init.rc revision e4b7b294f37d9b64d6b7c1931e2c9bfb1a500d68
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.${ro.zygote}.rc 11import /init.trace.rc 12 13on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_adj -16 16 17 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. 18 write /sys/fs/selinux/checkreqprot 0 19 20 # Set the security context for the init process. 21 # This should occur before anything else (e.g. ueventd) is started. 22 setcon u:r:init:s0 23 24 # Set the security context of /adb_keys if present. 25 restorecon /adb_keys 26 27 start ueventd 28 29 # create mountpoints 30 mkdir /mnt 0775 root system 31 32on init 33 sysclktz 0 34 35 loglevel 3 36 37 # Backward compatibility 38 symlink /system/etc /etc 39 symlink /sys/kernel/debug /d 40 41 # Right now vendor lives on the same filesystem as system, 42 # but someday that may change. 43 symlink /system/vendor /vendor 44 45 # Create cgroup mount point for cpu accounting 46 mkdir /acct 47 mount cgroup none /acct cpuacct 48 mkdir /acct/uid 49 50 # Create cgroup mount point for memory 51 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 52 mkdir /sys/fs/cgroup/memory 0750 root system 53 mount cgroup none /sys/fs/cgroup/memory memory 54 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 55 chown root system /sys/fs/cgroup/memory/tasks 56 chmod 0660 /sys/fs/cgroup/memory/tasks 57 mkdir /sys/fs/cgroup/memory/sw 0750 root system 58 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 59 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 60 chown root system /sys/fs/cgroup/memory/sw/tasks 61 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 62 63 mkdir /system 64 mkdir /data 0771 system system 65 mkdir /cache 0770 system cache 66 mkdir /config 0500 root root 67 68 # See storage config details at http://source.android.com/tech/storage/ 69 mkdir /mnt/shell 0700 shell shell 70 mkdir /mnt/media_rw 0700 media_rw media_rw 71 mkdir /storage 0751 root sdcard_r 72 73 # Directory for putting things only root should see. 74 mkdir /mnt/secure 0700 root root 75 76 # Directory for staging bindmounts 77 mkdir /mnt/secure/staging 0700 root root 78 79 # Directory-target for where the secure container 80 # imagefile directory will be bind-mounted 81 mkdir /mnt/secure/asec 0700 root root 82 83 # Secure container public mount points. 84 mkdir /mnt/asec 0700 root system 85 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 86 87 # Filesystem image public mount points. 88 mkdir /mnt/obb 0700 root system 89 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 90 91 write /proc/sys/kernel/panic_on_oops 1 92 write /proc/sys/kernel/hung_task_timeout_secs 0 93 write /proc/cpu/alignment 4 94 write /proc/sys/kernel/sched_latency_ns 10000000 95 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 96 write /proc/sys/kernel/sched_compat_yield 1 97 write /proc/sys/kernel/sched_child_runs_first 0 98 write /proc/sys/kernel/randomize_va_space 2 99 write /proc/sys/kernel/kptr_restrict 2 100 write /proc/sys/vm/mmap_min_addr 32768 101 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 102 write /proc/sys/net/unix/max_dgram_qlen 300 103 write /proc/sys/kernel/sched_rt_runtime_us 950000 104 write /proc/sys/kernel/sched_rt_period_us 1000000 105 106 # reflect fwmark from incoming packets onto generated replies 107 write /proc/sys/net/ipv4/fwmark_reflect 1 108 write /proc/sys/net/ipv6/fwmark_reflect 1 109 110 # set fwmark on accepted sockets 111 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 112 113 # Create cgroup mount points for process groups 114 mkdir /dev/cpuctl 115 mount cgroup none /dev/cpuctl cpu 116 chown system system /dev/cpuctl 117 chown system system /dev/cpuctl/tasks 118 chmod 0660 /dev/cpuctl/tasks 119 write /dev/cpuctl/cpu.shares 1024 120 write /dev/cpuctl/cpu.rt_runtime_us 950000 121 write /dev/cpuctl/cpu.rt_period_us 1000000 122 123 mkdir /dev/cpuctl/apps 124 chown system system /dev/cpuctl/apps/tasks 125 chmod 0666 /dev/cpuctl/apps/tasks 126 write /dev/cpuctl/apps/cpu.shares 1024 127 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000 128 write /dev/cpuctl/apps/cpu.rt_period_us 1000000 129 130 mkdir /dev/cpuctl/apps/bg_non_interactive 131 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks 132 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks 133 # 5.0 % 134 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52 135 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000 136 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000 137 138 # qtaguid will limit access to specific data based on group memberships. 