blob: 28b349c45def7a6ff94b6ce6697441269de83aa5 [file] [log] [blame]
Nick Kralevichf3ef1272012-03-14 15:22:54 -07001# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
Ying Wang5748ee92013-07-23 18:03:37 -07007import /init.environ.rc
Mike Lockwood4f5d5172012-04-04 11:26:59 -07008import /init.usb.rc
Mike Lockwood35ea5e42012-08-28 10:25:13 -07009import /init.${ro.hardware}.rc
Todd Poynorf1c50bf2012-09-20 20:10:53 -070010import /init.trace.rc
Dima Zavin7634bf82011-12-16 14:23:22 -080011
Colin Crossf83d0b92010-04-21 12:04:20 -070012on early-init
Dima Zavin4a253902011-11-04 12:45:52 -070013 # Set init and its forked children's oom_adj.
14 write /proc/1/oom_adj -16
15
Stephen Smalley5e1461d2013-12-23 16:26:46 -050016 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
17 write /sys/fs/selinux/checkreqprot 0
18
Stephen Smalley1eee4192012-01-13 08:54:34 -050019 # Set the security context for the init process.
20 # This should occur before anything else (e.g. ueventd) is started.
21 setcon u:r:init:s0
22
Stephen Smalleydeb41e52013-10-01 09:21:47 -040023 # Set the security context of /adb_keys if present.
24 restorecon /adb_keys
25
Colin Crossf83d0b92010-04-21 12:04:20 -070026 start ueventd
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080027
Mike Lockwooda2dffa92010-06-15 20:57:59 -070028# create mountpoints
29 mkdir /mnt 0775 root system
30
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080031on init
32
33sysclktz 0
34
35loglevel 3
36
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080037# Backward compatibility
38 symlink /system/etc /etc
Brian Swetlandbb6f68c2009-09-18 15:31:23 -070039 symlink /sys/kernel/debug /d
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080040
Brian Swetland02863b92010-09-19 03:36:39 -070041# Right now vendor lives on the same filesystem as system,
42# but someday that may change.
43 symlink /system/vendor /vendor
San Mehat6ea3cc62010-02-19 18:25:22 -080044
Mike Chan89f235c2010-03-01 11:36:10 -080045# Create cgroup mount point for cpu accounting
46 mkdir /acct
47 mount cgroup none /acct cpuacct
48 mkdir /acct/uid
49
Rom Lemarchand435a52e2013-07-10 13:00:42 -070050# Create cgroup mount point for memory
Rom Lemarchand67b00d82013-09-10 17:39:30 -070051 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
52 mkdir /sys/fs/cgroup/memory 0750 root system
Rom Lemarchand435a52e2013-07-10 13:00:42 -070053 mount cgroup none /sys/fs/cgroup/memory memory
54 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
55 chown root system /sys/fs/cgroup/memory/tasks
56 chmod 0660 /sys/fs/cgroup/memory/tasks
Rom Lemarchand67b00d82013-09-10 17:39:30 -070057 mkdir /sys/fs/cgroup/memory/sw 0750 root system
Rom Lemarchand435a52e2013-07-10 13:00:42 -070058 write /sys/fs/cgroup/memory/sw/memory.swappiness 100
59 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
60 chown root system /sys/fs/cgroup/memory/sw/tasks
61 chmod 0660 /sys/fs/cgroup/memory/sw/tasks
62
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080063 mkdir /system
64 mkdir /data 0771 system system
65 mkdir /cache 0770 system cache
Dmitry Shmidt720f08f2009-06-09 14:38:56 -070066 mkdir /config 0500 root root
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080067
Jeff Sharkeybfcd8102012-08-22 13:57:25 -070068 # See storage config details at http://source.android.com/tech/storage/
Jeff Sharkey5dd0f862012-08-17 16:01:16 -070069 mkdir /mnt/shell 0700 shell shell
Jeff Sharkeye93a0512013-10-08 10:14:24 -070070 mkdir /mnt/media_rw 0700 media_rw media_rw
Jeff Sharkey44d63422013-09-12 09:44:48 -070071 mkdir /storage 0751 root sdcard_r
Jeff Sharkey5dd0f862012-08-17 16:01:16 -070072
San Mehat6ea3cc62010-02-19 18:25:22 -080073 # Directory for putting things only root should see.
74 mkdir /mnt/secure 0700 root root
75
76 # Directory for staging bindmounts
77 mkdir /mnt/secure/staging 0700 root root
78
79 # Directory-target for where the secure container
80 # imagefile directory will be bind-mounted
81 mkdir /mnt/secure/asec 0700 root root
82
83 # Secure container public mount points.
