init.rc revision b46efdb08ef8a700654d28be94b90550b8d90822
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.${ro.zygote}.rc 11import /init.trace.rc 12 13on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_adj -16 16 17 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. 18 write /sys/fs/selinux/checkreqprot 0 19 20 # Set the security context for the init process. 21 # This should occur before anything else (e.g. ueventd) is started. 22 setcon u:r:init:s0 23 24 # Set the security context of /adb_keys if present. 25 restorecon /adb_keys 26 27 start ueventd 28 29 # create mountpoints 30 mkdir /mnt 0775 root system 31 32on init 33 sysclktz 0 34 35 loglevel 3 36 37 # Backward compatibility 38 symlink /system/etc /etc 39 symlink /sys/kernel/debug /d 40 41 # Right now vendor lives on the same filesystem as system, 42 # but someday that may change. 43 symlink /system/vendor /vendor 44 45 # Create cgroup mount point for cpu accounting 46 mkdir /acct 47 mount cgroup none /acct cpuacct 48 mkdir /acct/uid 49 50 # Create cgroup mount point for memory 51 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 52 mkdir /sys/fs/cgroup/memory 0750 root system 53 mount cgroup none /sys/fs/cgroup/memory memory 54 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 55 chown root system /sys/fs/cgroup/memory/tasks 56 chmod 0660 /sys/fs/cgroup/memory/tasks 57 mkdir /sys/fs/cgroup/memory/sw 0750 root system 58 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 59 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 60 chown root system /sys/fs/cgroup/memory/sw/tasks 61 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 62 63 mkdir /system 64 mkdir /data 0771 system system 65 mkdir /cache 0770 system cache 66 mkdir /config 0500 root root 67 68 # See storage config details at http://source.android.com/tech/storage/ 69 mkdir /mnt/shell 0700 shell shell 70 mkdir /mnt/media_rw 0700 media_rw media_rw 71 mkdir /storage 0751 root sdcard_r 72 73 # Directory for putting things only root should see. 74 mkdir /mnt/secure 0700 root root 75 76 # Directory for staging bindmounts 77 mkdir /mnt/secure/staging 0700 root root 78 79 # Directory-target for where the secure container 80 # imagefile directory will be bind-mounted 81 mkdir /mnt/secure/asec 0700 root root 82 83 # Secure container public mount points. 84 mkdir /mnt/asec 0700 root system 85 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 86 87 # Filesystem image public mount points. 88 mkdir /mnt/obb 0700 root system 89 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 90 91 write /proc/sys/kernel/panic_on_oops 1 92 write /proc/sys/kernel/hung_task_timeout_secs 0 93 write /proc/cpu/alignment 4 94 write /proc/sys/kernel/sched_latency_ns 10000000 95 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 96 write /proc/sys/kernel/sched_compat_yield 1 97 write /proc/sys/kernel/sched_child_runs_first 0 98 write /proc/sys/kernel/randomize_va_space 2 99 write /proc/sys/kernel/kptr_restrict 2 100 write /proc/sys/vm/mmap_min_addr 32768 101 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 102 write /proc/sys/net/unix/max_dgram_qlen 300 103 write /proc/sys/kernel/sched_rt_runtime_us 950000 104 write /proc/sys/kernel/sched_rt_period_us 1000000 105 106 # reflect fwmark from incoming packets onto generated replies 107 write /proc/sys/net/ipv4/fwmark_reflect 1 108 write /proc/sys/net/ipv6/fwmark_reflect 1 109 110 # set fwmark on accepted sockets 111 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 112 113 # Create cgroup mount points for process groups 114 mkdir /dev/cpuctl 115 mount cgroup none /dev/cpuctl cpu 116 chown system system /dev/cpuctl 117 chown system system /dev/cpuctl/tasks 118 chmod 0660 /dev/cpuctl/tasks 119 write /dev/cpuctl/cpu.shares 1024 120 write /dev/cpuctl/cpu.rt_runtime_us 950000 121 write /dev/cpuctl/cpu.rt_period_us 1000000 122 123 mkdir /dev/cpuctl/apps 124 chown system system /dev/cpuctl/apps/tasks 125 chmod 0666 /dev/cpuctl/apps/tasks 126 write /dev/cpuctl/apps/cpu.shares 1024 127 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000 128 write /dev/cpuctl/apps/cpu.rt_period_us 1000000 129 130 mkdir /dev/cpuctl/apps/bg_non_interactive 131 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks 132 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks 133 # 5.0 % 134 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52 135 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000 136 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000 137 138 # qtaguid will limit access to specific data based on group memberships. 