139 # net_bw_acct grants impersonation of socket owners. 140 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 141 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 142 chown root net_bw_stats /proc/net/xt_qtaguid/stats 143 144 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 145 # This is needed by any process that uses socket tagging. 146 chmod 0644 /dev/xt_qtaguid 147 148 # Create location for fs_mgr to store abbreviated output from filesystem 149 # checker programs. 150 mkdir /dev/fscklogs 0770 root system 151 152 # pstore/ramoops previous console log 153 mount pstore pstore /sys/fs/pstore 154 chown system log /sys/fs/pstore/console-ramoops 155 chmod 0440 /sys/fs/pstore/console-ramoops 156 157# Healthd can trigger a full boot from charger mode by signaling this 158# property when the power button is held. 159on property:sys.boot_from_charger_mode=1 160 class_stop charger 161 trigger late-init 162 163# Load properties from /system/ + /factory after fs mount. 164on load_all_props_action 165 load_all_props 166 167# Mount filesystems and start core system services. 168on late-init 169 trigger early-fs 170 trigger fs 171 trigger post-fs 172 trigger post-fs-data 173 174 # Load properties from /system/ + /factory after fs mount. Place 175 # this in another action so that the load will be scheduled after the prior 176 # issued fs triggers have completed. 177 trigger load_all_props_action 178 179 trigger early-boot 180 trigger boot 181 182on post-fs 183 # once everything is setup, no need to modify / 184 mount rootfs rootfs / ro remount 185 # mount shared so changes propagate into child namespaces 186 mount rootfs rootfs / shared rec 187 188 # We chown/chmod /cache again so because mount is run as root + defaults 189 chown system cache /cache 190 chmod 0770 /cache 191 # We restorecon /cache in case the cache partition has been reset. 192 restorecon /cache 193 194 # This may have been created by the recovery system with odd permissions 195 chown system cache /cache/recovery 196 chmod 0770 /cache/recovery 197 # This may have been created by the recovery system with the wrong context. 198 restorecon /cache/recovery 199 200 #change permissions on vmallocinfo so we can grab it from bugreports 201 chown root log /proc/vmallocinfo 202 chmod 0440 /proc/vmallocinfo 203 204 chown root log /proc/slabinfo 205 chmod 0440 /proc/slabinfo 206 207 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 208 chown root system /proc/kmsg 209 chmod 0440 /proc/kmsg 210 chown root system /proc/sysrq-trigger 211 chmod 0220 /proc/sysrq-trigger 212 chown system log /proc/last_kmsg 213 chmod 0440 /proc/last_kmsg 214 215 # make the selinux kernel policy world-readable 216 chmod 0444 /sys/fs/selinux/policy 217 218 # create the lost+found directories, so as to enforce our permissions 219 mkdir /cache/lost+found 0770 root root 220 221on post-fs-data 222 # We chown/chmod /data again so because mount is run as root + defaults 223 chown system system /data 224 chmod 0771 /data 225 # We restorecon /data in case the userdata partition has been reset. 226 restorecon /data 227 228 # Avoid predictable entropy pool. Carry over entropy from previous boot. 229 copy /data/system/entropy.dat /dev/urandom 230 231 # Create dump dir and collect dumps. 232 # Do this before we mount cache so eventually we can use cache for 233 # storing dumps on platforms which do not have a dedicated dump partition. 