84 mkdir /mnt/asec 0700 root system
85 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
San Mehat900570e2010-01-06 10:38:49 -080086
Kenny Rootc7858a32010-07-15 12:14:44 -070087 # Filesystem image public mount points.
88 mkdir /mnt/obb 0700 root system
89 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
90
Todd Poynor950909c2013-07-10 15:19:44 -070091 # memory control cgroup
92 mkdir /dev/memcg 0700 root system
93 mount cgroup none /dev/memcg memory
94
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -080095 write /proc/sys/kernel/panic_on_oops 1
96 write /proc/sys/kernel/hung_task_timeout_secs 0
97 write /proc/cpu/alignment 4
98 write /proc/sys/kernel/sched_latency_ns 10000000
99 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
San Mehat4322f2d2009-06-29 08:47:43 -0700100 write /proc/sys/kernel/sched_compat_yield 1
San Mehat7baff712009-09-16 13:32:23 -0700101 write /proc/sys/kernel/sched_child_runs_first 0
Nick Kralevichd707fb32011-10-06 11:47:11 -0700102 write /proc/sys/kernel/randomize_va_space 2
Nick Kralevich2e7c8332011-11-02 08:51:37 -0700103 write /proc/sys/kernel/kptr_restrict 2
Nick Kralevichf9557fb2011-11-08 14:38:53 -0800104 write /proc/sys/kernel/dmesg_restrict 1
Nick Kralevich27cca212011-12-05 14:48:08 -0800105 write /proc/sys/vm/mmap_min_addr 32768
Nick Kralevichbe341cc2013-02-21 18:36:43 -0800106 write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
Mark Salyzyn581edc12013-11-20 13:38:52 -0800107 write /proc/sys/net/unix/max_dgram_qlen 300
Glenn Kastenb91bd9f2012-04-19 16:18:37 -0700108 write /proc/sys/kernel/sched_rt_runtime_us 950000
109 write /proc/sys/kernel/sched_rt_period_us 1000000
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800110
San Mehat529520e2009-10-06 11:22:55 -0700111# Create cgroup mount points for process groups
112 mkdir /dev/cpuctl
San Mehatb91bf4b2010-02-27 08:20:11 -0800113 mount cgroup none /dev/cpuctl cpu
San Mehat92175e02010-01-17 12:21:42 -0800114 chown system system /dev/cpuctl
San Mehat529520e2009-10-06 11:22:55 -0700115 chown system system /dev/cpuctl/tasks
Glenn Kastenb91bd9f2012-04-19 16:18:37 -0700116 chmod 0660 /dev/cpuctl/tasks
San Mehat529520e2009-10-06 11:22:55 -0700117 write /dev/cpuctl/cpu.shares 1024
Glenn Kastenb91bd9f2012-04-19 16:18:37 -0700118 write /dev/cpuctl/cpu.rt_runtime_us 950000
119 write /dev/cpuctl/cpu.rt_period_us 1000000
San Mehat529520e2009-10-06 11:22:55 -0700120
Dima Zavindf44b882012-06-04 10:45:15 -0700121 mkdir /dev/cpuctl/apps
122 chown system system /dev/cpuctl/apps/tasks
123 chmod 0666 /dev/cpuctl/apps/tasks
124 write /dev/cpuctl/apps/cpu.shares 1024
Dima Zavin5f2d00b2012-06-04 13:15:01 -0700125 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
Dima Zavindf44b882012-06-04 10:45:15 -0700126 write /dev/cpuctl/apps/cpu.rt_period_us 1000000
San Mehat529520e2009-10-06 11:22:55 -0700127
Dima Zavindf44b882012-06-04 10:45:15 -0700128 mkdir /dev/cpuctl/apps/bg_non_interactive
129 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
130 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
San Mehat529520e2009-10-06 11:22:55 -0700131 # 5.0 %
Dima Zavindf44b882012-06-04 10:45:15 -0700132 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
Dima Zavin5f2d00b2012-06-04 13:15:01 -0700133 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
Dima Zavindf44b882012-06-04 10:45:15 -0700134 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
Glenn Kastenb91bd9f2012-04-19 16:18:37 -0700135
JP Abgrall3e54aab2013-01-04 14:34:58 -0800136# qtaguid will limit access to specific data based on group memberships.
137# net_bw_acct grants impersonation of socket owners.
138# net_bw_stats grants access to other apps' detailed tagged-socket stats.
139 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
140 chown root net_bw_stats /proc/net/xt_qtaguid/stats
141
JP Abgrall8e3ff702011-09-11 16:12:27 -0700142# Allow everybody to read the xt_qtaguid resource tracking misc dev.
143# This is needed by any process that uses socket tagging.
