init.rc revision f38f29c87d97cea45d04b783bddbd969234b1030
1# Copyright (C) 2012 The Android Open Source Project 2# 3# IMPORTANT: Do not create world writable files or directories. 4# This is a common source of Android security bugs. 5# 6 7import /init.environ.rc 8import /init.usb.rc 9import /init.${ro.hardware}.rc 10import /init.${ro.zygote}.rc 11import /init.trace.rc 12 13on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_score_adj -1000 16 17 # Set the security context of /adb_keys if present. 18 restorecon /adb_keys 19 20 start ueventd 21 22on init 23 sysclktz 0 24 25 # Backward compatibility. 26 symlink /system/etc /etc 27 symlink /sys/kernel/debug /d 28 29 # Link /vendor to /system/vendor for devices without a vendor partition. 30 symlink /system/vendor /vendor 31 32 # Create cgroup mount point for cpu accounting 33 mkdir /acct 34 mount cgroup none /acct cpuacct 35 mkdir /acct/uid 36 37 # Create cgroup mount point for memory 38 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 39 mkdir /sys/fs/cgroup/memory 0750 root system 40 mount cgroup none /sys/fs/cgroup/memory memory 41 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 42 chown root system /sys/fs/cgroup/memory/tasks 43 chmod 0660 /sys/fs/cgroup/memory/tasks 44 mkdir /sys/fs/cgroup/memory/sw 0750 root system 45 write /sys/fs/cgroup/memory/sw/memory.swappiness 100 46 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 47 chown root system /sys/fs/cgroup/memory/sw/tasks 48 chmod 0660 /sys/fs/cgroup/memory/sw/tasks 49 50 mkdir /system 51 mkdir /data 0771 system system 52 mkdir /cache 0770 system cache 53 mkdir /config 0500 root root 54 55 # Mount staging areas for devices managed by vold 56 # See storage config details at http://source.android.com/tech/storage/ 57 mkdir /mnt 0755 root system 58 mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000 59 restorecon_recursive /mnt 60 61 mkdir /mnt/secure 0700 root root 62 mkdir /mnt/secure/asec 0700 root root 63 mkdir /mnt/asec 0755 root system 64 mkdir /mnt/obb 0755 root system 65 mkdir /mnt/media_rw 0750 root media_rw 66 mkdir /mnt/user 0755 root root 67 mkdir /mnt/user/0 0755 root root 68 mkdir /mnt/expand 0771 system system 69 70 # Storage views to support runtime permissions 71 mkdir /storage 0755 root root 72 mkdir /mnt/runtime_default 0755 root root 73 mkdir /mnt/runtime_default/self 0755 root root 74 mkdir /mnt/runtime_read 0755 root root 75 mkdir /mnt/runtime_read/self 0755 root root 76 mkdir /mnt/runtime_write 0755 root root 77 mkdir /mnt/runtime_write/self 0755 root root 78 79 # Symlink to keep legacy apps working in multi-user world 80 symlink /storage/self/primary /sdcard 81 symlink /mnt/user/0/primary /mnt/runtime_default/self/primary 82 83 # memory control cgroup 84 mkdir /dev/memcg 0700 root system 85 mount cgroup none /dev/memcg memory 86 87 write /proc/sys/kernel/panic_on_oops 1 88 write /proc/sys/kernel/hung_task_timeout_secs 0 89 write /proc/cpu/alignment 4 90 write /proc/sys/kernel/sched_latency_ns 10000000 91 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 92 write /proc/sys/kernel/sched_compat_yield 1 93 write /proc/sys/kernel/sched_child_runs_first 0 94 write /proc/sys/kernel/randomize_va_space 2 95 write /proc/sys/kernel/kptr_restrict 2 96 write /proc/sys/vm/mmap_min_addr 32768 97 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 98 write /proc/sys/net/unix/max_dgram_qlen 300 99 write /proc/sys/kernel/sched_rt_runtime_us 950000 100 write /proc/sys/kernel/sched_rt_period_us 1000000 101 102 # reflect fwmark from incoming packets onto generated replies 103 write /proc/sys/net/ipv4/fwmark_reflect 1 104 write /proc/sys/net/ipv6/fwmark_reflect 1 105 106 # set fwmark on accepted sockets 107 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 108 109 # disable icmp redirects 110 write /proc/sys/net/ipv4/conf/all/accept_redirects 0 111 write /proc/sys/net/ipv6/conf/all/accept_redirects 0 112 113 # Create cgroup mount points for process groups 114 mkdir /dev/cpuctl 115 mount cgroup none /dev/cpuctl cpu 116 chown system system /dev/cpuctl 117 chown system system /dev/cpuctl/tasks 118 chmod 0666 /dev/cpuctl/tasks 119 write /dev/cpuctl/cpu.shares 1024 120 write /dev/cpuctl/cpu.rt_runtime_us 800000 121 write /dev/cpuctl/cpu.rt_period_us 1000000 122 123 mkdir /dev/cpuctl/bg_non_interactive 124 chown system system /dev/cpuctl/bg_non_interactive/tasks 125 chmod 0666 /dev/cpuctl/bg_non_interactive/tasks 126 # 5.0 % 127 write /dev/cpuctl/bg_non_interactive/cpu.shares 52 128 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000 129 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000 130 131 # sets up initial cpusets for ActivityManager 132 mkdir /dev/cpuset 133 mount cpuset none /dev/cpuset 134 mkdir /dev/cpuset/foreground 135 mkdir /dev/cpuset/background 136 # this ensures that the cpusets are present and usable, but the device's 137 # init.rc must actually set the correct cpus 138 write /dev/cpuset/foreground/cpus 0 139 write /dev/cpuset/background/cpus 0 140 write /dev/cpuset/foreground/mems 0 141 write /dev/cpuset/background/mems 0 142 chown system system /dev/cpuset 143 chown system system /dev/cpuset/foreground 144 chown system system /dev/cpuset/background 145 chown system system /dev/cpuset/tasks 146 chown system system /dev/cpuset/foreground/tasks 147 chown system system /dev/cpuset/background/tasks 148 chmod 0644 /dev/cpuset/foreground/tasks 149 chmod 0644 /dev/cpuset/background/tasks 150 chmod 0644 /dev/cpuset/tasks 151 152 153 # qtaguid will limit access to specific data based on group memberships. 154 # net_bw_acct grants impersonation of socket owners. 155 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 156 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 157 chown root net_bw_stats /proc/net/xt_qtaguid/stats 158 159 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 160 # This is needed by any process that uses socket tagging. 161 chmod 0644 /dev/xt_qtaguid 162 163 # Create location for fs_mgr to store abbreviated output from filesystem 164 # checker programs. 165 mkdir /dev/fscklogs 0770 root system 166 167 # pstore/ramoops previous console log 168 mount pstore pstore /sys/fs/pstore 169 chown system log /sys/fs/pstore/console-ramoops 170 chmod 0440 /sys/fs/pstore/console-ramoops 171 chown system log /sys/fs/pstore/pmsg-ramoops-0 172 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 173 174 # enable armv8_deprecated instruction hooks 175 write /proc/sys/abi/swp 1 176 177# Healthd can trigger a full boot from charger mode by signaling this 178# property when the power button is held. 179on property:sys.boot_from_charger_mode=1 180 class_stop charger 181 trigger late-init 182 183# Load properties from /system/ + /factory after fs mount. 184on load_all_props_action 185 load_all_props 186 start logd 187 start logd-reinit 188 189# Indicate to fw loaders that the relevant mounts are up. 190on firmware_mounts_complete 191 rm /dev/.booting 192 193# Mount filesystems and start core system services. 194on late-init 195 trigger early-fs 196 trigger fs 197 trigger post-fs 198 trigger post-fs-data 199 200 # Load properties from /system/ + /factory after fs mount. Place 201 # this in another action so that the load will be scheduled after the prior 202 # issued fs triggers have completed. 203 trigger load_all_props_action 204 205 # Remove a file to wake up anything waiting for firmware. 206 trigger firmware_mounts_complete 207 208 trigger early-boot 209 trigger boot 210 211 212on post-fs 213 start logd 214 # once everything is setup, no need to modify / 215 mount rootfs rootfs / ro remount 216 # Mount shared so changes propagate into child namespaces 217 mount rootfs rootfs / shared rec 218 # Mount default storage into root namespace 219 mount none /mnt/runtime_default /storage slave bind rec 220 221 # We chown/chmod /cache again so because mount is run as root + defaults 222 chown system cache /cache 223 chmod 0770 /cache 224 # We restorecon /cache in case the cache partition has been reset. 225 restorecon_recursive /cache 226 227 # Create /cache/recovery in case it's not there. It'll also fix the odd 228 # permissions if created by the recovery system. 