234 mkdir /data/dontpanic 0750 root log 235 236 # Collect apanic data, free resources and re-arm trigger 237 copy /proc/apanic_console /data/dontpanic/apanic_console 238 chown root log /data/dontpanic/apanic_console 239 chmod 0640 /data/dontpanic/apanic_console 240 241 copy /proc/apanic_threads /data/dontpanic/apanic_threads 242 chown root log /data/dontpanic/apanic_threads 243 chmod 0640 /data/dontpanic/apanic_threads 244 245 write /proc/apanic_console 1 246 247 # create basic filesystem structure 248 mkdir /data/misc 01771 system misc 249 mkdir /data/misc/adb 02750 system shell 250 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack 251 mkdir /data/misc/bluetooth 0770 system system 252 mkdir /data/misc/keystore 0700 keystore keystore 253 mkdir /data/misc/keychain 0771 system system 254 mkdir /data/misc/radio 0770 system radio 255 mkdir /data/misc/sms 0770 system radio 256 mkdir /data/misc/zoneinfo 0775 system system 257 mkdir /data/misc/vpn 0770 system vpn 258 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 259 mkdir /data/misc/systemkeys 0700 system system 260 mkdir /data/misc/wifi 0770 wifi wifi 261 mkdir /data/misc/wifi/sockets 0770 wifi wifi 262 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 263 mkdir /data/misc/dhcp 0770 dhcp dhcp 264 mkdir /data/misc/user 0771 root root 265 # give system access to wpa_supplicant.conf for backup and restore 266 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 267 mkdir /data/local 0751 root root 268 mkdir /data/misc/media 0700 media media 269 270 # For security reasons, /data/local/tmp should always be empty. 271 # Do not place files or directories in /data/local/tmp 272 mkdir /data/local/tmp 0771 shell shell 273 mkdir /data/data 0771 system system 274 mkdir /data/app-private 0771 system system 275 mkdir /data/app-asec 0700 root root 276 mkdir /data/app-lib 0771 system system 277 mkdir /data/app 0771 system system 278 mkdir /data/property 0700 root root 279 mkdir /data/ssh 0750 root shell 280 mkdir /data/ssh/empty 0700 root root 281 282 # create dalvik-cache, so as to enforce our permissions 283 mkdir /data/dalvik-cache 0771 system system 284 mkdir /data/dalvik-cache/profiles 0711 system system 285 286 # create resource-cache and double-check the perms 287 mkdir /data/resource-cache 0771 system system 288 chown system system /data/resource-cache 289 chmod 0771 /data/resource-cache 290 291 # create the lost+found directories, so as to enforce our permissions 292 mkdir /data/lost+found 0770 root root 293 294 # create directory for DRM plug-ins - give drm the read/write access to 295 # the following directory. 296 mkdir /data/drm 0770 drm drm 297 298 # create directory for MediaDrm plug-ins - give drm the read/write access to 299 # the following directory. 300 mkdir /data/mediadrm 0770 mediadrm mediadrm 301 302 # symlink to bugreport storage location 303 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 304 305 # Separate location for storing security policy files on data 306 mkdir /data/security 0711 system system 307 308 # Reload policy from /data/security if present. 309 setprop selinux.reload_policy 1 310 311 # Set SELinux security contexts on upgrade or policy update. 312 restorecon_recursive /data 313 314 # If there is no fs-post-data action in the init.<device>.rc file, you 315 # must uncomment this line, otherwise encrypted filesystems 316 # won't work. 317 # Set indication (checked by vold) that we have finished this action 318 #setprop vold.post_fs_data_done 1 319 320on boot 321 # basic network init 322 ifup lo 323 hostname localhost 324 domainname localdomain 325 326 # set RLIMIT_NICE to allow priorities from 19 to -20 327 setrlimit 13 40 40 328 329 # Memory management. Basic kernel parameters, and allow the high 330 # level system server to be able to adjust the kernel OOM driver 331 # parameters to match how it is managing things. 332 write /proc/sys/vm/overcommit_memory 1 333 write /proc/sys/vm/min_free_order_shift 4 334 chown root system /sys/module/lowmemorykiller/parameters/adj 335 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 336 chown root system /sys/module/lowmemorykiller/parameters/minfree 337 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 338 339 # Tweak background writeout 340 write /proc/sys/vm/dirty_expire_centisecs 200 341 write /proc/sys/vm/dirty_background_ratio 5 342 343 # Permissions for System Server and daemons. 