144 chmod 0644 /dev/xt_qtaguid
145
Ken Sumrall4eaf9052013-09-18 17:49:21 -0700146# Create location for fs_mgr to store abbreviated output from filesystem
147# checker programs.
148 mkdir /dev/fscklogs 0770 root system
149
Todd Poynor479efb52013-11-21 20:23:54 -0800150# pstore/ramoops previous console log
151 mount pstore pstore /sys/fs/pstore
152 chown system log /sys/fs/pstore/console-ramoops
153 chmod 0440 /sys/fs/pstore/console-ramoops
154
Colin Cross31712be2010-04-09 12:26:06 -0700155on post-fs
Brian Swetland56de7a12010-09-08 15:06:45 -0700156 # once everything is setup, no need to modify /
157 mount rootfs rootfs / ro remount
Jeff Sharkey885342a2012-08-14 21:00:22 -0700158 # mount shared so changes propagate into child namespaces
159 mount rootfs rootfs / shared rec
Brian Swetland56de7a12010-09-08 15:06:45 -0700160
Ken Sumrall752923c2010-12-03 16:33:31 -0800161 # We chown/chmod /cache again so because mount is run as root + defaults
162 chown system cache /cache
163 chmod 0770 /cache
Stephen Smalley1eee4192012-01-13 08:54:34 -0500164 # We restorecon /cache in case the cache partition has been reset.
165 restorecon /cache
Ken Sumrall752923c2010-12-03 16:33:31 -0800166
167 # This may have been created by the recovery system with odd permissions
168 chown system cache /cache/recovery
169 chmod 0770 /cache/recovery
Stephen Smalley1eee4192012-01-13 08:54:34 -0500170 # This may have been created by the recovery system with the wrong context.
171 restorecon /cache/recovery
Ken Sumrall752923c2010-12-03 16:33:31 -0800172
173 #change permissions on vmallocinfo so we can grab it from bugreports
174 chown root log /proc/vmallocinfo
175 chmod 0440 /proc/vmallocinfo
176
Dima Zavin94812662012-09-25 14:22:02 -0700177 chown root log /proc/slabinfo
178 chmod 0440 /proc/slabinfo
179
Ken Sumrall752923c2010-12-03 16:33:31 -0800180 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
181 chown root system /proc/kmsg
182 chmod 0440 /proc/kmsg
183 chown root system /proc/sysrq-trigger
184 chmod 0220 /proc/sysrq-trigger
Colin Crossb35e36e2012-08-02 18:14:33 -0700185 chown system log /proc/last_kmsg
186 chmod 0440 /proc/last_kmsg
Ken Sumrall752923c2010-12-03 16:33:31 -0800187
188 # create the lost+found directories, so as to enforce our permissions
Chia-chi Yehea744142011-07-08 16:52:18 -0700189 mkdir /cache/lost+found 0770 root root
Ken Sumrall752923c2010-12-03 16:33:31 -0800190
191on post-fs-data
Colin Cross31712be2010-04-09 12:26:06 -0700192 # We chown/chmod /data again so because mount is run as root + defaults
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800193 chown system system /data
194 chmod 0771 /data
Stephen Smalley1eee4192012-01-13 08:54:34 -0500195 # We restorecon /data in case the userdata partition has been reset.
196 restorecon /data
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800197
Nick Kralevichb410eb12013-09-17 16:18:23 -0700198 # Avoid predictable entropy pool. Carry over entropy from previous boot.
199 copy /data/system/entropy.dat /dev/urandom
200
San Mehatf26d6ce2009-09-01 09:11:04 -0700201 # Create dump dir and collect dumps.
202 # Do this before we mount cache so eventually we can use cache for
203 # storing dumps on platforms which do not have a dedicated dump partition.
