init.rc revision d6544d2a405df4c6e1fb517b1038a3640ae5f095 
1# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7import /init.environ.rc
8import /init.usb.rc
9import /init.${ro.hardware}.rc
10import /init.${ro.zygote}.rc
11import /init.trace.rc
12
13on early-init
14    # Set init and its forked children's oom_adj.
15    write /proc/1/oom_score_adj -1000
16
17    # Set the security context of /adb_keys if present.
18    restorecon /adb_keys
19
20    start ueventd
21
22    # create mountpoints
23    mkdir /mnt 0775 root system
24
25on init
26    sysclktz 0
27
28    # Backward compatibility.
29    symlink /system/etc /etc
30    symlink /sys/kernel/debug /d
31
32    # Link /vendor to /system/vendor for devices without a vendor partition.
33    symlink /system/vendor /vendor
34
35    # Create cgroup mount point for cpu accounting
36    mkdir /acct
37    mount cgroup none /acct cpuacct
38    mkdir /acct/uid
39
40    # Create cgroup mount point for memory
41    mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
42    mkdir /sys/fs/cgroup/memory 0750 root system
43    mount cgroup none /sys/fs/cgroup/memory memory
44    write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
45    chown root system /sys/fs/cgroup/memory/tasks
46    chmod 0660 /sys/fs/cgroup/memory/tasks
47    mkdir /sys/fs/cgroup/memory/sw 0750 root system
48    write /sys/fs/cgroup/memory/sw/memory.swappiness 100
49    write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
50    chown root system /sys/fs/cgroup/memory/sw/tasks
51    chmod 0660 /sys/fs/cgroup/memory/sw/tasks
52
53    mkdir /system
54    mkdir /data 0771 system system
55    mkdir /cache 0770 system cache
56    mkdir /config 0500 root root
57
58    # See storage config details at http://source.android.com/tech/storage/
59    mkdir /mnt/shell 0700 shell shell
60    mkdir /mnt/media_rw 0700 media_rw media_rw
61    mkdir /storage 0751 root sdcard_r
62
63    # Directory for putting things only root should see.
64    mkdir /mnt/secure 0700 root root
65
66    # Directory for staging bindmounts
67    mkdir /mnt/secure/staging 0700 root root
68
69    # Directory-target for where the secure container
70    # imagefile directory will be bind-mounted
71    mkdir /mnt/secure/asec  0700 root root
72
73    # Secure container public mount points.
74    mkdir /mnt/asec  0700 root system
75    mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
76
77    # Filesystem image public mount points.
78    mkdir /mnt/obb 0700 root system
79    mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
80
81    # memory control cgroup
82    mkdir /dev/memcg 0700 root system
83    mount cgroup none /dev/memcg memory
84
85    write /proc/sys/kernel/panic_on_oops 1
86    write /proc/sys/kernel/hung_task_timeout_secs 0
87    write /proc/cpu/alignment 4
88    write /proc/sys/kernel/sched_latency_ns 10000000
89    write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
90    write /proc/sys/kernel/sched_compat_yield 1
91    write /proc/sys/kernel/sched_child_runs_first 0
92    write /proc/sys/kernel/randomize_va_space 2
93    write /proc/sys/kernel/kptr_restrict 2
94    write /proc/sys/vm/mmap_min_addr 32768
95    write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
96    write /proc/sys/net/unix/max_dgram_qlen 300
97    write /proc/sys/kernel/sched_rt_runtime_us 950000
98    write /proc/sys/kernel/sched_rt_period_us 1000000
99
100    # reflect fwmark from incoming packets onto generated replies
101    write /proc/sys/net/ipv4/fwmark_reflect 1
102    write /proc/sys/net/ipv6/fwmark_reflect 1
103
104    # set fwmark on accepted sockets
105    write /proc/sys/net/ipv4/tcp_fwmark_accept 1
106
107    # Create cgroup mount points for process groups
108    mkdir /dev/cpuctl
109    mount cgroup none /dev/cpuctl cpu
110    chown system system /dev/cpuctl
111    chown system system /dev/cpuctl/tasks
112    chmod 0666 /dev/cpuctl/tasks
113    write /dev/cpuctl/cpu.shares 1024
114    write /dev/cpuctl/cpu.rt_runtime_us 800000
115    write /dev/cpuctl/cpu.rt_period_us 1000000
116
117    mkdir /dev/cpuctl/bg_non_interactive
118    chown system system /dev/cpuctl/bg_non_interactive/tasks
119    chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
120    # 5.0 %
121    write /dev/cpuctl/bg_non_interactive/cpu.shares 52
122    write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
123    write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
124
125    # qtaguid will limit access to specific data based on group memberships.