229 mkdir /cache/recovery 0770 system cache 230 231 #change permissions on vmallocinfo so we can grab it from bugreports 232 chown root log /proc/vmallocinfo 233 chmod 0440 /proc/vmallocinfo 234 235 chown root log /proc/slabinfo 236 chmod 0440 /proc/slabinfo 237 238 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 239 chown root system /proc/kmsg 240 chmod 0440 /proc/kmsg 241 chown root system /proc/sysrq-trigger 242 chmod 0220 /proc/sysrq-trigger 243 chown system log /proc/last_kmsg 244 chmod 0440 /proc/last_kmsg 245 246 # make the selinux kernel policy world-readable 247 chmod 0444 /sys/fs/selinux/policy 248 249 # create the lost+found directories, so as to enforce our permissions 250 mkdir /cache/lost+found 0770 root root 251 252on post-fs-data 253 # We chown/chmod /data again so because mount is run as root + defaults 254 chown system system /data 255 chmod 0771 /data 256 # We restorecon /data in case the userdata partition has been reset. 257 restorecon /data 258 259 # Emulated internal storage area 260 mkdir /data/media 0770 media_rw media_rw 261 262 # Make sure we have the device encryption key 263 start logd 264 start vold 265 installkey /data 266 267 # Start bootcharting as soon as possible after the data partition is 268 # mounted to collect more data. 269 mkdir /data/bootchart 0755 shell shell 270 bootchart_init 271 272 # Avoid predictable entropy pool. Carry over entropy from previous boot. 273 copy /data/system/entropy.dat /dev/urandom 274 275 # create basic filesystem structure 276 mkdir /data/misc 01771 system misc 277 mkdir /data/misc/adb 02750 system shell 278 mkdir /data/misc/bluedroid 02770 bluetooth net_bt_stack 279 # Fix the access permissions and group ownership for 'bt_config.conf' 280 chmod 0660 /data/misc/bluedroid/bt_config.conf 281 chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf 282 mkdir /data/misc/bluetooth 0770 system system 283 mkdir /data/misc/keystore 0700 keystore keystore 284 mkdir /data/misc/gatekeeper 0700 system system 285 mkdir /data/misc/keychain 0771 system system 286 mkdir /data/misc/net 0750 root shell 287 mkdir /data/misc/radio 0770 system radio 288 mkdir /data/misc/sms 0770 system radio 289 mkdir /data/misc/zoneinfo 0775 system system 290 mkdir /data/misc/vpn 0770 system vpn 291 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 292 mkdir /data/misc/systemkeys 0700 system system 293 mkdir /data/misc/wifi 0770 wifi wifi 294 mkdir /data/misc/wifi/sockets 0770 wifi wifi 295 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 296 mkdir /data/misc/ethernet 0770 system system 297 mkdir /data/misc/dhcp 0770 dhcp dhcp 298 mkdir /data/misc/user 0771 root root 299 mkdir /data/misc/perfprofd 0775 root root 300 # give system access to wpa_supplicant.conf for backup and restore 301 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 302 mkdir /data/local 0751 root root 303 mkdir /data/misc/media 0700 media media 304 mkdir /data/misc/vold 0700 root root 305 306 # For security reasons, /data/local/tmp should always be empty. 307 # Do not place files or directories in /data/local/tmp 308 mkdir /data/local/tmp 0771 shell shell 309 mkdir /data/data 0771 system system 310 mkdir /data/app-private 0771 system system 311 mkdir /data/app-asec 0700 root root 312 mkdir /data/app-lib 0771 system system 313 mkdir /data/app 0771 system system 314 mkdir /data/property 0700 root root 315 mkdir /data/tombstones 0771 system system 316 317 # create dalvik-cache, so as to enforce our permissions 318 mkdir /data/dalvik-cache 0771 root root 319 mkdir /data/dalvik-cache/profiles 0711 system system 320 321 # create resource-cache and double-check the perms 322 mkdir /data/resource-cache 0771 system system 323 chown system system /data/resource-cache 324 chmod 0771 /data/resource-cache 325 326 # create the lost+found directories, so as to enforce our permissions 327 mkdir /data/lost+found 0770 root root 328 329 # create directory for DRM plug-ins - give drm the read/write access to 330 # the following directory. 331 mkdir /data/drm 0770 drm drm 332 333 # create directory for MediaDrm plug-ins - give drm the read/write access to 334 # the following directory. 