Chia-chi Yehea744142011-07-08 16:52:18 -0700204 mkdir /data/dontpanic 0750 root log
San Mehatf26d6ce2009-09-01 09:11:04 -0700205
206 # Collect apanic data, free resources and re-arm trigger
207 copy /proc/apanic_console /data/dontpanic/apanic_console
Mike Lockwood25f1a5a2009-09-11 17:13:28 -0400208 chown root log /data/dontpanic/apanic_console
Mike Lockwood93324822009-09-08 22:55:59 -0400209 chmod 0640 /data/dontpanic/apanic_console
San Mehat020f35f2009-09-01 15:38:18 -0700210
San Mehatf26d6ce2009-09-01 09:11:04 -0700211 copy /proc/apanic_threads /data/dontpanic/apanic_threads
Mike Lockwood25f1a5a2009-09-11 17:13:28 -0400212 chown root log /data/dontpanic/apanic_threads
Mike Lockwood93324822009-09-08 22:55:59 -0400213 chmod 0640 /data/dontpanic/apanic_threads
San Mehat020f35f2009-09-01 15:38:18 -0700214
San Mehatf26d6ce2009-09-01 09:11:04 -0700215 write /proc/apanic_console 1
216
Ken Sumrall752923c2010-12-03 16:33:31 -0800217 # create basic filesystem structure
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800218 mkdir /data/misc 01771 system misc
Benoit Goby0245e152012-05-09 17:27:53 -0700219 mkdir /data/misc/adb 02750 system shell
Matthew Xie971153a2012-10-04 12:35:27 -0700220 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
Jaikumar Ganesheafdd862010-01-07 20:24:55 -0800221 mkdir /data/misc/bluetooth 0770 system system
Chia-chi Yeh9b4f1ff2009-09-18 10:35:26 +0800222 mkdir /data/misc/keystore 0700 keystore keystore
Brian Carlstrom04918932011-06-30 22:50:29 -0700223 mkdir /data/misc/keychain 0771 system system
Robert Greenwalt2aa33a32013-07-16 09:46:17 -0700224 mkdir /data/misc/radio 0770 system radio
Robert Greenwaltd6d47802012-09-26 16:04:27 -0700225 mkdir /data/misc/sms 0770 system radio
Elliott Hughesf820e852012-10-19 18:10:05 -0700226 mkdir /data/misc/zoneinfo 0775 system system
Chia-chi Yeh9bb4d412011-07-08 20:03:03 -0700227 mkdir /data/misc/vpn 0770 system vpn
Oscar Montemayord0aa32c2010-01-06 13:18:12 -0800228 mkdir /data/misc/systemkeys 0700 system system
Mike Lockwood48d116e2009-07-08 18:42:08 -0400229 mkdir /data/misc/wifi 0770 wifi wifi
Stephen Smalley82e87ed2014-01-29 13:53:03 -0500230 mkdir /data/misc/wifi/sockets 0770 wifi wifi
Stephen Smalley82e87ed2014-01-29 13:53:03 -0500231 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
232 mkdir /data/misc/dhcp 0770 dhcp dhcp
233 # give system access to wpa_supplicant.conf for backup and restore
Amith Yamasanieefef322009-07-02 12:08:13 -0700234 chmod 0660 /data/misc/wifi/wpa_supplicant.conf
Chia-chi Yeh5ebced32012-03-07 14:52:10 -0800235 mkdir /data/local 0751 root root
Glenn Kastenb0f908a2013-02-22 14:54:45 -0800236 mkdir /data/misc/media 0700 media media
Stephen Smalleydeb41e52013-10-01 09:21:47 -0400237
Nick Kralevichf3ef1272012-03-14 15:22:54 -0700238 # For security reasons, /data/local/tmp should always be empty.
239 # Do not place files or directories in /data/local/tmp
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800240 mkdir /data/local/tmp 0771 shell shell
241 mkdir /data/data 0771 system system
242 mkdir /data/app-private 0771 system system
Kenny Rootf8bbaba2012-04-12 15:01:52 -0700243 mkdir /data/app-asec 0700 root root
Kenny Root50544172012-09-08 22:39:25 -0700244 mkdir /data/app-lib 0771 system system
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800245 mkdir /data/app 0771 system system
246 mkdir /data/property 0700 root root
Mike Lockwood9dd2eef2011-12-11 20:25:16 -0800247 mkdir /data/ssh 0750 root shell
248 mkdir /data/ssh/empty 0700 root root
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800249
Chia-chi Yehea744142011-07-08 16:52:18 -0700250 # create dalvik-cache, so as to enforce our permissions
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800251 mkdir /data/dalvik-cache 0771 system system
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800252
MÃ¥rten Kongstadb45280d2011-05-30 10:24:54 +0200253 # create resource-cache and double-check the perms
254 mkdir /data/resource-cache 0771 system system
255 chown system system /data/resource-cache
256 chmod 0771 /data/resource-cache
257
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800258 # create the lost+found directories, so as to enforce our permissions
Chia-chi Yehea744142011-07-08 16:52:18 -0700259 mkdir /data/lost+found 0770 root root
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800260
James Dong09cdc0e2012-01-06 15:19:26 -0800261 # create directory for DRM plug-ins - give drm the read/write access to
262 # the following directory.
263 mkdir /data/drm 0770 drm drm
aimitakeshie572d592010-07-27 08:38:35 +0900264
Jeff Tinker08d64302013-04-23 19:54:17 -0700265 # create directory for MediaDrm plug-ins - give drm the read/write access to
266 # the following directory.
