193 194 # We chown/chmod /cache again so because mount is run as root + defaults 195 chown system cache /cache 196 chmod 0770 /cache 197 # We restorecon /cache in case the cache partition has been reset. 198 restorecon_recursive /cache 199 200 # This may have been created by the recovery system with odd permissions 201 chown system cache /cache/recovery 202 chmod 0770 /cache/recovery 203 204 #change permissions on vmallocinfo so we can grab it from bugreports 205 chown root log /proc/vmallocinfo 206 chmod 0440 /proc/vmallocinfo 207 208 chown root log /proc/slabinfo 209 chmod 0440 /proc/slabinfo 210 211 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 212 chown root system /proc/kmsg 213 chmod 0440 /proc/kmsg 214 chown root system /proc/sysrq-trigger 215 chmod 0220 /proc/sysrq-trigger 216 chown system log /proc/last_kmsg 217 chmod 0440 /proc/last_kmsg 218 219 # make the selinux kernel policy world-readable 220 chmod 0444 /sys/fs/selinux/policy 221 222 # create the lost+found directories, so as to enforce our permissions 223 mkdir /cache/lost+found 0770 root root 224 225on post-fs-data 226 installkey /data 227 228 # We chown/chmod /data again so because mount is run as root + defaults 229 chown system system /data 230 chmod 0771 /data 231 # We restorecon /data in case the userdata partition has been reset. 232 restorecon /data 233 234 # Emulated internal storage area 235 mkdir /data/media 0770 media_rw media_rw 236 237 # Start bootcharting as soon as possible after the data partition is 238 # mounted to collect more data. 239 mkdir /data/bootchart 0755 shell shell 240 bootchart_init 241 242 # Avoid predictable entropy pool. Carry over entropy from previous boot. 243 copy /data/system/entropy.dat /dev/urandom 244 245 # create basic filesystem structure 246 mkdir /data/misc 01771 system misc 247 mkdir /data/misc/adb 02750 system shell 248 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack 249 mkdir /data/misc/bluetooth 0770 system system 250 mkdir /data/misc/keystore 0700 keystore keystore 251 mkdir /data/misc/gatekeeper 0700 system system 252 mkdir /data/misc/keychain 0771 system system 253 mkdir /data/misc/net 0750 root shell 254 mkdir /data/misc/radio 0770 system radio 255 mkdir /data/misc/sms 0770 system radio 256 mkdir /data/misc/zoneinfo 0775 system system 257 mkdir /data/misc/vpn 0770 system vpn 258 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 259 mkdir /data/misc/systemkeys 0700 system system 260 mkdir /data/misc/wifi 0770 wifi wifi 261 mkdir /data/misc/wifi/sockets 0770 wifi wifi 262 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 263 mkdir /data/misc/ethernet 0770 system system 264 mkdir /data/misc/dhcp 0770 dhcp dhcp 265 mkdir /data/misc/user 0771 root root 266 mkdir /data/misc/perfprofd 0775 root root 267 # give system access to wpa_supplicant.conf for backup and restore 268 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 269 mkdir /data/local 0751 root root 270 mkdir /data/misc/media 0700 media media 271 mkdir /data/misc/vold 0700 root root 272 273 # For security reasons, /data/local/tmp should always be empty. 274 # Do not place files or directories in /data/local/tmp 275 mkdir /data/local/tmp 0771 shell shell 276 mkdir /data/data 0771 system system 277 mkdir /data/app-private 0771 system system 278 mkdir /data/app-asec 0700 root root 279 mkdir /data/app-lib 0771 system system 280 mkdir /data/app 0771 system system 281 mkdir /data/property 0700 root root 282 mkdir /data/tombstones 0771 system system 283 284 # create dalvik-cache, so as to enforce our permissions 285 mkdir /data/dalvik-cache 0771 root root 286 mkdir /data/dalvik-cache/profiles 0711 system system 287 288 # create resource-cache and double-check the perms 289 mkdir /data/resource-cache 0771 system system 290 chown system system /data/resource-cache 291 chmod 0771 /data/resource-cache 292 293 # create the lost+found directories, so as to enforce our permissions 294 mkdir /data/lost+found 0770 root root 295 296 # create directory for DRM plug-ins - give drm the read/write access to 297 # the following directory. 298 mkdir /data/drm 0770 drm drm 299 300 # create directory for MediaDrm plug-ins - give drm the read/write access to 301 # the following directory. 302 mkdir /data/mediadrm 0770 mediadrm mediadrm 303 304 mkdir /data/adb 0700 root root 305 306 # symlink to bugreport storage location 307 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 308 309 # Separate location for storing security policy files on data 310 mkdir /data/security 0711 system system 311 312 # Create all remaining /data root dirs so that they are made through init 313 # and get proper encryption policy installed 314 mkdir /data/backup 0700 system system 315 mkdir /data/media 0770 media_rw media_rw 316 mkdir /data/ss 0700 system system 317 mkdir /data/system 0775 system system 318 mkdir /data/system/heapdump 0700 system system 319 mkdir /data/user 0711 system system 320 321 # Reload policy from /data/security if present. 322 setprop selinux.reload_policy 1 323 324 # Set SELinux security contexts on upgrade or policy update. 325 restorecon_recursive /data 326 327 # Check any timezone data in /data is newer than the copy in /system, delete if not. 328 exec u:r:tzdatacheck:s0 system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo 329 330 # If there is no fs-post-data action in the init.