126    #   net_bw_acct grants impersonation of socket owners.
127    #   net_bw_stats grants access to other apps' detailed tagged-socket stats.
128    chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
129    chown root net_bw_stats /proc/net/xt_qtaguid/stats
130
131    # Allow everybody to read the xt_qtaguid resource tracking misc dev.
132    # This is needed by any process that uses socket tagging.
133    chmod 0644 /dev/xt_qtaguid
134
135    # Create location for fs_mgr to store abbreviated output from filesystem
136    # checker programs.
137    mkdir /dev/fscklogs 0770 root system
138
139    # pstore/ramoops previous console log
140    mount pstore pstore /sys/fs/pstore
141    chown system log /sys/fs/pstore/console-ramoops
142    chmod 0440 /sys/fs/pstore/console-ramoops
143    chown system log /sys/fs/pstore/pmsg-ramoops-0
144    chmod 0440 /sys/fs/pstore/pmsg-ramoops-0
145
146    # enable armv8_deprecated instruction hooks
147    write /proc/sys/abi/swp 1
148
149# Healthd can trigger a full boot from charger mode by signaling this
150# property when the power button is held.
151on property:sys.boot_from_charger_mode=1
152    class_stop charger
153    trigger late-init
154
155# Load properties from /system/ + /factory after fs mount.
156on load_all_props_action
157    load_all_props
158    start logd
159    start logd-reinit
160
161# Indicate to fw loaders that the relevant mounts are up.
162on firmware_mounts_complete
163    rm /dev/.booting
164
165# Mount filesystems and start core system services.
166on late-init
167    trigger early-fs
168    trigger fs
169    trigger post-fs
170    trigger post-fs-data
171
172    # Load properties from /system/ + /factory after fs mount. Place
173    # this in another action so that the load will be scheduled after the prior
174    # issued fs triggers have completed.
175    trigger load_all_props_action
176
177    # Remove a file to wake up anything waiting for firmware.
178    trigger firmware_mounts_complete
179
180    trigger early-boot
181    trigger boot
182
183
184on post-fs
185    start logd
186    # once everything is setup, no need to modify /
187    mount rootfs rootfs / ro remount
188    # mount shared so changes propagate into child namespaces
189    mount rootfs rootfs / shared rec
190
191    # We chown/chmod /cache again so because mount is run as root + defaults
192    chown system cache /cache
193    chmod 0770 /cache
194    # We restorecon /cache in case the cache partition has been reset.
195    restorecon_recursive /cache
196
197    # This may have been created by the recovery system with odd permissions
198    chown system cache /cache/recovery
199    chmod 0770 /cache/recovery
200
201    #change permissions on vmallocinfo so we can grab it from bugreports
202    chown root log /proc/vmallocinfo
203    chmod 0440 /proc/vmallocinfo
204
205    chown root log /proc/slabinfo
206    chmod 0440 /proc/slabinfo
207
208    #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
209    chown root system /proc/kmsg
210    chmod 0440 /proc/kmsg
211    chown root system /proc/sysrq-trigger
212    chmod 0220 /proc/sysrq-trigger
213    chown system log /proc/last_kmsg
214    chmod 0440 /proc/last_kmsg
215
216    # make the selinux kernel policy world-readable
217    chmod 0444 /sys/fs/selinux/policy
218
219    # create the lost+found directories, so as to enforce our permissions
220    mkdir /cache/lost+found 0770 root root
221
222on post-fs-data
223    # We chown/chmod /data again so because mount is run as root + defaults
224    chown system system /data
225    chmod 0771 /data
226    # We restorecon /data in case the userdata partition has been reset.
227    restorecon /data
228
229    # Make sure we have the device encryption key
230    start logd
231    start vold
232    installkey /data
233
234    # Start bootcharting as soon as possible after the data partition is
235    # mounted to collect more data.
236    mkdir /data/bootchart 0755 shell shell
237    bootchart_init
238
239    # Avoid predictable entropy pool. Carry over entropy from previous boot.