344 chown radio system /sys/android_power/state 345 chown radio system /sys/android_power/request_state 346 chown radio system /sys/android_power/acquire_full_wake_lock 347 chown radio system /sys/android_power/acquire_partial_wake_lock 348 chown radio system /sys/android_power/release_wake_lock 349 chown system system /sys/power/autosleep 350 chown system system /sys/power/state 351 chown system system /sys/power/wakeup_count 352 chown radio system /sys/power/wake_lock 353 chown radio system /sys/power/wake_unlock 354 chmod 0660 /sys/power/state 355 chmod 0660 /sys/power/wake_lock 356 chmod 0660 /sys/power/wake_unlock 357 358 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 359 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 360 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 361 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 362 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 363 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 364 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 365 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 366 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 367 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 368 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 369 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 370 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 371 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 372 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 373 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 374 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 375 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 376 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 377 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 378 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 379 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 380 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 381 382 # Assume SMP uses shared cpufreq policy for all CPUs 383 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 384 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 385 386 chown system system /sys/class/timed_output/vibrator/enable 387 chown system system /sys/class/leds/keyboard-backlight/brightness 388 chown system system /sys/class/leds/lcd-backlight/brightness 389 chown system system /sys/class/leds/button-backlight/brightness 390 chown system system /sys/class/leds/jogball-backlight/brightness 391 chown system system /sys/class/leds/red/brightness 392 chown system system /sys/class/leds/green/brightness 393 chown system system /sys/class/leds/blue/brightness 394 chown system system /sys/class/leds/red/device/grpfreq 395 chown system system /sys/class/leds/red/device/grppwm 396 chown system system /sys/class/leds/red/device/blink 397 chown system system /sys/class/timed_output/vibrator/enable 398 chown system system /sys/module/sco/parameters/disable_esco 399 chown system system /sys/kernel/ipv4/tcp_wmem_min 400 chown system system /sys/kernel/ipv4/tcp_wmem_def 401 chown system system /sys/kernel/ipv4/tcp_wmem_max 402 chown system system /sys/kernel/ipv4/tcp_rmem_min 403 chown system system /sys/kernel/ipv4/tcp_rmem_def 404 chown system system /sys/kernel/ipv4/tcp_rmem_max 405 chown root radio /proc/cmdline 406 407 # Define TCP buffer sizes for various networks 408 # ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax, 409 setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208 410 setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576 411 setprop net.tcp.buffersize.ethernet 524288,1048576,3145728,524288,1048576,2097152 412 setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576 413 setprop net.tcp.buffersize.umts 58254,349525,1048576,58254,349525,1048576 414 setprop net.tcp.buffersize.hspa 40778,244668,734003,16777,100663,301990 415 setprop net.tcp.buffersize.hsupa 40778,244668,734003,16777,100663,301990 416 setprop net.tcp.buffersize.hsdpa 61167,367002,1101005,8738,52429,262114 417 setprop net.tcp.buffersize.hspap 122334,734003,2202010,32040,192239,576717 418 setprop net.tcp.buffersize.edge 4093,26280,70800,4096,16384,70800 419 setprop net.tcp.buffersize.gprs 4092,8760,48000,4096,8760,48000 420 setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144 421 422 # Define default initial receive window size in segments. 