<device>.rc file, you 331 # must uncomment this line, otherwise encrypted filesystems 332 # won't work. 333 # Set indication (checked by vold) that we have finished this action 334 #setprop vold.post_fs_data_done 1 335 336on boot 337 # basic network init 338 ifup lo 339 hostname localhost 340 domainname localdomain 341 342 # set RLIMIT_NICE to allow priorities from 19 to -20 343 setrlimit 13 40 40 344 345 # Memory management. Basic kernel parameters, and allow the high 346 # level system server to be able to adjust the kernel OOM driver 347 # parameters to match how it is managing things. 348 write /proc/sys/vm/overcommit_memory 1 349 write /proc/sys/vm/min_free_order_shift 4 350 chown root system /sys/module/lowmemorykiller/parameters/adj 351 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 352 chown root system /sys/module/lowmemorykiller/parameters/minfree 353 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 354 355 # Tweak background writeout 356 write /proc/sys/vm/dirty_expire_centisecs 200 357 write /proc/sys/vm/dirty_background_ratio 5 358 359 # Permissions for System Server and daemons. 360 chown radio system /sys/android_power/state 361 chown radio system /sys/android_power/request_state 362 chown radio system /sys/android_power/acquire_full_wake_lock 363 chown radio system /sys/android_power/acquire_partial_wake_lock 364 chown radio system /sys/android_power/release_wake_lock 365 chown system system /sys/power/autosleep 366 chown system system /sys/power/state 367 chown system system /sys/power/wakeup_count 368 chown radio system /sys/power/wake_lock 369 chown radio system /sys/power/wake_unlock 370 chmod 0660 /sys/power/state 371 chmod 0660 /sys/power/wake_lock 372 chmod 0660 /sys/power/wake_unlock 373 374 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 375 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 376 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 377 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 378 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 379 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 380 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 381 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 382 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 383 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 384 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 385 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 386 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 387 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 388 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 389 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 390 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 391 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 392 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 393 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 394 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 395 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 396 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 397 398 # Assume SMP uses shared cpufreq policy for all CPUs 399 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 400 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 401 402 chown system system /sys/class/timed_output/vibrator/enable 403 chown system system /sys/class/leds/keyboard-backlight/brightness 404 chown system system /sys/class/leds/lcd-backlight/brightness 405 chown system system /sys/class/leds/button-backlight/brightness 406 chown system system /sys/class/leds/jogball-backlight/brightness 407 chown system system /sys/class/leds/red/brightness 408 chown system system /sys/class/leds/green/brightness 409 chown system system /sys/class/leds/blue/brightness 410 chown system system /sys/class/leds/red/device/grpfreq 411 chown system system /sys/class/leds/red/device/grppwm 412 chown system system /sys/class/leds/red/device/blink 413 chown system system /sys/class/timed_output/vibrator/enable 414 chown system system /sys/module/sco/parameters/disable_esco 415 chown system system /sys/kernel/ipv4/tcp_wmem_min 416 chown system system /sys/kernel/ipv4/tcp_wmem_def 417 chown system system /sys/kernel/ipv4/tcp_wmem_max 418 chown system system /sys/kernel/ipv4/tcp_rmem_min 419 chown system system /sys/kernel/ipv4/tcp_rmem_def 420 chown system system /sys/kernel/ipv4/tcp_rmem_max 421 chown root radio /proc/cmdline 422 423 # Define default initial receive window size in segments. 424 setprop net.tcp.default_init_rwnd 60 425 426 class_start core 427 428on nonencrypted 429 class_start main 430 class_start late_start 431 432on property:vold.decrypt=trigger_default_encryption 433 start defaultcrypto 434 435on property:vold.decrypt=trigger_encryption 436 start surfaceflinger 437 start encrypt 438 439on property:sys.init_log_level=* 440 loglevel ${sys.init_log_level} 441 442on charger 443 class_start charger 444 445on property:vold.decrypt=trigger_reset_main 446 class_reset main 447 448on property:vold.decrypt=trigger_load_persist_props 449 load_persist_props 450 start logd 451 start logd-reinit 452 453on property:vold.decrypt=trigger_post_fs_data 454 trigger post-fs-data 455 456on property:vold.decrypt=trigger_restart_min_framework 457 class_start main 458 459on property:vold.decrypt=trigger_restart_framework 460 installkey /data 461 class_start main 462 class_start late_start 463 464on property:vold.decrypt=trigger_shutdown_framework 465 class_reset late_start 466 class_reset main 467 468on property:sys.powerctl=* 469 powerctl ${sys.powerctl} 470 471# system server cannot write to /proc/sys files, 472# and chown/chmod does not work for /proc/sys/ entries. 