139 # net_bw_acct grants impersonation of socket owners. 140 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 141 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 142 chown root net_bw_stats /proc/net/xt_qtaguid/stats 143 144 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 145 # This is needed by any process that uses socket tagging. 146 chmod 0644 /dev/xt_qtaguid 147 148 # Create location for fs_mgr to store abbreviated output from filesystem 149 # checker programs. 150 mkdir /dev/fscklogs 0770 root system 151 152 # pstore/ramoops previous console log 153 mount pstore pstore /sys/fs/pstore 154 chown system log /sys/fs/pstore/console-ramoops 155 chmod 0440 /sys/fs/pstore/console-ramoops 156 157# Healthd can trigger a full boot from charger mode by signaling this 158# property when the power button is held. 159on property:sys.boot_from_charger_mode=1 160 class_stop charger 161 trigger late-init 162 163# Load properties from /system/ + /factory after fs mount. 164on load_all_props_action 165 load_all_props 166 167# Mount filesystems and start core system services. 168on late-init 169 trigger early-fs 170 trigger fs 171 trigger post-fs 172 trigger post-fs-data 173 174 # Load properties from /system/ + /factory after fs mount. Place 175 # this in another action so that the load will be scheduled after the prior 176 # issued fs triggers have completed. 177 trigger load_all_props_action 178 179 trigger early-boot 180 trigger boot 181 182on post-fs 183 # once everything is setup, no need to modify / 184 mount rootfs rootfs / ro remount 185 # mount shared so changes propagate into child namespaces 186 mount rootfs rootfs / shared rec 187 188 # We chown/chmod /cache again so because mount is run as root + defaults 189 chown system cache /cache 190 chmod 0770 /cache 191 # We restorecon /cache in case the cache partition has been reset. 192 restorecon /cache 193 194 # This may have been created by the recovery system with odd permissions 195 chown system cache /cache/recovery 196 chmod 0770 /cache/recovery 197 # This may have been created by the recovery system with the wrong context. 198 restorecon /cache/recovery 199 200 #change permissions on vmallocinfo so we can grab it from bugreports 201 chown root log /proc/vmallocinfo 202 chmod 0440 /proc/vmallocinfo 203 204 chown root log /proc/slabinfo 205 chmod 0440 /proc/slabinfo 206 207 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 208 chown root system /proc/kmsg 209 chmod 0440 /proc/kmsg 210 chown root system /proc/sysrq-trigger 211 chmod 0220 /proc/sysrq-trigger 212 chown system log /proc/last_kmsg 213 chmod 0440 /proc/last_kmsg 214 215 # make the selinux kernel policy world-readable 216 chmod 0444 /sys/fs/selinux/policy 217 218 # create the lost+found directories, so as to enforce our permissions 219 mkdir /cache/lost+found 0770 root root 220 221on post-fs-data 222 # We chown/chmod /data again so because mount is run as root + defaults 223 chown system system /data 224 chmod 0771 /data 225 # We restorecon /data in case the userdata partition has been reset. 226 restorecon /data 227 228 # Avoid predictable entropy pool. Carry over entropy from previous boot. 229 copy /data/system/entropy.dat /dev/urandom 230 231 # Create dump dir and collect dumps. 232 # Do this before we mount cache so eventually we can use cache for 233 # storing dumps on platforms which do not have a dedicated dump partition. 