init.rc revision ed60788968be61f4f6f47890e5f3cb182a6a2b6e
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.usb.configfs.rc 11import /init.${ro.zygote}.rc 12import /init.trace.rc 13 14on early-init 15 # Set init and its forked children's oom_adj. 16 write /proc/1/oom_score_adj -1000 17 18 # Set the security context of /adb_keys if present. 19 restorecon /adb_keys 20 21 start ueventd 22 23on init 24 sysclktz 0 25 26 # Backward compatibility. 27 symlink /system/etc /etc 28 symlink /sys/kernel/debug /d 29 30 # Link /vendor to /system/vendor for devices without a vendor partition. 31 symlink /system/vendor /vendor 32 33 # Create cgroup mount point for cpu accounting 34 mkdir /acct 35 mount cgroup none /acct cpuacct 36 mkdir /acct/uid 37 38 # Create cgroup mount point for memory 39 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 40 mkdir /sys/fs/cgroup/memory 0750 root system 41 mount cgroup none /sys/fs/cgroup/memory memory 42 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 43 chown root system /sys/fs/cgroup/memory/tasks 44 chmod 0660 /sys/fs/cgroup/memory/tasks 45 mkdir /sys/fs/cgroup/memory/sw 0750 root system 46 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 47 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 48 chown root system /sys/fs/cgroup/memory/sw/tasks 49 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 50 51 # Create energy-aware scheduler tuning nodes 52 mkdir /sys/fs/cgroup/stune 53 mount cgroup none /sys/fs/cgroup/stune schedtune 54 mkdir /sys/fs/cgroup/stune/foreground 55 chown system system /sys/fs/cgroup/stune 56 chown system system /sys/fs/cgroup/stune/foreground 57 chown system system /sys/fs/cgroup/stune/tasks 58 chown system system /sys/fs/cgroup/stune/foreground/tasks 59 chmod 0664 /sys/fs/cgroup/stune/tasks 60 chmod 0664 /sys/fs/cgroup/stune/foreground/tasks 61 62 mkdir /system 63 mkdir /data 0771 system system 64 mkdir /cache 0770 system cache 65 mkdir /config 0500 root root 66 67 # Mount staging areas for devices managed by vold 68 # See storage config details at http://source.android.com/tech/storage/ 69 mkdir /mnt 0755 root system 70 mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000 71 restorecon_recursive /mnt 72 73 mkdir /mnt/secure 0700 root root 74 mkdir /mnt/secure/asec 0700 root root 75 mkdir /mnt/asec 0755 root system 76 mkdir /mnt/obb 0755 root system 77 mkdir /mnt/media_rw 0750 root media_rw 78 mkdir /mnt/user 0755 root root 79 mkdir /mnt/user/0 0755 root root 80 mkdir /mnt/expand 0771 system system 81 82 # Storage views to support runtime permissions 83 mkdir /storage 0755 root root 84 mkdir /mnt/runtime 0700 root root 85 mkdir /mnt/runtime/default 0755 root root 86 mkdir /mnt/runtime/default/self 0755 root root 87 mkdir /mnt/runtime/read 0755 root root 88 mkdir /mnt/runtime/read/self 0755 root root 89 mkdir /mnt/runtime/write 0755 root root 90 mkdir /mnt/runtime/write/self 0755 root root 91 92 # Symlink to keep legacy apps working in multi-user world 93 symlink /storage/self/primary /sdcard 94 symlink /mnt/user/0/primary /mnt/runtime/default/self/primary 95 96 # memory control cgroup 97 mkdir /dev/memcg 0700 root system 98 mount cgroup none /dev/memcg memory 99 100 write /proc/sys/kernel/panic_on_oops 1 101 write /proc/sys/kernel/hung_task_timeout_secs 0 102 write /proc/cpu/alignment 4 103 104 # scheduler tunables 105 # Disable auto-scaling of scheduler tunables with hotplug. The tunables 106 # will vary across devices in unpredictable ways if allowed to scale with 107 # cpu cores. 108 write /proc/sys/kernel/sched_tunable_scaling 0 109 write /proc/sys/kernel/sched_latency_ns 10000000 110 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 111 write /proc/sys/kernel/sched_compat_yield 1 112 write /proc/sys/kernel/sched_child_runs_first 0 113 114 write /proc/sys/kernel/randomize_va_space 2 115 write /proc/sys/kernel/kptr_restrict 2 116 write /proc/sys/vm/mmap_min_addr 32768 117 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 118 write /proc/sys/net/unix/max_dgram_qlen 300 119 write /proc/sys/kernel/sched_rt_runtime_us 950000 120 write /proc/sys/kernel/sched_rt_period_us 1000000 121 122 # reflect fwmark from incoming packets onto generated replies 123 write /proc/sys/net/ipv4/fwmark_reflect 1 124 write /proc/sys/net/ipv6/fwmark_reflect 1 125 126 # set fwmark on accepted sockets 127 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 128 129 # disable icmp redirects 130 write /proc/sys/net/ipv4/conf/all/accept_redirects 0 131 write /proc/sys/net/ipv6/conf/all/accept_redirects 0 132 133 # Create cgroup mount points for process groups 134 mkdir /dev/cpuctl 135 mount cgroup none /dev/cpuctl cpu 136 chown system system /dev/cpuctl 137 chown system system /dev/cpuctl/tasks 138 chmod 0666 /dev/cpuctl/tasks 139 write /dev/cpuctl/cpu.shares 1024 140 write /dev/cpuctl/cpu.rt_runtime_us 800000 141 write /dev/cpuctl/cpu.rt_period_us 1000000 142 143 mkdir /dev/cpuctl/bg_non_interactive 144 chown system system /dev/cpuctl/bg_non_interactive/tasks 145 chmod 0666 /dev/cpuctl/bg_non_interactive/tasks 146 # 5.0 % 147 write /dev/cpuctl/bg_non_interactive/cpu.shares 52 148 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000 149 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000 150 151 # sets up initial cpusets for ActivityManager 152 mkdir /dev/cpuset 153 mount cpuset none /dev/cpuset 154 155 # this ensures that the cpusets are present and usable, but the device's 156 # init.rc must actually set the correct cpus 157 mkdir /dev/cpuset/foreground 158 write /dev/cpuset/foreground/cpus 0 159 write /dev/cpuset/foreground/mems 0 160 mkdir /dev/cpuset/foreground/boost 161 write /dev/cpuset/foreground/boost/cpus 0 162 write /dev/cpuset/foreground/boost/mems 0 163 mkdir /dev/cpuset/background 164 write /dev/cpuset/background/cpus 0 165 write /dev/cpuset/background/mems 0 166 167 # system-background is for system tasks that should only run on 168 # little cores, not on bigs 169 # to be used only by init, so don't change system-bg permissions 170 mkdir /dev/cpuset/system-background 171 write /dev/cpuset/system-background/cpus 0 172 write /dev/cpuset/system-background/mems 0 173 174 # change permissions for all cpusets we'll touch at runtime 175 chown system system /dev/cpuset 176 chown system system /dev/cpuset/foreground 177 chown system system /dev/cpuset/foreground/boost 178 chown system system /dev/cpuset/background 179 chown system system /dev/cpuset/system-background 180 chown system system /dev/cpuset/tasks 181 chown system system /dev/cpuset/foreground/tasks 182 chown system system /dev/cpuset/foreground/boost/tasks 183 chown system system /dev/cpuset/background/tasks 184 chown system system /dev/cpuset/system-background/tasks 185 chmod 0664 /dev/cpuset/foreground/tasks 186 chmod 0664 /dev/cpuset/foreground/boost/tasks 187 chmod 0664 /dev/cpuset/background/tasks 188 chmod 0664 /dev/cpuset/system-background/tasks 189 chmod 0664 /dev/cpuset/tasks 190 191 192 # qtaguid will limit access to specific data based on group memberships. 193 # net_bw_acct grants impersonation of socket owners. 194 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 195 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 196 chown root net_bw_stats /proc/net/xt_qtaguid/stats 197 198 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 199 # This is needed by any process that uses socket tagging. 200 chmod 0644 /dev/xt_qtaguid 201 202 # Create location for fs_mgr to store abbreviated output from filesystem 203 # checker programs. 204 mkdir /dev/fscklogs 0770 root system 205 206 # pstore/ramoops previous console log 207 mount pstore pstore /sys/fs/pstore 208 chown system log /sys/fs/pstore/console-ramoops 209 chmod 0440 /sys/fs/pstore/console-ramoops 210 chown system log /sys/fs/pstore/pmsg-ramoops-0 211 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 212 213 # enable armv8_deprecated instruction hooks 214 write /proc/sys/abi/swp 1 215 216# Healthd can trigger a full boot from charger mode by signaling this 217# property when the power button is held. 218on property:sys.boot_from_charger_mode=1 219 class_stop charger 220 trigger late-init 221 222# Load properties from /system/ + /factory after fs mount. 223on load_system_props_action 224 load_system_props 225 226on load_persist_props_action 227 load_persist_props 228 start logd 229 start logd-reinit 230 231# Indicate to fw loaders that the relevant mounts are up. 232on firmware_mounts_complete 233 rm /dev/.booting 234 235# Mount filesystems and start core system services. 236on late-init 237 trigger early-fs 238 trigger fs 239 trigger post-fs 240 241 # Load properties from /system/ + /factory after fs mount. Place 242 # this in another action so that the load will be scheduled after the prior 243 # issued fs triggers have completed. 244 trigger load_system_props_action 245 246 # Now we can mount /data. File encryption requires keymaster to decrypt 247 # /data, which in turn can only be loaded when system properties are present 248 trigger post-fs-data 249 trigger load_persist_props_action 250 251 # Remove a file to wake up anything waiting for firmware. 