267 mkdir /data/mediadrm 0770 mediadrm mediadrm
268
Jeff Sharkeyfb4f7ac2013-03-14 14:27:38 -0700269 # symlink to bugreport storage location
270 symlink /data/data/com.android.shell/files/bugreports /data/bugreports
271
William Robertsbfd71b42013-01-23 14:05:04 -0800272 # Separate location for storing security policy files on data
William Robertsd43bab72013-04-15 13:56:22 -0700273 mkdir /data/security 0711 system system
William Robertsbfd71b42013-01-23 14:05:04 -0800274
Stephen Smalley6552f682013-08-26 10:45:05 -0400275 # Reload policy from /data/security if present.
276 setprop selinux.reload_policy 1
277
Stephen Smalleyf2b7ee72014-02-06 13:52:52 -0500278 # Set SELinux security contexts on upgrade or policy update.
279 restorecon_recursive /data
280
Ken Sumrall752923c2010-12-03 16:33:31 -0800281 # If there is no fs-post-data action in the init.<device>.rc file, you
282 # must uncomment this line, otherwise encrypted filesystems
283 # won't work.
284 # Set indication (checked by vold) that we have finished this action
285 #setprop vold.post_fs_data_done 1
286
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800287on boot
288# basic network init
289 ifup lo
290 hostname localhost
291 domainname localdomain
292
293# set RLIMIT_NICE to allow priorities from 19 to -20
294 setrlimit 13 40 40
295
Dianne Hackborn06787f42011-08-07 16:30:24 -0700296# Memory management. Basic kernel parameters, and allow the high
297# level system server to be able to adjust the kernel OOM driver
Glenn Kastenb91bd9f2012-04-19 16:18:37 -0700298# parameters to match how it is managing things.
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800299 write /proc/sys/vm/overcommit_memory 1
The Android Open Source Projecte037fd72009-03-13 13:04:37 -0700300 write /proc/sys/vm/min_free_order_shift 4
Dianne Hackborn06787f42011-08-07 16:30:24 -0700301 chown root system /sys/module/lowmemorykiller/parameters/adj
302 chmod 0664 /sys/module/lowmemorykiller/parameters/adj
303 chown root system /sys/module/lowmemorykiller/parameters/minfree
304 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800305
San Mehat831d8e12009-10-13 12:24:47 -0700306 # Tweak background writeout
307 write /proc/sys/vm/dirty_expire_centisecs 200
308 write /proc/sys/vm/dirty_background_ratio 5
309
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800310 # Permissions for System Server and daemons.
311 chown radio system /sys/android_power/state
312 chown radio system /sys/android_power/request_state
313 chown radio system /sys/android_power/acquire_full_wake_lock
314 chown radio system /sys/android_power/acquire_partial_wake_lock
315 chown radio system /sys/android_power/release_wake_lock
Arve Hjønnevåg70a163f2012-05-02 17:57:50 -0700316 chown system system /sys/power/autosleep
Arve Hjønnevåg1670f832012-03-20 20:33:09 -0700317 chown system system /sys/power/state
318 chown system system /sys/power/wakeup_count
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800319 chown radio system /sys/power/wake_lock
320 chown radio system /sys/power/wake_unlock
321 chmod 0660 /sys/power/state
322 chmod 0660 /sys/power/wake_lock
323 chmod 0660 /sys/power/wake_unlock
Todd Poynor0653b972012-04-11 14:48:51 -0700324
325 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
326 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
Todd Poynor2b5b3bb2012-12-20 18:52:03 -0800327 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
328 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
Todd Poynor0653b972012-04-11 14:48:51 -0700329 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
330 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
331 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
332 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
Todd Poynor2b5b3bb2012-12-20 18:52:03 -0800333 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
334 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
Todd Poynor0653b972012-04-11 14:48:51 -0700335 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
336 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
Todd Poynorf35c2032012-04-19 13:17:24 -0700337 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
338 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
Todd Poynor8d3ea1d2012-04-24 15:37:13 -0700339 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
340 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
Todd Poynor4ff10e62012-05-03 15:20:48 -0700341 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
Todd Poynor33045a62012-04-27 20:21:18 -0700342 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
343 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
Todd Poynor4f247d72012-12-19 17:43:06 -0800344 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