423 setprop net.tcp.default_init_rwnd 60 424 425 class_start core 426 class_start main 427 428on nonencrypted 429 class_start late_start 430 431on charger 432 class_start charger 433 434on property:vold.decrypt=trigger_reset_main 435 class_reset main 436 437on property:vold.decrypt=trigger_load_persist_props 438 load_persist_props 439 440on property:vold.decrypt=trigger_post_fs_data 441 trigger post-fs-data 442 443on property:vold.decrypt=trigger_restart_min_framework 444 class_start main 445 446on property:vold.decrypt=trigger_restart_framework 447 class_start main 448 class_start late_start 449 450on property:vold.decrypt=trigger_shutdown_framework 451 class_reset late_start 452 class_reset main 453 454on property:sys.powerctl=* 455 powerctl ${sys.powerctl} 456 457# system server cannot write to /proc/sys files, 458# and chown/chmod does not work for /proc/sys/ entries. 459# So proxy writes through init. 460on property:sys.sysctl.extra_free_kbytes=* 461 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 462 463# "tcp_default_init_rwnd" Is too long! 464on property:sys.sysctl.tcp_def_init_rwnd=* 465 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 466 467 468## Daemon processes to be run by init. 469## 470service ueventd /sbin/ueventd 471 class core 472 critical 473 seclabel u:r:ueventd:s0 474 475service logd /system/bin/logd 476 class core 477 socket logd stream 0666 logd logd 478 socket logdr seqpacket 0666 logd logd 479 socket logdw dgram 0222 logd logd 480 seclabel u:r:logd:s0 481 482service healthd /sbin/healthd 483 class core 484 critical 485 seclabel u:r:healthd:s0 486 487service healthd-charger /sbin/healthd -n 488 class charger 489 critical 490 seclabel u:r:healthd:s0 491 492service console /system/bin/sh 493 class core 494 console 495 disabled 496 user shell 497 group shell log 498 seclabel u:r:shell:s0 499 500on property:ro.debuggable=1 501 start console 502 503# adbd is controlled via property triggers in init.<platform>.usb.rc 504service adbd /sbin/adbd --root_seclabel=u:r:su:s0 505 class core 506 socket adbd stream 660 system system 507 disabled 508 seclabel u:r:adbd:s0 509 510# adbd on at boot in emulator 511on property:ro.kernel.qemu=1 512 start adbd 513 514service servicemanager /system/bin/servicemanager 515 class core 516 user system 517 group system 518 critical 519 onrestart restart healthd 520 onrestart restart zygote 521 onrestart restart media 522 onrestart restart surfaceflinger 523 onrestart restart drm 524 525service vold /system/bin/vold 526 class core 527 socket vold stream 0660 root mount 528 ioprio be 2 529 530service netd /system/bin/netd 531 class main 532 socket netd stream 0660 root system 533 socket dnsproxyd stream 0660 root inet 534 socket mdns stream 0660 root system 535 socket fwmarkd stream 0660 root inet 536 537service debuggerd /system/bin/debuggerd 538 class main 539 540service debuggerd64 /system/bin/debuggerd64 541 class main 542 543service ril-daemon /system/bin/rild 544 class main 545 socket rild stream 660 root radio 546 socket rild-debug stream 660 radio system 547 user root 548 group radio cache inet misc audio log 549 550service surfaceflinger /system/bin/surfaceflinger 551 class main 552 user system 553 group graphics drmrpc 554 onrestart restart zygote 555 556service drm /system/bin/drmserver 557 class main 558 user drm 559 group drm system inet drmrpc 560 561service media /system/bin/mediaserver 562 class main 563 user media 564 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 565 ioprio rt 4 566 567service bootanim /system/bin/bootanimation 568 class main 569 user graphics 570 group graphics 571 disabled 572 oneshot 573 574service installd /system/bin/installd 575 class main 576 socket installd stream 600 system system 577 578service flash_recovery /system/etc/install-recovery.sh 579 class main 580 oneshot 581 582service racoon /system/bin/racoon 583 class main 584 socket racoon stream 600 system system 585 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 586 group vpn net_admin inet 587 disabled 588 oneshot 589 590service mtpd /system/bin/mtpd 591 class main 592 socket mtpd stream 600 system system 593 user vpn 594 group vpn net_admin inet net_raw 595 disabled 596 oneshot 597 598service keystore /system/bin/keystore /data/misc/keystore 599 class main 600 user keystore 601 group keystore drmrpc 602 603service dumpstate /system/bin/dumpstate -s 604 class main 605 socket dumpstate stream 0660 shell log 606 disabled 607 oneshot 608 609service sshd /system/bin/start-ssh 610 class main 611 disabled 612 613service mdnsd /system/bin/mdnsd 614 class main 615 user mdnsr 616 group inet net_raw 617 socket mdnsd stream 0660 mdnsr inet 618 disabled 619 oneshot 620