# Copyright (C) 2012 The Android Open Source Project # # IMPORTANT: Do not create world writable files or directories. # This is a common source of Android security bugs. # import /init.environ.rc import /init.usb.rc import /init.${ro.hardware}.rc import /vendor/etc/init/hw/init.${ro.hardware}.rc import /init.usb.configfs.rc import /init.${ro.zygote}.rc on early-init # Set init and its forked children's oom_adj. write /proc/1/oom_score_adj -1000 # Disable sysrq from keyboard write /proc/sys/kernel/sysrq 0 # Set the security context of /adb_keys if present. restorecon /adb_keys # Set the security context of /postinstall if present. restorecon /postinstall # Mount cgroup mount point for cpu accounting mount cgroup none /acct nodev noexec nosuid cpuacct mkdir /acct/uid # root memory control cgroup, used by lmkd mkdir /dev/memcg 0700 root system mount cgroup none /dev/memcg nodev noexec nosuid memory # app mem cgroups, used by activity manager, lmkd and zygote mkdir /dev/memcg/apps/ 0755 system system # cgroup for system_server and surfaceflinger mkdir /dev/memcg/system 0550 system system start ueventd on init sysclktz 0 # Mix device-specific information into the entropy pool copy /proc/cmdline /dev/urandom copy /default.prop /dev/urandom symlink /system/bin /bin symlink /system/etc /etc # Backward compatibility. symlink /sys/kernel/debug /d # Link /vendor to /system/vendor for devices without a vendor partition. symlink /system/vendor /vendor # Create energy-aware scheduler tuning nodes mkdir /dev/stune mount cgroup none /dev/stune nodev noexec nosuid schedtune mkdir /dev/stune/foreground mkdir /dev/stune/background mkdir /dev/stune/top-app mkdir /dev/stune/rt chown system system /dev/stune chown system system /dev/stune/foreground chown system system /dev/stune/background chown system system /dev/stune/top-app chown system system /dev/stune/rt chown system system /dev/stune/tasks chown system system /dev/stune/foreground/tasks chown system system /dev/stune/background/tasks chown system system /dev/stune/top-app/tasks chown system system /dev/stune/rt/tasks chmod 0664 /dev/stune/tasks chmod 0664 /dev/stune/foreground/tasks chmod 0664 /dev/stune/background/tasks chmod 0664 /dev/stune/top-app/tasks chmod 0664 /dev/stune/rt/tasks restorecon_recursive /mnt mount configfs none /config nodev noexec nosuid chmod 0775 /config/sdcardfs chown system package_info /config/sdcardfs mkdir /mnt/secure 0700 root root mkdir /mnt/secure/asec 0700 root root mkdir /mnt/asec 0755 root system mkdir /mnt/obb 0755 root system mkdir /mnt/media_rw 0750 root media_rw mkdir /mnt/user 0755 root root mkdir /mnt/user/0 0755 root root mkdir /mnt/expand 0771 system system mkdir /mnt/appfuse 0711 root root # Storage views to support runtime permissions mkdir /mnt/runtime 0700 root root mkdir /mnt/runtime/default 0755 root root mkdir /mnt/runtime/default/self 0755 root root mkdir /mnt/runtime/read 0755 root root mkdir /mnt/runtime/read/self 0755 root root mkdir /mnt/runtime/write 0755 root root mkdir /mnt/runtime/write/self 0755 root root # Symlink to keep legacy apps working in multi-user world symlink /storage/self/primary /sdcard symlink /storage/self/primary /mnt/sdcard symlink /mnt/user/0/primary /mnt/runtime/default/self/primary write /proc/sys/kernel/panic_on_oops 1 write /proc/sys/kernel/hung_task_timeout_secs 0 write /proc/cpu/alignment 4 # scheduler tunables # Disable auto-scaling of scheduler tunables with hotplug. The tunables # will vary across devices in unpredictable ways if allowed to scale with # cpu cores. write /proc/sys/kernel/sched_tunable_scaling 0 write /proc/sys/kernel/sched_latency_ns 10000000 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" write /proc/sys/net/unix/max_dgram_qlen 600 write /proc/sys/kernel/sched_rt_runtime_us 950000 write /proc/sys/kernel/sched_rt_period_us 1000000 # Assign reasonable ceiling values for socket rcv/snd buffers. # These should almost always be overridden by the target per the # the corresponding technology maximums. write /proc/sys/net/core/rmem_max 262144 write /proc/sys/net/core/wmem_max 262144 # reflect fwmark from incoming packets onto generated replies write /proc/sys/net/ipv4/fwmark_reflect 1 write /proc/sys/net/ipv6/fwmark_reflect 1 # set fwmark on accepted sockets write /proc/sys/net/ipv4/tcp_fwmark_accept 1 # disable icmp redirects write /proc/sys/net/ipv4/conf/all/accept_redirects 0 write /proc/sys/net/ipv6/conf/all/accept_redirects 0 # /proc/net/fib_trie leaks interface IP addresses chmod 0400 /proc/net/fib_trie # Create cgroup mount points for process groups mkdir /dev/cpuctl mount cgroup none /dev/cpuctl nodev noexec nosuid cpu chown system system /dev/cpuctl chown system system /dev/cpuctl/tasks chmod 0666 /dev/cpuctl/tasks write /dev/cpuctl/cpu.rt_period_us 1000000 write /dev/cpuctl/cpu.rt_runtime_us 950000 # sets up initial cpusets for ActivityManager mkdir /dev/cpuset mount cpuset none /dev/cpuset nodev noexec nosuid # this ensures that the cpusets are present and usable, but the device's # init.rc must actually set the correct cpus mkdir /dev/cpuset/foreground copy /dev/cpuset/cpus /dev/cpuset/foreground/cpus copy /dev/cpuset/mems /dev/cpuset/foreground/mems mkdir /dev/cpuset/background copy /dev/cpuset/cpus /dev/cpuset/background/cpus copy /dev/cpuset/mems /dev/cpuset/background/mems # system-background is for system tasks that should only run on # little cores, not on bigs # to be used only by init, so don't change system-bg permissions mkdir /dev/cpuset/system-background copy /dev/cpuset/cpus /dev/cpuset/system-background/cpus copy /dev/cpuset/mems /dev/cpuset/system-background/mems mkdir /dev/cpuset/top-app copy /dev/cpuset/cpus /dev/cpuset/top-app/cpus copy /dev/cpuset/mems /dev/cpuset/top-app/mems # change permissions for all cpusets we'll touch at runtime chown system system /dev/cpuset chown system system /dev/cpuset/foreground chown system system /dev/cpuset/background chown system system /dev/cpuset/system-background chown system system /dev/cpuset/top-app chown system system /dev/cpuset/tasks chown system system /dev/cpuset/foreground/tasks chown system system /dev/cpuset/background/tasks chown system system /dev/cpuset/system-background/tasks chown system system /dev/cpuset/top-app/tasks # set system-background to 0775 so SurfaceFlinger can touch it chmod 0775 /dev/cpuset/system-background chmod 0664 /dev/cpuset/foreground/tasks chmod 0664 /dev/cpuset/background/tasks chmod 0664 /dev/cpuset/system-background/tasks chmod 0664 /dev/cpuset/top-app/tasks chmod 0664 /dev/cpuset/tasks # qtaguid will limit access to specific data based on group memberships. # net_bw_acct grants impersonation of socket owners. # net_bw_stats grants access to other apps' detailed tagged-socket stats. chown root net_bw_acct /proc/net/xt_qtaguid/ctrl chown root net_bw_stats /proc/net/xt_qtaguid/stats # Allow everybody to read the xt_qtaguid resource tracking misc dev. # This is needed by any process that uses socket tagging. chmod 0644 /dev/xt_qtaguid mkdir /dev/cg2_bpf mount cgroup2 cg2_bpf /dev/cg2_bpf nodev noexec nosuid chown root root /dev/cg2_bpf chmod 0600 /dev/cg2_bpf mount bpf bpf /sys/fs/bpf nodev noexec nosuid # Create location for fs_mgr to store abbreviated output from filesystem # checker programs. mkdir /dev/fscklogs 0770 root system # pstore/ramoops previous console log mount pstore pstore /sys/fs/pstore nodev noexec nosuid chown system log /sys/fs/pstore/console-ramoops chmod 0440 /sys/fs/pstore/console-ramoops chown system log /sys/fs/pstore/console-ramoops-0 chmod 0440 /sys/fs/pstore/console-ramoops-0 chown system log /sys/fs/pstore/pmsg-ramoops-0 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 # enable armv8_deprecated instruction hooks write /proc/sys/abi/swp 1 # Linux's execveat() syscall may construct paths containing /dev/fd # expecting it to point to /proc/self/fd symlink /proc/self/fd /dev/fd export DOWNLOAD_CACHE /data/cache # set RLIMIT_NICE to allow priorities from 19 to -20 setrlimit nice 40 40 # Allow up to 32K FDs per process setrlimit nofile 32768 32768 # This allows the ledtrig-transient properties to be created here so # that they can be chown'd to system:system later on boot write /sys/class/leds/vibrator/trigger "transient" # Healthd can trigger a full boot from charger mode by signaling this # property when the power button is held. on property:sys.boot_from_charger_mode=1 class_stop charger trigger late-init on load_persist_props_action load_persist_props start logd start logd-reinit # Indicate to fw loaders that the relevant mounts are up. on firmware_mounts_complete rm /dev/.booting # Mount filesystems and start core system services. on late-init trigger early-fs # Mount fstab in init.