252 trigger firmware_mounts_complete 253 254 trigger early-boot 255 trigger boot 256 257 258on post-fs 259 start logd 260 # once everything is setup, no need to modify / 261 mount rootfs rootfs / ro remount 262 # Mount shared so changes propagate into child namespaces 263 mount rootfs rootfs / shared rec 264 # Mount default storage into root namespace 265 mount none /mnt/runtime/default /storage slave bind rec 266 267 # We chown/chmod /cache again so because mount is run as root + defaults 268 chown system cache /cache 269 chmod 0770 /cache 270 # We restorecon /cache in case the cache partition has been reset. 271 restorecon_recursive /cache 272 273 # Create /cache/recovery in case it's not there. It'll also fix the odd 274 # permissions if created by the recovery system. 275 mkdir /cache/recovery 0770 system cache 276 277 #change permissions on vmallocinfo so we can grab it from bugreports 278 chown root log /proc/vmallocinfo 279 chmod 0440 /proc/vmallocinfo 280 281 chown root log /proc/slabinfo 282 chmod 0440 /proc/slabinfo 283 284 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 285 chown root system /proc/kmsg 286 chmod 0440 /proc/kmsg 287 chown root system /proc/sysrq-trigger 288 chmod 0220 /proc/sysrq-trigger 289 chown system log /proc/last_kmsg 290 chmod 0440 /proc/last_kmsg 291 292 # make the selinux kernel policy world-readable 293 chmod 0444 /sys/fs/selinux/policy 294 295 # create the lost+found directories, so as to enforce our permissions 296 mkdir /cache/lost+found 0770 root root 297 298on post-fs-data 299 # We chown/chmod /data again so because mount is run as root + defaults 300 chown system system /data 301 chmod 0771 /data 302 # We restorecon /data in case the userdata partition has been reset. 303 restorecon /data 304 305 # Emulated internal storage area 306 mkdir /data/media 0770 media_rw media_rw 307 308 # Make sure we have the device encryption key 309 start logd 310 start vold 311 installkey /data 312 313 # Start bootcharting as soon as possible after the data partition is 314 # mounted to collect more data. 315 mkdir /data/bootchart 0755 shell shell 316 bootchart_init 317 318 # Avoid predictable entropy pool. Carry over entropy from previous boot. 319 copy /data/system/entropy.dat /dev/urandom 320 321 # create basic filesystem structure 322 mkdir /data/misc 01771 system misc 323 mkdir /data/misc/adb 02750 system shell 324 mkdir /data/misc/bluedroid 02770 bluetooth net_bt_stack 325 # Fix the access permissions and group ownership for 'bt_config.conf' 326 chmod 0660 /data/misc/bluedroid/bt_config.conf 327 chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf 328 mkdir /data/misc/bluetooth 0770 system system 329 mkdir /data/misc/keystore 0700 keystore keystore 330 mkdir /data/misc/gatekeeper 0700 system system 331 mkdir /data/misc/keychain 0771 system system 332 mkdir /data/misc/net 0750 root shell 333 mkdir /data/misc/radio 0770 system radio 334 mkdir /data/misc/sms 0770 system radio 335 mkdir /data/misc/zoneinfo 0775 system system 336 mkdir /data/misc/vpn 0770 system vpn 337 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 338 mkdir /data/misc/systemkeys 0700 system system 339 mkdir /data/misc/wifi 0770 wifi wifi 340 mkdir /data/misc/wifi/sockets 0770 wifi wifi 341 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 342 mkdir /data/misc/ethernet 0770 system system 343 mkdir /data/misc/dhcp 0770 dhcp dhcp 344 mkdir /data/misc/user 0771 root root 345 mkdir /data/misc/perfprofd 0775 root root 346 # give system access to wpa_supplicant.conf for backup and restore 347 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 348 mkdir /data/local 0751 root root 349 mkdir /data/misc/media 0700 media media 350 mkdir /data/misc/vold 0700 root root 351 352 # For security reasons, /data/local/tmp should always be empty. 353 # Do not place files or directories in /data/local/tmp 354 mkdir /data/local/tmp 0771 shell shell 355 mkdir /data/data 0771 system system 356 mkdir /data/app-private 0771 system system 357 mkdir /data/app-asec 0700 root root 358 mkdir /data/app-lib 0771 system system 359 mkdir /data/app 0771 system system 360 mkdir /data/property 0700 root root 361 mkdir /data/tombstones 0771 system system 362 363 # create dalvik-cache, so as to enforce our permissions 364 mkdir /data/dalvik-cache 0771 root root 365 mkdir /data/dalvik-cache/profiles 0711 system system 366 367 # create resource-cache and double-check the perms 368 mkdir /data/resource-cache 0771 system system 369 chown system system /data/resource-cache 370 chmod 0771 /data/resource-cache 371 372 # create the lost+found directories, so as to enforce our permissions 373 mkdir /data/lost+found 0770 root root 374 375 # create directory for DRM plug-ins - give drm the read/write access to 376 # the following directory. 