473# So proxy writes through init. 474on property:sys.sysctl.extra_free_kbytes=* 475 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 476 477# "tcp_default_init_rwnd" Is too long! 478on property:sys.sysctl.tcp_def_init_rwnd=* 479 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 480 481 482## Daemon processes to be run by init. 483## 484service ueventd /sbin/ueventd 485 class core 486 critical 487 seclabel u:r:ueventd:s0 488 489service logd /system/bin/logd 490 class core 491 socket logd stream 0666 logd logd 492 socket logdr seqpacket 0666 logd logd 493 socket logdw dgram 0222 logd logd 494 495service logd-reinit /system/bin/logd --reinit 496 oneshot 497 disabled 498 499service healthd /sbin/healthd 500 class core 501 critical 502 seclabel u:r:healthd:s0 503 504service console /system/bin/sh 505 class core 506 console 507 disabled 508 user shell 509 group shell log 510 seclabel u:r:shell:s0 511 512on property:ro.debuggable=1 513 start console 514 515# adbd is controlled via property triggers in init.<platform>.usb.rc 516service adbd /sbin/adbd --root_seclabel=u:r:su:s0 517 class core 518 socket adbd stream 660 system system 519 disabled 520 seclabel u:r:adbd:s0 521 522# adbd on at boot in emulator 523on property:ro.kernel.qemu=1 524 start adbd 525 526service lmkd /system/bin/lmkd 527 class core 528 critical 529 socket lmkd seqpacket 0660 system system 530 531service servicemanager /system/bin/servicemanager 532 class core 533 user system 534 group system 535 critical 536 onrestart restart healthd 537 onrestart restart zygote 538 onrestart restart media 539 onrestart restart surfaceflinger 540 onrestart restart drm 541 542service vold /system/bin/vold \ 543 --blkid_context=u:r:blkid:s0 --blkid_untrusted_context=u:r:blkid_untrusted:s0 \ 544 --fsck_context=u:r:fsck:s0 --fsck_untrusted_context=u:r:fsck_untrusted:s0 545 class core 546 socket vold stream 0660 root mount 547 ioprio be 2 548 549service netd /system/bin/netd 550 class main 551 socket netd stream 0660 root system 552 socket dnsproxyd stream 0660 root inet 553 socket mdns stream 0660 root system 554 socket fwmarkd stream 0660 root inet 555 556service debuggerd /system/bin/debuggerd 557 class main 558 559service debuggerd64 /system/bin/debuggerd64 560 class main 561 562service ril-daemon /system/bin/rild 563 class main 564 socket rild stream 660 root radio 565 socket sap_uim_socket1 stream 660 bluetooth bluetooth 566 socket rild-debug stream 660 radio system 567 user root 568 group radio cache inet misc audio log 569 570service surfaceflinger /system/bin/surfaceflinger 571 class core 572 user system 573 group graphics drmrpc 574 onrestart restart zygote 575 576service drm /system/bin/drmserver 577 class main 578 user drm 579 group drm system inet drmrpc 580 581service media /system/bin/mediaserver 582 class main 583 user media 584 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 585 ioprio rt 4 586 587# One shot invocation to deal with encrypted volume. 588service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 589 disabled 590 oneshot 591 # vold will set vold.decrypt to trigger_restart_framework (default 592 # encryption) or trigger_restart_min_framework (other encryption) 593 594# One shot invocation to encrypt unencrypted volumes 595service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default 596 disabled 597 oneshot 598 # vold will set vold.decrypt to trigger_restart_framework (default 599 # encryption) 600 601service bootanim /system/bin/bootanimation 602 class core 603 user graphics 604 group graphics audio 605 disabled 606 oneshot 607 608service gatekeeperd /system/bin/gatekeeperd /data/misc/gatekeeper 609 class main 610 user system 611 612service installd /system/bin/installd 613 class main 614 socket installd stream 600 system system 615 616service flash_recovery /system/bin/install-recovery.sh 617 class main 618 oneshot 619 620service racoon /system/bin/racoon 621 class main 622 socket racoon stream 600 system system 623 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 624 group vpn net_admin inet 625 disabled 626 oneshot 627 628service mtpd /system/bin/mtpd 629 class main 630 socket mtpd stream 600 system system 631 user vpn 632 group vpn net_admin inet net_raw 633 disabled 634 oneshot 635 636service keystore /system/bin/keystore /data/misc/keystore 637 class main 638 user keystore 639 group keystore drmrpc 640 641service dumpstate /system/bin/dumpstate -s 642 class main 643 socket dumpstate stream 0660 shell log 644 disabled 645 oneshot 646 647service mdnsd /system/bin/mdnsd 648 class main 649 user mdnsr 650 group inet net_raw 651 socket mdnsd stream 0660 mdnsr inet 652 disabled 653 oneshot 654 655service pre-recovery /system/bin/uncrypt 656 class main 657 disabled 658 oneshot 659 660service perfprofd /system/xbin/perfprofd 661 class late_start 662 user root 663 oneshot 664