335 mkdir /data/mediadrm 0770 mediadrm mediadrm 336 337 mkdir /data/adb 0700 root root 338 339 # symlink to bugreport storage location 340 symlink /data/data/com.android.shell/files/bugreports /data/bugreports 341 342 # Separate location for storing security policy files on data 343 mkdir /data/security 0711 system system 344 345 # Create all remaining /data root dirs so that they are made through init 346 # and get proper encryption policy installed 347 mkdir /data/backup 0700 system system 348 mkdir /data/media 0770 media_rw media_rw 349 mkdir /data/ss 0700 system system 350 mkdir /data/system 0775 system system 351 mkdir /data/system/heapdump 0700 system system 352 mkdir /data/user 0711 system system 353 354 # Reload policy from /data/security if present. 355 setprop selinux.reload_policy 1 356 357 # Set SELinux security contexts on upgrade or policy update. 358 restorecon_recursive /data 359 360 # Check any timezone data in /data is newer than the copy in /system, delete if not. 361 exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo 362 363 # If there is no fs-post-data action in the init.<device>.rc file, you 364 # must uncomment this line, otherwise encrypted filesystems 365 # won't work. 366 # Set indication (checked by vold) that we have finished this action 367 #setprop vold.post_fs_data_done 1 368 369on boot 370 # basic network init 371 ifup lo 372 hostname localhost 373 domainname localdomain 374 375 # set RLIMIT_NICE to allow priorities from 19 to -20 376 setrlimit 13 40 40 377 378 # Memory management. Basic kernel parameters, and allow the high 379 # level system server to be able to adjust the kernel OOM driver 380 # parameters to match how it is managing things. 381 write /proc/sys/vm/overcommit_memory 1 382 write /proc/sys/vm/min_free_order_shift 4 383 chown root system /sys/module/lowmemorykiller/parameters/adj 384 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 385 chown root system /sys/module/lowmemorykiller/parameters/minfree 386 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 387 388 # Tweak background writeout 389 write /proc/sys/vm/dirty_expire_centisecs 200 390 write /proc/sys/vm/dirty_background_ratio 5 391 392 # Permissions for System Server and daemons. 393 chown radio system /sys/android_power/state 394 chown radio system /sys/android_power/request_state 395 chown radio system /sys/android_power/acquire_full_wake_lock 396 chown radio system /sys/android_power/acquire_partial_wake_lock 397 chown radio system /sys/android_power/release_wake_lock 398 chown system system /sys/power/autosleep 399 chown system system /sys/power/state 400 chown system system /sys/power/wakeup_count 401 chown radio system /sys/power/wake_lock 402 chown radio system /sys/power/wake_unlock 403 chmod 0660 /sys/power/state 404 chmod 0660 /sys/power/wake_lock 405 chmod 0660 /sys/power/wake_unlock 406 407 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 408 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 409 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 410 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 411 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 412 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 413 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 414 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 415 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 416 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 417 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 418 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 419 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 420 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 421 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 422 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 423 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 424 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 425 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 426 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 427 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 428 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 429 