377 mkdir /data/drm 0770 drm drm 378 379 # create directory for MediaDrm plug-ins - give drm the read/write access to 380 # the following directory. 381 mkdir /data/mediadrm 0770 mediadrm mediadrm 382 383 mkdir /data/adb 0700 root root 384 385 # symlink to bugreport storage location 386 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 387 388 # Separate location for storing security policy files on data 389 mkdir /data/security 0711 system system 390 391 # Create all remaining /data root dirs so that they are made through init 392 # and get proper encryption policy installed 393 mkdir /data/backup 0700 system system 394 mkdir /data/media 0770 media_rw media_rw 395 mkdir /data/ss 0700 system system 396 mkdir /data/system 0775 system system 397 mkdir /data/system/heapdump 0700 system system 398 mkdir /data/user 0711 system system 399 400 setusercryptopolicies /data/user 401 402 # Reload policy from /data/security if present. 403 setprop selinux.reload_policy 1 404 405 # Set SELinux security contexts on upgrade or policy update. 406 restorecon_recursive /data 407 408 # Check any timezone data in /data is newer than the copy in /system, delete if not. 409 exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo 410 411 # If there is no fs-post-data action in the init.<device>.rc file, you 412 # must uncomment this line, otherwise encrypted filesystems 413 # won't work. 414 # Set indication (checked by vold) that we have finished this action 415 #setprop vold.post_fs_data_done 1 416 417on boot 418 # basic network init 419 ifup lo 420 hostname localhost 421 domainname localdomain 422 423 # set RLIMIT_NICE to allow priorities from 19 to -20 424 setrlimit 13 40 40 425 426 # Memory management. Basic kernel parameters, and allow the high 427 # level system server to be able to adjust the kernel OOM driver 428 # parameters to match how it is managing things. 429 write /proc/sys/vm/overcommit_memory 1 430 write /proc/sys/vm/min_free_order_shift 4 431 chown root system /sys/module/lowmemorykiller/parameters/adj 432 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 433 chown root system /sys/module/lowmemorykiller/parameters/minfree 434 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 435 436 # Tweak background writeout 437 write /proc/sys/vm/dirty_expire_centisecs 200 438 write /proc/sys/vm/dirty_background_ratio 5 439 440 # Permissions for System Server and daemons. 441 chown radio system /sys/android_power/state 442 chown radio system /sys/android_power/request_state 443 chown radio system /sys/android_power/acquire_full_wake_lock 444 chown radio system /sys/android_power/acquire_partial_wake_lock 445 chown radio system /sys/android_power/release_wake_lock 446 chown system system /sys/power/autosleep 447 chown system system /sys/power/state 448 chown system system /sys/power/wakeup_count 449 chown radio system /sys/power/wake_lock 450 chown radio system /sys/power/wake_unlock 451 chmod 0660 /sys/power/state 452 chmod 0660 /sys/power/wake_lock 453 chmod 0660 /sys/power/wake_unlock 454 455 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 456 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 457 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 458 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 459 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 460 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 461 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 462 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 463 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 464 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 465 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 466 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 467 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 468 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 469 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 470 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 471 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 472 