345 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
Todd Poynor6b5de1c2013-03-25 13:17:13 -0700346 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
347 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
Todd Poynor0653b972012-04-11 14:48:51 -0700348
349 # Assume SMP uses shared cpufreq policy for all CPUs
350 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
351 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
352
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800353 chown system system /sys/class/timed_output/vibrator/enable
354 chown system system /sys/class/leds/keyboard-backlight/brightness
355 chown system system /sys/class/leds/lcd-backlight/brightness
356 chown system system /sys/class/leds/button-backlight/brightness
The Android Open Source Projectf614d642009-03-18 17:39:49 -0700357 chown system system /sys/class/leds/jogball-backlight/brightness
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800358 chown system system /sys/class/leds/red/brightness
359 chown system system /sys/class/leds/green/brightness
360 chown system system /sys/class/leds/blue/brightness
361 chown system system /sys/class/leds/red/device/grpfreq
362 chown system system /sys/class/leds/red/device/grppwm
363 chown system system /sys/class/leds/red/device/blink
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800364 chown system system /sys/class/timed_output/vibrator/enable
365 chown system system /sys/module/sco/parameters/disable_esco
366 chown system system /sys/kernel/ipv4/tcp_wmem_min
367 chown system system /sys/kernel/ipv4/tcp_wmem_def
368 chown system system /sys/kernel/ipv4/tcp_wmem_max
369 chown system system /sys/kernel/ipv4/tcp_rmem_min
370 chown system system /sys/kernel/ipv4/tcp_rmem_def
371 chown system system /sys/kernel/ipv4/tcp_rmem_max
372 chown root radio /proc/cmdline
373
374# Define TCP buffer sizes for various networks
375# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
Jianzheng Zhou52ea5102013-11-15 13:44:00 +0800376 setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
377 setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576
378 setprop net.tcp.buffersize.ethernet 524288,1048576,3145728,524288,1048576,2097152
379 setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576
380 setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
381 setprop net.tcp.buffersize.hspa 4094,87380,262144,4096,16384,262144
382 setprop net.tcp.buffersize.hsupa 4094,87380,262144,4096,16384,262144
383 setprop net.tcp.buffersize.hsdpa 4094,87380,262144,4096,16384,262144
384 setprop net.tcp.buffersize.hspap 4094,87380,1220608,4096,16384,1220608
385 setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
386 setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
387 setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800388
JP Abgrallefbf36f2014-02-21 12:05:01 -0800389# Define default initial receive window size in segments.
390 setprop net.tcp.default_init_rwnd 60
391
Ken Sumrall752923c2010-12-03 16:33:31 -0800392 class_start core
393 class_start main
394
395on nonencrypted
396 class_start late_start
397
Dima Zavinca47cef2011-08-24 15:28:23 -0700398on charger
399 class_start charger
400
Ken Sumrall752923c2010-12-03 16:33:31 -0800401on property:vold.decrypt=trigger_reset_main
402 class_reset main
403
Ken Sumrallc5c51032011-03-08 17:01:29 -0800404on property:vold.decrypt=trigger_load_persist_props
405 load_persist_props
406
Ken Sumrall752923c2010-12-03 16:33:31 -0800407on property:vold.decrypt=trigger_post_fs_data
408 trigger post-fs-data
409
Ken Sumralle4349152011-01-17 14:26:34 -0800410on property:vold.decrypt=trigger_restart_min_framework
411 class_start main
412
Ken Sumrall752923c2010-12-03 16:33:31 -0800413on property:vold.decrypt=trigger_restart_framework
414 class_start main
415 class_start late_start
416
417on property:vold.decrypt=trigger_shutdown_framework
418 class_reset late_start
419 class_reset main
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800420
Nick Kralevichca8e66a2013-04-18 12:20:02 -0700421on property:sys.powerctl=*
422 powerctl ${sys.powerctl}
423
JP Abgrallefbf36f2014-02-21 12:05:01 -0800424# system server cannot write to /proc/sys files,
425# and chown/chmod does not work for /proc/sys/ entries.
426# So proxy writes through init.
Colin Cross57fdb5c2013-07-25 10:34:30 -0700427on property:sys.sysctl.extra_free_kbytes=*
428 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
JP Abgrallefbf36f2014-02-21 12:05:01 -0800429# "tcp_default_init_rwnd" Is too long!
430on property:sys.sysctl.tcp_def_init_rwnd=*
431 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
432
Colin Cross57fdb5c2013-07-25 10:34:30 -0700433
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800434## Daemon processes to be run by init.