240    copy /data/system/entropy.dat /dev/urandom
241
242    # create basic filesystem structure
243    mkdir /data/misc 01771 system misc
244    mkdir /data/misc/adb 02750 system shell
245    mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
246    mkdir /data/misc/bluetooth 0770 system system
247    mkdir /data/misc/keystore 0700 keystore keystore
248    mkdir /data/misc/gatekeeper 0700 system system
249    mkdir /data/misc/keychain 0771 system system
250    mkdir /data/misc/net 0750 root shell
251    mkdir /data/misc/radio 0770 system radio
252    mkdir /data/misc/sms 0770 system radio
253    mkdir /data/misc/zoneinfo 0775 system system
254    mkdir /data/misc/vpn 0770 system vpn
255    mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
256    mkdir /data/misc/systemkeys 0700 system system
257    mkdir /data/misc/wifi 0770 wifi wifi
258    mkdir /data/misc/wifi/sockets 0770 wifi wifi
259    mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
260    mkdir /data/misc/ethernet 0770 system system
261    mkdir /data/misc/dhcp 0770 dhcp dhcp
262    mkdir /data/misc/user 0771 root root
263    # give system access to wpa_supplicant.conf for backup and restore
264    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
265    mkdir /data/local 0751 root root
266    mkdir /data/misc/media 0700 media media
267
268    # For security reasons, /data/local/tmp should always be empty.
269    # Do not place files or directories in /data/local/tmp
270    mkdir /data/local/tmp 0771 shell shell
271    mkdir /data/data 0771 system system
272    mkdir /data/app-private 0771 system system
273    mkdir /data/app-asec 0700 root root
274    mkdir /data/app-lib 0771 system system
275    mkdir /data/app 0771 system system
276    mkdir /data/property 0700 root root
277    mkdir /data/tombstones 0771 system system
278
279    # create dalvik-cache, so as to enforce our permissions
280    mkdir /data/dalvik-cache 0771 root root
281    mkdir /data/dalvik-cache/profiles 0711 system system
282
283    # create resource-cache and double-check the perms
284    mkdir /data/resource-cache 0771 system system
285    chown system system /data/resource-cache
286    chmod 0771 /data/resource-cache
287
288    # create the lost+found directories, so as to enforce our permissions
289    mkdir /data/lost+found 0770 root root
290
291    # create directory for DRM plug-ins - give drm the read/write access to
292    # the following directory.
293    mkdir /data/drm 0770 drm drm
294
295    # create directory for MediaDrm plug-ins - give drm the read/write access to
296    # the following directory.
297    mkdir /data/mediadrm 0770 mediadrm mediadrm
298
299    mkdir /data/adb 0700 root root
300
301    # symlink to bugreport storage location
302    symlink /data/data/com.android.shell/files/bugreports /data/bugreports
303
304    # Separate location for storing security policy files on data
305    mkdir /data/security 0711 system system
306
307    # Create all remaining /data root dirs so that they are made through init
308    # and get proper encryption policy installed
309    mkdir /data/backup 0700 system system
310    mkdir /data/media 0770 media_rw media_rw
311    mkdir /data/ss 0700 system system
312    mkdir /data/system 0775 system system
313    mkdir /data/system/heapdump 0700 system system
314    mkdir /data/user 0711 system system
315
316    # Reload policy from /data/security if present.
317    setprop selinux.reload_policy 1
318
319    # Set SELinux security contexts on upgrade or policy update.
320    restorecon_recursive /data
321
322    # Check any timezone data in /data is newer than the copy in /system, delete if not.
323    exec u:r:tzdatacheck:s0 system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo
324
325    # If there is no fs-post-data action in the init.<device>.rc file, you
326    # must uncomment this line, otherwise encrypted filesystems
327    # won't work.
328    # Set indication (checked by vold) that we have finished this action
329    #setprop vold.post_fs_data_done 1
330
331on boot
332    # basic network init
333    ifup lo
334    hostname localhost
335    domainname localdomain
336
337    # set RLIMIT_NICE to allow priorities from 19 to -20
338    setrlimit 13 40 40
339
340    # Memory management.  Basic kernel parameters, and allow the high
341    # level system server to be able to adjust the kernel OOM driver
342    # parameters to match how it is managing things.