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 473 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 474 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 475 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 476 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 477 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 478 479 # Assume SMP uses shared cpufreq policy for all CPUs 480 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 481 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 482 483 chown system system /sys/class/timed_output/vibrator/enable 484 chown system system /sys/class/leds/keyboard-backlight/brightness 485 chown system system /sys/class/leds/lcd-backlight/brightness 486 chown system system /sys/class/leds/button-backlight/brightness 487 chown system system /sys/class/leds/jogball-backlight/brightness 488 chown system system /sys/class/leds/red/brightness 489 chown system system /sys/class/leds/green/brightness 490 chown system system /sys/class/leds/blue/brightness 491 chown system system /sys/class/leds/red/device/grpfreq 492 chown system system /sys/class/leds/red/device/grppwm 493 chown system system /sys/class/leds/red/device/blink 494 chown system system /sys/class/timed_output/vibrator/enable 495 chown system system /sys/module/sco/parameters/disable_esco 496 chown system system /sys/kernel/ipv4/tcp_wmem_min 497 chown system system /sys/kernel/ipv4/tcp_wmem_def 498 chown system system /sys/kernel/ipv4/tcp_wmem_max 499 chown system system /sys/kernel/ipv4/tcp_rmem_min 500 chown system system /sys/kernel/ipv4/tcp_rmem_def 501 chown system system /sys/kernel/ipv4/tcp_rmem_max 502 chown root radio /proc/cmdline 503 504 # Define default initial receive window size in segments. 505 setprop net.tcp.default_init_rwnd 60 506 507 class_start core 508 509on nonencrypted 510 class_start main 511 class_start late_start 512 513on property:vold.decrypt=trigger_default_encryption 514 start defaultcrypto 515 516on property:vold.decrypt=trigger_encryption 517 start surfaceflinger 518 start encrypt 519 520on property:sys.init_log_level=* 521 loglevel ${sys.init_log_level} 522 523on charger 524 class_start charger 525 526on property:vold.decrypt=trigger_reset_main 527 class_reset main 528 529on property:vold.decrypt=trigger_load_persist_props 530 load_persist_props 531 start logd 532 start logd-reinit 533 534on property:vold.decrypt=trigger_post_fs_data 535 trigger post-fs-data 536 537on property:vold.decrypt=trigger_restart_min_framework 538 class_start main 539 540on property:vold.decrypt=trigger_restart_framework 541 class_start main 542 class_start late_start 543 544on property:vold.decrypt=trigger_shutdown_framework 545 class_reset late_start 546 class_reset main 547 548on property:sys.powerctl=* 549 powerctl ${sys.powerctl} 550 551# system server cannot write to /proc/sys files, 552# and chown/chmod does not work for /proc/sys/ entries. 553# So proxy writes through init. 554on property:sys.sysctl.extra_free_kbytes=* 555 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 556 557# "tcp_default_init_rwnd" Is too long! 558on property:sys.sysctl.tcp_def_init_rwnd=* 559 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 560 561 562## Daemon processes to be run by init. 563## 564service ueventd /sbin/ueventd 565 class core 566 critical 567 seclabel u:r:ueventd:s0 568 569service logd /system/bin/logd 570 class core 571 socket logd stream 0666 logd logd 572 socket logdr seqpacket 0666 logd logd 573 socket logdw dgram 0222 logd logd 574 group root system 575 writepid /dev/cpuset/system-background/tasks 576 577service logd-reinit /system/bin/logd --reinit 578 oneshot 579 writepid /dev/cpuset/system-background/tasks 580 disabled 581 582service healthd /sbin/healthd 583 class core 584 critical 585 seclabel u:r:healthd:s0 586 group root system 587 588service console /system/bin/sh 589 class core 590 console 591 disabled 592 user shell 593 group shell log 594 seclabel u:r:shell:s0 595 596on property:ro.debuggable=1 597 start console 598 599# adbd is controlled via property triggers in init.