234 mkdir /data/dontpanic 0750 root log 235 236 # Collect apanic data, free resources and re-arm trigger 237 copy /proc/apanic_console /data/dontpanic/apanic_console 238 chown root log /data/dontpanic/apanic_console 239 chmod 0640 /data/dontpanic/apanic_console 240 241 copy /proc/apanic_threads /data/dontpanic/apanic_threads 242 chown root log /data/dontpanic/apanic_threads 243 chmod 0640 /data/dontpanic/apanic_threads 244 245 write /proc/apanic_console 1 246 247 # create basic filesystem structure 248 mkdir /data/misc 01771 system misc 249 mkdir /data/misc/adb 02750 system shell 250 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack 251 mkdir /data/misc/bluetooth 0770 system system 252 mkdir /data/misc/keystore 0700 keystore keystore 253 mkdir /data/misc/keychain 0771 system system 254 mkdir /data/misc/net 0750 root shell 255 mkdir /data/misc/radio 0770 system radio 256 mkdir /data/misc/sms 0770 system radio 257 mkdir /data/misc/zoneinfo 0775 system system 258 mkdir /data/misc/vpn 0770 system vpn 259 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 260 mkdir /data/misc/systemkeys 0700 system system 261 mkdir /data/misc/wifi 0770 wifi wifi 262 mkdir /data/misc/wifi/sockets 0770 wifi wifi 263 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 264 mkdir /data/misc/dhcp 0770 dhcp dhcp 265 mkdir /data/misc/user 0771 root root 266 # give system access to wpa_supplicant.conf for backup and restore 267 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 268 mkdir /data/local 0751 root root 269 mkdir /data/misc/media 0700 media media 270 271 # For security reasons, /data/local/tmp should always be empty. 272 # Do not place files or directories in /data/local/tmp 273 mkdir /data/local/tmp 0771 shell shell 274 mkdir /data/data 0771 system system 275 mkdir /data/app-private 0771 system system 276 mkdir /data/app-asec 0700 root root 277 mkdir /data/app-lib 0771 system system 278 mkdir /data/app 0771 system system 279 mkdir /data/property 0700 root root 280 281 # create dalvik-cache, so as to enforce our permissions 282 mkdir /data/dalvik-cache 0771 system system 283 mkdir /data/dalvik-cache/profiles 0711 system system 284 285 # create resource-cache and double-check the perms 286 mkdir /data/resource-cache 0771 system system 287 chown system system /data/resource-cache 288 chmod 0771 /data/resource-cache 289 290 # create the lost+found directories, so as to enforce our permissions 291 mkdir /data/lost+found 0770 root root 292 293 # create directory for DRM plug-ins - give drm the read/write access to 294 # the following directory. 295 mkdir /data/drm 0770 drm drm 296 297 # create directory for MediaDrm plug-ins - give drm the read/write access to 298 # the following directory. 299 mkdir /data/mediadrm 0770 mediadrm mediadrm 300 301 # symlink to bugreport storage location 302 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 303 304 # Separate location for storing security policy files on data 305 mkdir /data/security 0711 system system 306 307 # Reload policy from /data/security if present. 308 setprop selinux.reload_policy 1 309 310 # Set SELinux security contexts on upgrade or policy update. 311 restorecon_recursive /data 312 313 # If there is no fs-post-data action in the init.<device>.rc file, you 314 # must uncomment this line, otherwise encrypted filesystems 315 # won't work. 316 # Set indication (checked by vold) that we have finished this action 317 #setprop vold.post_fs_data_done 1 318 319on boot 320 # basic network init 321 ifup lo 322 hostname localhost 323 domainname localdomain 324 325 # set RLIMIT_NICE to allow priorities from 19 to -20 326 setrlimit 13 40 40 327 328 # Memory management. Basic kernel parameters, and allow the high 329 # level system server to be able to adjust the kernel OOM driver 330 # parameters to match how it is managing things. 331 write /proc/sys/vm/overcommit_memory 1 332 write /proc/sys/vm/min_free_order_shift 4 333 chown root system /sys/module/lowmemorykiller/parameters/adj 334 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 335 chown root system /sys/module/lowmemorykiller/parameters/minfree 336 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 337 338 # Tweak background writeout 339 write /proc/sys/vm/dirty_expire_centisecs 200 340 write /proc/sys/vm/dirty_background_ratio 5 341 342 # Permissions for System Server and daemons. 