343    write /proc/sys/vm/overcommit_memory 1
344    write /proc/sys/vm/min_free_order_shift 4
345    chown root system /sys/module/lowmemorykiller/parameters/adj
346    chmod 0220 /sys/module/lowmemorykiller/parameters/adj
347    chown root system /sys/module/lowmemorykiller/parameters/minfree
348    chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
349
350    # Tweak background writeout
351    write /proc/sys/vm/dirty_expire_centisecs 200
352    write /proc/sys/vm/dirty_background_ratio  5
353
354    # Permissions for System Server and daemons.
355    chown radio system /sys/android_power/state
356    chown radio system /sys/android_power/request_state
357    chown radio system /sys/android_power/acquire_full_wake_lock
358    chown radio system /sys/android_power/acquire_partial_wake_lock
359    chown radio system /sys/android_power/release_wake_lock
360    chown system system /sys/power/autosleep
361    chown system system /sys/power/state
362    chown system system /sys/power/wakeup_count
363    chown radio system /sys/power/wake_lock
364    chown radio system /sys/power/wake_unlock
365    chmod 0660 /sys/power/state
366    chmod 0660 /sys/power/wake_lock
367    chmod 0660 /sys/power/wake_unlock
368
369    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
370    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
371    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
372    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
373    chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
374    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
375    chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
376    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
377    chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
378    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
379    chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
380    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
381    chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
382    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
383    chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
384    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
385    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
386    chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
387    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
388    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
389    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
390    chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
391    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
392
393    # Assume SMP uses shared cpufreq policy for all CPUs
394    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
395    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
396
397    chown system system /sys/class/timed_output/vibrator/enable
398    chown system system /sys/class/leds/keyboard-backlight/brightness
399    chown system system /sys/class/leds/lcd-backlight/brightness
400    chown system system /sys/class/leds/button-backlight/brightness
401    chown system system /sys/class/leds/jogball-backlight/brightness
402    chown system system /sys/class/leds/red/brightness
403    chown system system /sys/class/leds/green/brightness
404    chown system system /sys/class/leds/blue/brightness
405    chown system system /sys/class/leds/red/device/grpfreq
406    chown system system /sys/class/leds/red/device/grppwm
407    chown system system /sys/class/leds/red/device/blink
408    chown system system /sys/class/timed_output/vibrator/enable
409    chown system system /sys/module/sco/parameters/disable_esco
410    chown system system /sys/kernel/ipv4/tcp_wmem_min
411    chown system system /sys/kernel/ipv4/tcp_wmem_def
412    chown system system /sys/kernel/ipv4/tcp_wmem_max
413    chown system system /sys/kernel/ipv4/tcp_rmem_min
414    chown system system /sys/kernel/ipv4/tcp_rmem_def
415    chown system system /sys/kernel/ipv4/tcp_rmem_max
416    chown root radio /proc/cmdline
417
418    # Define default initial receive window size in segments.
419    setprop net.tcp.default_init_rwnd 60
420
421    class_start core
422
423on nonencrypted
424    class_start main
425    class_start late_start
426
427on property:vold.decrypt=trigger_default_encryption
428    start defaultcrypto
429
430on property:vold.decrypt=trigger_encryption
431    start surfaceflinger
432    start encrypt
433
434on property:sys.init_log_level=*
435    loglevel ${sys.init_log_level}
436
437on charger
438    class_start charger
439
440on property:vold.decrypt=trigger_reset_main
441    class_reset main
442
443on property:vold.decrypt=trigger_load_persist_props
444    load_persist_props
445    start logd
446    start logd-reinit
447
448on property:vold.decrypt=trigger_post_fs_data
449    trigger post-fs-data
450
451on property:vold.decrypt=trigger_restart_min_framework
452    class_start main
453
454on property:vold.decrypt=trigger_restart_framework
455    class_start main
456    class_start late_start
457
458on property:vold.decrypt=trigger_shutdown_framework
459    class_reset late_start
460    class_reset main
461
462on property:sys.powerctl=*
463    powerctl ${sys.powerctl}
464
465# system server cannot write to /proc/sys files,
466# and chown/chmod does not work for /proc/sys/ entries.
467# So proxy writes through init.
468on property:sys.sysctl.extra_free_kbytes=*
469    write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
470
471# "tcp_default_init_rwnd" Is too long!
472on property:sys.sysctl.tcp_def_init_rwnd=*
473    write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
474
475
476## Daemon processes to be run by init.