<platform>.usb.rc 600service adbd /sbin/adbd --root_seclabel=u:r:su:s0 601 class core 602 socket adbd stream 660 system system 603 disabled 604 seclabel u:r:adbd:s0 605 606# adbd on at boot in emulator 607on property:ro.kernel.qemu=1 608 start adbd 609 610service lmkd /system/bin/lmkd 611 class core 612 critical 613 socket lmkd seqpacket 0660 system system 614 writepid /dev/cpuset/system-background/tasks 615 616service servicemanager /system/bin/servicemanager 617 class core 618 user system 619 group system 620 critical 621 onrestart restart healthd 622 onrestart restart zygote 623 onrestart restart media 624 onrestart restart surfaceflinger 625 onrestart restart drm 626 627service vold /system/bin/vold \ 628 --blkid_context=u:r:blkid:s0 --blkid_untrusted_context=u:r:blkid_untrusted:s0 \ 629 --fsck_context=u:r:fsck:s0 --fsck_untrusted_context=u:r:fsck_untrusted:s0 630 class core 631 socket vold stream 0660 root mount 632 socket cryptd stream 0660 root mount 633 ioprio be 2 634 635service netd /system/bin/netd 636 class main 637 socket netd stream 0660 root system 638 socket dnsproxyd stream 0660 root inet 639 socket mdns stream 0660 root system 640 socket fwmarkd stream 0660 root inet 641 642service debuggerd /system/bin/debuggerd 643 class main 644 writepid /dev/cpuset/system-background/tasks 645 646service debuggerd64 /system/bin/debuggerd64 647 class main 648 writepid /dev/cpuset/system-background/tasks 649 650service ril-daemon /system/bin/rild 651 class main 652 socket rild stream 660 root radio 653 socket sap_uim_socket1 stream 660 bluetooth bluetooth 654 socket rild-debug stream 660 radio system 655 user root 656 group radio cache inet misc audio log 657 658service surfaceflinger /system/bin/surfaceflinger 659 class core 660 user system 661 group graphics drmrpc 662 onrestart restart zygote 663 writepid /sys/fs/cgroup/stune/foreground/tasks /dev/cpuset/system-background/tasks 664 665service drm /system/bin/drmserver 666 class main 667 user drm 668 group drm system inet drmrpc 669 670service media /system/bin/mediaserver 671 class main 672 user media 673 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 674 ioprio rt 4 675 676# One shot invocation to deal with encrypted volume. 677service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 678 disabled 679 oneshot 680 # vold will set vold.decrypt to trigger_restart_framework (default 681 # encryption) or trigger_restart_min_framework (other encryption) 682 683# One shot invocation to encrypt unencrypted volumes 684service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default noui 685 disabled 686 oneshot 687 # vold will set vold.decrypt to trigger_restart_framework (default 688 # encryption) 689 690service bootanim /system/bin/bootanimation 691 class core 692 user graphics 693 group graphics audio 694 disabled 695 oneshot 696 697service gatekeeperd /system/bin/gatekeeperd /data/misc/gatekeeper 698 class late_start 699 user system 700 701service installd /system/bin/installd 702 class main 703 socket installd stream 600 system system 704 705service flash_recovery /system/bin/install-recovery.sh 706 class main 707 oneshot 708 709service racoon /system/bin/racoon 710 class main 711 socket racoon stream 600 system system 712 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 713 group vpn net_admin inet 714 disabled 715 oneshot 716 717service mtpd /system/bin/mtpd 718 class main 719 socket mtpd stream 600 system system 720 user vpn 721 group vpn net_admin inet net_raw 722 disabled 723 oneshot 724 725service keystore /system/bin/keystore /data/misc/keystore 726 class main 727 user keystore 728 group keystore drmrpc 729 730service dumpstate /system/bin/dumpstate -s 731 class main 732 socket dumpstate stream 0660 shell log 733 disabled 734 oneshot 735 736service mdnsd /system/bin/mdnsd 737 class main 738 user mdnsr 739 group inet net_raw 740 socket mdnsd stream 0660 mdnsr inet 741 disabled 742 oneshot 743 744service uncrypt /system/bin/uncrypt 745 class main 746 disabled 747 oneshot 748 749service pre-recovery /system/bin/uncrypt --reboot 750 class main 751 disabled 752 oneshot 753 754service perfprofd /system/xbin/perfprofd 755 class late_start 756 user root 757 oneshot 758 writepid /dev/cpuset/system-background/tasks 759 760on property:persist.logd.logpersistd=logcatd 761 # all exec/services are called with umask(077), so no gain beyond 0700 762 mkdir /data/misc/logd 0700 logd log 763 # logd for write to /data/misc/logd, log group for read from pstore (-L) 764 exec - logd log -- /system/bin/logcat -L -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256 765 start logcatd 766 767service logcatd /system/bin/logcat -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256 768 class late_start 769 disabled 770 # logd for write to /data/misc/logd, log group for read from log daemon 771 user logd 772 group log 773 writepid /dev/cpuset/system-background/tasks 774