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 430 431 # Assume SMP uses shared cpufreq policy for all CPUs 432 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 433 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 434 435 chown system system /sys/class/timed_output/vibrator/enable 436 chown system system /sys/class/leds/keyboard-backlight/brightness 437 chown system system /sys/class/leds/lcd-backlight/brightness 438 chown system system /sys/class/leds/button-backlight/brightness 439 chown system system /sys/class/leds/jogball-backlight/brightness 440 chown system system /sys/class/leds/red/brightness 441 chown system system /sys/class/leds/green/brightness 442 chown system system /sys/class/leds/blue/brightness 443 chown system system /sys/class/leds/red/device/grpfreq 444 chown system system /sys/class/leds/red/device/grppwm 445 chown system system /sys/class/leds/red/device/blink 446 chown system system /sys/class/timed_output/vibrator/enable 447 chown system system /sys/module/sco/parameters/disable_esco 448 chown system system /sys/kernel/ipv4/tcp_wmem_min 449 chown system system /sys/kernel/ipv4/tcp_wmem_def 450 chown system system /sys/kernel/ipv4/tcp_wmem_max 451 chown system system /sys/kernel/ipv4/tcp_rmem_min 452 chown system system /sys/kernel/ipv4/tcp_rmem_def 453 chown system system /sys/kernel/ipv4/tcp_rmem_max 454 chown root radio /proc/cmdline 455 456 # Define default initial receive window size in segments. 457 setprop net.tcp.default_init_rwnd 60 458 459 class_start core 460 461on nonencrypted 462 class_start main 463 class_start late_start 464 465on property:vold.decrypt=trigger_default_encryption 466 start defaultcrypto 467 468on property:vold.decrypt=trigger_encryption 469 start surfaceflinger 470 start encrypt 471 472on property:sys.init_log_level=* 473 loglevel ${sys.init_log_level} 474 475on charger 476 class_start charger 477 478on property:vold.decrypt=trigger_reset_main 479 class_reset main 480 481on property:vold.decrypt=trigger_load_persist_props 482 load_persist_props 483 start logd 484 start logd-reinit 485 486on property:vold.decrypt=trigger_post_fs_data 487 trigger post-fs-data 488 489on property:vold.decrypt=trigger_restart_min_framework 490 class_start main 491 492on property:vold.decrypt=trigger_restart_framework 493 class_start main 494 class_start late_start 495 496on property:vold.decrypt=trigger_shutdown_framework 497 class_reset late_start 498 class_reset main 499 500on property:sys.powerctl=* 501 powerctl ${sys.powerctl} 502 503# system server cannot write to /proc/sys files, 504# and chown/chmod does not work for /proc/sys/ entries. 505# So proxy writes through init. 506on property:sys.sysctl.extra_free_kbytes=* 507 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 508 509# "tcp_default_init_rwnd" Is too long! 510on property:sys.sysctl.tcp_def_init_rwnd=* 511 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 512 513 514## Daemon processes to be run by init. 515## 516service ueventd /sbin/ueventd 517 class core 518 critical 519 seclabel u:r:ueventd:s0 520 521service logd /system/bin/logd 522 class core 523 socket logd stream 0666 logd logd 524 socket logdr seqpacket 0666 logd logd 525 socket logdw dgram 0222 logd logd 526 527service logd-reinit /system/bin/logd --reinit 528 oneshot 529 disabled 530 531service healthd /sbin/healthd 532 class core 533 critical 534 seclabel u:r:healthd:s0 535 536service console /system/bin/sh 537 class core 538 console 539 disabled 540 user shell 541 group shell log 542 seclabel u:r:shell:s0 543 544on property:ro.debuggable=1 545 start console 546 547# adbd is controlled via property triggers in init.