343 chown radio system /sys/android_power/state 344 chown radio system /sys/android_power/request_state 345 chown radio system /sys/android_power/acquire_full_wake_lock 346 chown radio system /sys/android_power/acquire_partial_wake_lock 347 chown radio system /sys/android_power/release_wake_lock 348 chown system system /sys/power/autosleep 349 chown system system /sys/power/state 350 chown system system /sys/power/wakeup_count 351 chown radio system /sys/power/wake_lock 352 chown radio system /sys/power/wake_unlock 353 chmod 0660 /sys/power/state 354 chmod 0660 /sys/power/wake_lock 355 chmod 0660 /sys/power/wake_unlock 356 357 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 358 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 359 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 360 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 361 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 362 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 363 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 364 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 365 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 366 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 367 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 368 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 369 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 370 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 371 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 372 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 373 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 374 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 375 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 376 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 377 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 378 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 379 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 380 381 # Assume SMP uses shared cpufreq policy for all CPUs 382 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 383 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 384 385 chown system system /sys/class/timed_output/vibrator/enable 386 chown system system /sys/class/leds/keyboard-backlight/brightness 387 chown system system /sys/class/leds/lcd-backlight/brightness 388 chown system system /sys/class/leds/button-backlight/brightness 389 chown system system /sys/class/leds/jogball-backlight/brightness 390 chown system system /sys/class/leds/red/brightness 391 chown system system /sys/class/leds/green/brightness 392 chown system system /sys/class/leds/blue/brightness 393 chown system system /sys/class/leds/red/device/grpfreq 394 chown system system /sys/class/leds/red/device/grppwm 395 chown system system /sys/class/leds/red/device/blink 396 chown system system /sys/class/timed_output/vibrator/enable 397 chown system system /sys/module/sco/parameters/disable_esco 398 chown system system /sys/kernel/ipv4/tcp_wmem_min 399 chown system system /sys/kernel/ipv4/tcp_wmem_def 400 chown system system /sys/kernel/ipv4/tcp_wmem_max 401 chown system system /sys/kernel/ipv4/tcp_rmem_min 402 chown system system /sys/kernel/ipv4/tcp_rmem_def 403 chown system system /sys/kernel/ipv4/tcp_rmem_max 404 chown root radio /proc/cmdline 405 406 # Define TCP buffer sizes for various networks 407 # ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax, 408 setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208 409 setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576 410 setprop net.tcp.buffersize.ethernet 524288,1048576,3145728,524288,1048576,2097152 411 setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576 412 setprop net.tcp.buffersize.umts 58254,349525,1048576,58254,349525,1048576 413 setprop net.tcp.buffersize.hspa 40778,244668,734003,16777,100663,301990 414 setprop net.tcp.buffersize.hsupa 40778,244668,734003,16777,100663,301990 415 setprop net.tcp.buffersize.hsdpa 61167,367002,1101005,8738,52429,262114 416 setprop net.tcp.buffersize.hspap 122334,734003,2202010,32040,192239,576717 417 setprop net.tcp.buffersize.edge 4093,26280,70800,4096,16384,70800 418 setprop net.tcp.buffersize.gprs 4092,8760,48000,4096,8760,48000 419 setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144 420 421 # Define default initial receive window size in segments. 