477##
478service ueventd /sbin/ueventd
479    class core
480    critical
481    seclabel u:r:ueventd:s0
482
483service logd /system/bin/logd
484    class core
485    socket logd stream 0666 logd logd
486    socket logdr seqpacket 0666 logd logd
487    socket logdw dgram 0222 logd logd
488
489service logd-reinit /system/bin/logd --reinit
490    oneshot
491    disabled
492
493service healthd /sbin/healthd
494    class core
495    critical
496    seclabel u:r:healthd:s0
497
498service console /system/bin/sh
499    class core
500    console
501    disabled
502    user shell
503    group shell log
504    seclabel u:r:shell:s0
505
506on property:ro.debuggable=1
507    start console
508
509# adbd is controlled via property triggers in init.<platform>.usb.rc
510service adbd /sbin/adbd --root_seclabel=u:r:su:s0
511    class core
512    socket adbd stream 660 system system
513    disabled
514    seclabel u:r:adbd:s0
515
516# adbd on at boot in emulator
517on property:ro.kernel.qemu=1
518    start adbd
519
520service lmkd /system/bin/lmkd
521    class core
522    critical
523    socket lmkd seqpacket 0660 system system
524
525service servicemanager /system/bin/servicemanager
526    class core
527    user system
528    group system
529    critical
530    onrestart restart healthd
531    onrestart restart zygote
532    onrestart restart media
533    onrestart restart surfaceflinger
534    onrestart restart drm
535
536service vold /system/bin/vold
537    class core
538    socket vold stream 0660 root mount
539    ioprio be 2
540
541service netd /system/bin/netd
542    class main
543    socket netd stream 0660 root system
544    socket dnsproxyd stream 0660 root inet
545    socket mdns stream 0660 root system
546    socket fwmarkd stream 0660 root inet
547
548service debuggerd /system/bin/debuggerd
549    class main
550
551service debuggerd64 /system/bin/debuggerd64
552    class main
553
554service ril-daemon /system/bin/rild
555    class main
556    socket rild stream 660 root radio
557    socket rild-debug stream 660 radio system
558    user root
559    group radio cache inet misc audio log
560
561service surfaceflinger /system/bin/surfaceflinger
562    class core
563    user system
564    group graphics drmrpc
565    onrestart restart zygote
566
567service drm /system/bin/drmserver
568    class main
569    user drm
570    group drm system inet drmrpc
571
572service media /system/bin/mediaserver
573    class main
574    user media
575    group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
576    ioprio rt 4
577
578# One shot invocation to deal with encrypted volume.
579service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
580    disabled
581    oneshot
582    # vold will set vold.decrypt to trigger_restart_framework (default
583    # encryption) or trigger_restart_min_framework (other encryption)
584
585# One shot invocation to encrypt unencrypted volumes
586service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
587    disabled
588    oneshot
589    # vold will set vold.decrypt to trigger_restart_framework (default
590    # encryption)
591
592service bootanim /system/bin/bootanimation
593    class core
594    user graphics
595    group graphics audio
596    disabled
597    oneshot
598
599service installd /system/bin/installd
600    class main
601    socket installd stream 600 system system
602
603service flash_recovery /system/bin/install-recovery.sh
604    class main
605    oneshot
606
607service racoon /system/bin/racoon
608    class main
609    socket racoon stream 600 system system
610    # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
611    group vpn net_admin inet
612    disabled
613    oneshot
614
615service mtpd /system/bin/mtpd
616    class main
617    socket mtpd stream 600 system system
618    user vpn
619    group vpn net_admin inet net_raw
620    disabled
621    oneshot
622
623service keystore /system/bin/keystore /data/misc/keystore
624    class main
625    user keystore
626    group keystore drmrpc
627
628service dumpstate /system/bin/dumpstate -s
629    class main
630    socket dumpstate stream 0660 shell log
631    disabled
632    oneshot
633
634service mdnsd /system/bin/mdnsd
635    class main
636    user mdnsr
637    group inet net_raw
638    socket mdnsd stream 0660 mdnsr inet
639    disabled
640    oneshot
641
642service pre-recovery /system/bin/uncrypt
643    class main
644    disabled
645    oneshot
646
647on property:ro.debuggable=1
648    start perfprofd
649
650service perfprofd /system/xbin/perfprofd
651    disabled
652    user root
653    oneshot
654