435##
Colin Crossf83d0b92010-04-21 12:04:20 -0700436service ueventd /sbin/ueventd
Ken Sumrall752923c2010-12-03 16:33:31 -0800437 class core
Colin Crossf83d0b92010-04-21 12:04:20 -0700438 critical
Stephen Smalley1eee4192012-01-13 08:54:34 -0500439 seclabel u:r:ueventd:s0
Colin Crossf83d0b92010-04-21 12:04:20 -0700440
Mark Salyzyn3c253dc2014-03-21 16:06:54 -0700441service logd /system/bin/logd
442 class core
443 socket logd stream 0666 logd logd
444 socket logdr seqpacket 0666 logd logd
445 socket logdw dgram 0222 logd logd
446 seclabel u:r:logd:s0
447
Todd Poynor13f4c9f2013-06-19 15:09:35 -0700448service healthd /sbin/healthd
449 class core
450 critical
451 seclabel u:r:healthd:s0
452
453service healthd-charger /sbin/healthd -n
454 class charger
455 critical
456 seclabel u:r:healthd:s0
457
Brian Swetlandb4d65392010-10-27 15:40:23 -0700458service console /system/bin/sh
Ken Sumrall752923c2010-12-03 16:33:31 -0800459 class core
Brian Swetlandb4d65392010-10-27 15:40:23 -0700460 console
461 disabled
462 user shell
463 group log
Stephen Smalley610653f2013-12-23 14:11:02 -0500464 seclabel u:r:shell:s0
Brian Swetlandb4d65392010-10-27 15:40:23 -0700465
Mike Lockwoodd49b4ef2010-11-19 09:12:27 -0500466on property:ro.debuggable=1
Brian Swetlandb4d65392010-10-27 15:40:23 -0700467 start console
468
Mike Lockwood352dfdf2011-06-08 17:40:00 -0700469# adbd is controlled via property triggers in init.<platform>.usb.rc
Nick Kralevichd49aa252014-01-18 09:25:04 -0800470service adbd /sbin/adbd --root_seclabel=u:r:su:s0
Ken Sumrall752923c2010-12-03 16:33:31 -0800471 class core
Benoit Goby0574d6b2012-04-24 15:07:12 -0700472 socket adbd stream 660 system system
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800473 disabled
Stephen Smalley1eee4192012-01-13 08:54:34 -0500474 seclabel u:r:adbd:s0
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800475
476# adbd on at boot in emulator
477on property:ro.kernel.qemu=1
478 start adbd
479
Mark Salyzyn0a0cc712014-03-21 17:41:52 -0700480service lmkd /system/bin/lmkd
481 class core
482 critical
483 socket lmkd seqpacket 0660 system system
484
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800485service servicemanager /system/bin/servicemanager
Ken Sumrall752923c2010-12-03 16:33:31 -0800486 class core
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800487 user system
Nick Kralevich333f24b2010-12-10 14:10:16 -0800488 group system
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800489 critical
Todd Poynor13f4c9f2013-06-19 15:09:35 -0700490 onrestart restart healthd
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800491 onrestart restart zygote
492 onrestart restart media
Mathias Agopian04a87592011-10-31 14:27:36 -0700493 onrestart restart surfaceflinger
494 onrestart restart drm
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800495
The Android Open Source Projecte4749f32009-03-09 11:52:15 -0700496service vold /system/bin/vold
Ken Sumrall752923c2010-12-03 16:33:31 -0800497 class core
The Android Open Source Projecte4749f32009-03-09 11:52:15 -0700498 socket vold stream 0660 root mount
San Mehatf0cb74e2010-02-26 10:01:14 -0800499 ioprio be 2
The Android Open Source Projecte4749f32009-03-09 11:52:15 -0700500
San Mehat192277c2010-01-15 07:48:35 -0800501service netd /system/bin/netd
Ken Sumrall752923c2010-12-03 16:33:31 -0800502 class main
San Mehat192277c2010-01-15 07:48:35 -0800503 socket netd stream 0660 root system
Brad Fitzpatrick8c5669f2010-10-27 10:23:16 -0700504 socket dnsproxyd stream 0660 root inet
Robert Greenwalt1d91fcf2012-03-27 16:59:27 -0700505 socket mdns stream 0660 root system
San Mehat192277c2010-01-15 07:48:35 -0800506
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800507service debuggerd /system/bin/debuggerd
Ken Sumrall752923c2010-12-03 16:33:31 -0800508 class main
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800509
Dan Willemsen78ef91a2014-02-16 11:30:27 -0800510service debuggerd64 /system/bin/debuggerd64
511 class main
512
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800513service ril-daemon /system/bin/rild
vidya rao04cf6292011-06-24 12:15:20 -0700514 class main
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800515 socket rild stream 660 root radio
516 socket rild-debug stream 660 radio system
517 user root
Jeff Sharkey61f13592012-08-20 14:31:47 -0700518 group radio cache inet misc audio log