422 setprop net.tcp.default_init_rwnd 60 423 424 class_start core 425 class_start main 426 427on nonencrypted 428 class_start late_start 429 430on property:sys.init_log_level=* 431 loglevel ${sys.init_log_level} 432 433on charger 434 class_start charger 435 436on property:vold.decrypt=trigger_reset_main 437 class_reset main 438 439on property:vold.decrypt=trigger_load_persist_props 440 load_persist_props 441 442on property:vold.decrypt=trigger_post_fs_data 443 trigger post-fs-data 444 445on property:vold.decrypt=trigger_restart_min_framework 446 class_start main 447 448on property:vold.decrypt=trigger_restart_framework 449 class_start main 450 class_start late_start 451 452on property:vold.decrypt=trigger_shutdown_framework 453 class_reset late_start 454 class_reset main 455 456on property:sys.powerctl=* 457 powerctl ${sys.powerctl} 458 459# system server cannot write to /proc/sys files, 460# and chown/chmod does not work for /proc/sys/ entries. 461# So proxy writes through init. 462on property:sys.sysctl.extra_free_kbytes=* 463 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 464 465# "tcp_default_init_rwnd" Is too long! 466on property:sys.sysctl.tcp_def_init_rwnd=* 467 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 468 469 470## Daemon processes to be run by init. 471## 472service ueventd /sbin/ueventd 473 class core 474 critical 475 seclabel u:r:ueventd:s0 476 477service logd /system/bin/logd 478 class core 479 socket logd stream 0666 logd logd 480 socket logdr seqpacket 0666 logd logd 481 socket logdw dgram 0222 logd logd 482 seclabel u:r:logd:s0 483 484service healthd /sbin/healthd 485 class core 486 critical 487 seclabel u:r:healthd:s0 488 489service healthd-charger /sbin/healthd -n 490 class charger 491 critical 492 seclabel u:r:healthd:s0 493 494service console /system/bin/sh 495 class core 496 console 497 disabled 498 user shell 499 group shell log 500 seclabel u:r:shell:s0 501 502on property:ro.debuggable=1 503 start console 504 505# adbd is controlled via property triggers in init.<platform>.usb.rc 506service adbd /sbin/adbd --root_seclabel=u:r:su:s0 507 class core 508 socket adbd stream 660 system system 509 disabled 510 seclabel u:r:adbd:s0 511 512# adbd on at boot in emulator 513on property:ro.kernel.qemu=1 514 start adbd 515 516service servicemanager /system/bin/servicemanager 517 class core 518 user system 519 group system 520 critical 521 onrestart restart healthd 522 onrestart restart zygote 523 onrestart restart media 524 onrestart restart surfaceflinger 525 onrestart restart drm 526 527service vold /system/bin/vold 528 class core 529 socket vold stream 0660 root mount 530 ioprio be 2 531 532service netd /system/bin/netd 533 class main 534 socket netd stream 0660 root system 535 socket dnsproxyd stream 0660 root inet 536 socket mdns stream 0660 root system 537 socket fwmarkd stream 0660 root inet 538 539service debuggerd /system/bin/debuggerd 540 class main 541 542service debuggerd64 /system/bin/debuggerd64 543 class main 544 545service ril-daemon /system/bin/rild 546 class main 547 socket rild stream 660 root radio 548 socket rild-debug stream 660 radio system 549 user root 550 group radio cache inet misc audio log 551 552service surfaceflinger /system/bin/surfaceflinger 553 class main 554 user system 555 group graphics drmrpc 556 onrestart restart zygote 557 558service drm /system/bin/drmserver 559 class main 560 user drm 561 group drm system inet drmrpc 562 563service media /system/bin/mediaserver 564 class main 565 user media 566 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 567 ioprio rt 4 568 569service bootanim /system/bin/bootanimation 570 class main 571 user graphics 572 group graphics 573 disabled 574 oneshot 575 576service installd /system/bin/installd 577 class main 578 socket installd stream 600 system system 579 580service flash_recovery /system/etc/install-recovery.sh 581 class main 582 oneshot 583 584service racoon /system/bin/racoon 585 class main 586 socket racoon stream 600 system system 587 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 588 group vpn net_admin inet 589 disabled 590 oneshot 591 592service mtpd /system/bin/mtpd 593 class main 594 socket mtpd stream 600 system system 595 user vpn 596 group vpn net_admin inet net_raw 597 disabled 598 oneshot 599 600service keystore /system/bin/keystore /data/misc/keystore 601 class main 602 user keystore 603 group keystore drmrpc 604 605service dumpstate /system/bin/dumpstate -s 606 class main 607 socket dumpstate stream 0660 shell log 608 disabled 609 oneshot 610 611service mdnsd /system/bin/mdnsd 612 class main 613 user mdnsr 614 group inet net_raw 615 socket mdnsd stream 0660 mdnsr inet 616 disabled 617 oneshot 618