<platform>.usb.rc 548service adbd /sbin/adbd --root_seclabel=u:r:su:s0 549 class core 550 socket adbd stream 660 system system 551 disabled 552 seclabel u:r:adbd:s0 553 554# adbd on at boot in emulator 555on property:ro.kernel.qemu=1 556 start adbd 557 558service lmkd /system/bin/lmkd 559 class core 560 critical 561 socket lmkd seqpacket 0660 system system 562 563service servicemanager /system/bin/servicemanager 564 class core 565 user system 566 group system 567 critical 568 onrestart restart healthd 569 onrestart restart zygote 570 onrestart restart media 571 onrestart restart surfaceflinger 572 onrestart restart drm 573 574service vold /system/bin/vold \ 575 --blkid_context=u:r:blkid:s0 --blkid_untrusted_context=u:r:blkid_untrusted:s0 \ 576 --fsck_context=u:r:fsck:s0 --fsck_untrusted_context=u:r:fsck_untrusted:s0 577 class core 578 socket vold stream 0660 root mount 579 socket cryptd stream 0660 root mount 580 ioprio be 2 581 582service netd /system/bin/netd 583 class main 584 socket netd stream 0660 root system 585 socket dnsproxyd stream 0660 root inet 586 socket mdns stream 0660 root system 587 socket fwmarkd stream 0660 root inet 588 589service debuggerd /system/bin/debuggerd 590 class main 591 592service debuggerd64 /system/bin/debuggerd64 593 class main 594 595service ril-daemon /system/bin/rild 596 class main 597 socket rild stream 660 root radio 598 socket sap_uim_socket1 stream 660 bluetooth bluetooth 599 socket rild-debug stream 660 radio system 600 user root 601 group radio cache inet misc audio log 602 603service surfaceflinger /system/bin/surfaceflinger 604 class core 605 user system 606 group graphics drmrpc 607 onrestart restart zygote 608 609service drm /system/bin/drmserver 610 class main 611 user drm 612 group drm system inet drmrpc 613 614service media /system/bin/mediaserver 615 class main 616 user media 617 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm 618 ioprio rt 4 619 620# One shot invocation to deal with encrypted volume. 621service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 622 disabled 623 oneshot 624 # vold will set vold.decrypt to trigger_restart_framework (default 625 # encryption) or trigger_restart_min_framework (other encryption) 626 627# One shot invocation to encrypt unencrypted volumes 628service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default 629 disabled 630 oneshot 631 # vold will set vold.decrypt to trigger_restart_framework (default 632 # encryption) 633 634service bootanim /system/bin/bootanimation 635 class core 636 user graphics 637 group graphics audio 638 disabled 639 oneshot 640 641service gatekeeperd /system/bin/gatekeeperd /data/misc/gatekeeper 642 class main 643 user system 644 645service installd /system/bin/installd 646 class main 647 socket installd stream 600 system system 648 649service flash_recovery /system/bin/install-recovery.sh 650 class main 651 oneshot 652 653service racoon /system/bin/racoon 654 class main 655 socket racoon stream 600 system system 656 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 657 group vpn net_admin inet 658 disabled 659 oneshot 660 661service mtpd /system/bin/mtpd 662 class main 663 socket mtpd stream 600 system system 664 user vpn 665 group vpn net_admin inet net_raw 666 disabled 667 oneshot 668 669service keystore /system/bin/keystore /data/misc/keystore 670 class main 671 user keystore 672 group keystore drmrpc 673 674service dumpstate /system/bin/dumpstate -s 675 class main 676 socket dumpstate stream 0660 shell log 677 disabled 678 oneshot 679 680service mdnsd /system/bin/mdnsd 681 class main 682 user mdnsr 683 group inet net_raw 684 socket mdnsd stream 0660 mdnsr inet 685 disabled 686 oneshot 687 688service uncrypt /system/bin/uncrypt 689 class main 690 disabled 691 oneshot 692 693service pre-recovery /system/bin/uncrypt --reboot 694 class main 695 disabled 696 oneshot 697 698service perfprofd /system/xbin/perfprofd 699 class late_start 700 user root 701 oneshot 702 703on property:persist.logd.logpersistd=logcatd 704 # all exec/services are called with umask(077), so no gain beyond 0700 705 mkdir /data/misc/logd 0700 logd log 706 # logd for write to /data/misc/logd, log group for read from pstore (-L) 707 exec - logd log -- /system/bin/logcat -L -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256 708 start logcatd 709 710service logcatd /system/bin/logcat -b all -v threadtime -v usec -v printable -D -f /data/misc/logd/logcat -r 64 -n 256 711 class late_start 712 disabled 713 # logd for write to /data/misc/logd, log group for read from log daemon 714 user logd 715 group log 716