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800519
Mathias Agopiana40481b2011-03-03 18:48:30 -0800520service surfaceflinger /system/bin/surfaceflinger
521 class main
522 user system
Dima Zavinece565c2012-10-04 17:02:26 -0700523 group graphics drmrpc
Mathias Agopiana40481b2011-03-03 18:48:30 -0800524 onrestart restart zygote
525
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800526service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
Ken Sumrall752923c2010-12-03 16:33:31 -0800527 class main
Nick Kraleviche7fd9112012-01-27 13:06:53 -0800528 socket zygote stream 660 root system
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800529 onrestart write /sys/android_power/request_state wake
530 onrestart write /sys/power/state on
Dan Bornstein1dec5032009-10-09 14:24:51 -0700531 onrestart restart media
Brad Fitzpatrick64902572010-09-21 15:49:06 -0700532 onrestart restart netd
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800533
aimitakeshie572d592010-07-27 08:38:35 +0900534service drm /system/bin/drmserver
Ken Sumrall752923c2010-12-03 16:33:31 -0800535 class main
aimitakeshie572d592010-07-27 08:38:35 +0900536 user drm
Jeff Sharkey61f13592012-08-20 14:31:47 -0700537 group drm system inet drmrpc
aimitakeshie572d592010-07-27 08:38:35 +0900538
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800539service media /system/bin/mediaserver
Ken Sumrall752923c2010-12-03 16:33:31 -0800540 class main
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800541 user media
Jeff Tinker08d64302013-04-23 19:54:17 -0700542 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
San Mehatf0cb74e2010-02-26 10:01:14 -0800543 ioprio rt 4
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800544
Mathias Agopian8b2cf9f2009-05-20 18:09:51 -0700545service bootanim /system/bin/bootanimation
Ken Sumrall752923c2010-12-03 16:33:31 -0800546 class main
Mathias Agopian8b2cf9f2009-05-20 18:09:51 -0700547 user graphics
548 group graphics
549 disabled
550 oneshot
551
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800552service installd /system/bin/installd
Ken Sumrall752923c2010-12-03 16:33:31 -0800553 class main
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800554 socket installd stream 600 system system
555
Doug Zongkerd52f54c2009-07-23 15:18:34 -0700556service flash_recovery /system/etc/install-recovery.sh
Ken Sumrall752923c2010-12-03 16:33:31 -0800557 class main
The Android Open Source Projectdd7bc332009-03-03 19:32:55 -0800558 oneshot
Chung-yih Wang1f75d702009-06-01 19:04:05 +0800559
Chia-chi Yeh51afbf52009-07-01 07:06:47 +0800560service racoon /system/bin/racoon
Ken Sumrall752923c2010-12-03 16:33:31 -0800561 class main
Chung-yih Wang1f75d702009-06-01 19:04:05 +0800562 socket racoon stream 600 system system
Chia-chi Yeh9bb4d412011-07-08 20:03:03 -0700563 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
Chia-chi Yeha2468712011-08-08 10:11:40 -0700564 group vpn net_admin inet
Chung-yih Wang1f75d702009-06-01 19:04:05 +0800565 disabled
566 oneshot
567
568service mtpd /system/bin/mtpd
Ken Sumrall752923c2010-12-03 16:33:31 -0800569 class main
Chung-yih Wang1f75d702009-06-01 19:04:05 +0800570 socket mtpd stream 600 system system
Chia-chi Yeh51afbf52009-07-01 07:06:47 +0800571 user vpn
Chia-chi Yeha2468712011-08-08 10:11:40 -0700572 group vpn net_admin inet net_raw
Chung-yih Wang1f75d702009-06-01 19:04:05 +0800573 disabled
574 oneshot
575
Chia-chi Yeh9b4f1ff2009-09-18 10:35:26 +0800576service keystore /system/bin/keystore /data/misc/keystore
Ken Sumrall752923c2010-12-03 16:33:31 -0800577 class main
Chung-yih Wang1f75d702009-06-01 19:04:05 +0800578 user keystore
Kenny Rootad5b9c72012-02-23 16:31:10 -0800579 group keystore drmrpc
Chung-yih Wang1f75d702009-06-01 19:04:05 +0800580
Mike Lockwoodabe3a9c2009-09-02 18:09:26 -0400581service dumpstate /system/bin/dumpstate -s
Ken Sumrall752923c2010-12-03 16:33:31 -0800582 class main
Mike Lockwoodabe3a9c2009-09-02 18:09:26 -0400583 socket dumpstate stream 0660 shell log
584 disabled
585 oneshot
Mike Lockwood9dd2eef2011-12-11 20:25:16 -0800586
587service sshd /system/bin/start-ssh
588 class main
Mike Lockwood19155b52012-03-21 11:58:05 -0700589 disabled
Robert Greenwalt1d91fcf2012-03-27 16:59:27 -0700590
591service mdnsd /system/bin/mdnsd
592 class main
593 user mdnsr
594 group inet net_raw
595 socket mdnsd stream 0660 mdnsr inet
596 disabled
597 oneshot