{$device}.rc by mount_all command. Optional parameter # '--early' can be specified to skip entries with 'latemount'. # /system and /vendor must be mounted by the end of the fs stage, # while /data is optional. trigger fs trigger post-fs # Mount fstab in init.{$device}.rc by mount_all with '--late' parameter # to only mount entries with 'latemount'. This is needed if '--early' is # specified in the previous mount_all command on the fs stage. # With /system mounted and properties form /system + /factory available, # some services can be started. trigger late-fs # Now we can mount /data. File encryption requires keymaster to decrypt # /data, which in turn can only be loaded when system properties are present. trigger post-fs-data # Now we can start zygote for devices with file based encryption trigger zygote-start # Load persist properties and override properties (if enabled) from /data. trigger load_persist_props_action # Remove a file to wake up anything waiting for firmware. trigger firmware_mounts_complete trigger early-boot trigger boot on post-fs # Load properties from # /system/build.prop, # /odm/build.prop, # /vendor/build.prop and # /factory/factory.prop load_system_props # start essential services start logd start servicemanager start hwservicemanager start vndservicemanager # Once everything is setup, no need to modify /. # The bind+ro combination avoids modifying any other mount flags. mount rootfs rootfs / remount bind ro # Mount shared so changes propagate into child namespaces mount rootfs rootfs / shared rec # Mount default storage into root namespace mount none /mnt/runtime/default /storage bind rec mount none none /storage slave rec # Make sure /sys/kernel/debug (if present) is labeled properly # Note that tracefs may be mounted under debug, so we need to cross filesystems restorecon --recursive --cross-filesystems /sys/kernel/debug # We chown/chmod /cache again so because mount is run as root + defaults chown system cache /cache chmod 0770 /cache # We restorecon /cache in case the cache partition has been reset. restorecon_recursive /cache # Create /cache/recovery in case it's not there. It'll also fix the odd # permissions if created by the recovery system. mkdir /cache/recovery 0770 system cache # Backup/restore mechanism uses the cache partition mkdir /cache/backup_stage 0700 system system mkdir /cache/backup 0700 system system #change permissions on vmallocinfo so we can grab it from bugreports chown root log /proc/vmallocinfo chmod 0440 /proc/vmallocinfo chown root log /proc/slabinfo chmod 0440 /proc/slabinfo #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks chown root system /proc/kmsg chmod 0440 /proc/kmsg chown root system /proc/sysrq-trigger chmod 0220 /proc/sysrq-trigger chown system log /proc/last_kmsg chmod 0440 /proc/last_kmsg # make the selinux kernel policy world-readable chmod 0444 /sys/fs/selinux/policy # create the lost+found directories, so as to enforce our permissions mkdir /cache/lost+found 0770 root root on late-fs # Ensure that tracefs has the correct permissions. # This does not work correctly if it is called in post-fs. chmod 0755 /sys/kernel/debug/tracing # HALs required before storage encryption can get unlocked (FBE/FDE) class_start early_hal on post-fs-data # We chown/chmod /data again so because mount is run as root + defaults chown system system /data chmod 0771 /data # We restorecon /data in case the userdata partition has been reset. restorecon /data # Make sure we have the device encryption key. start vold installkey /data # Start bootcharting as soon as possible after the data partition is # mounted to collect more data. mkdir /data/bootchart 0755 shell shell bootchart start # Avoid predictable entropy pool. Carry over entropy from previous boot. copy /data/system/entropy.dat /dev/urandom # create basic filesystem structure mkdir /data/misc 01771 system misc mkdir /data/misc/recovery 0770 system log copy /data/misc/recovery/ro.build.fingerprint /data/misc/recovery/ro.build.fingerprint.1 chmod 0440 /data/misc/recovery/ro.build.fingerprint.1 chown system log /data/misc/recovery/ro.build.fingerprint.1 write /data/misc/recovery/ro.build.fingerprint ${ro.build.fingerprint} chmod 0440 /data/misc/recovery/ro.build.fingerprint chown system log /data/misc/recovery/ro.build.fingerprint mkdir /data/misc/recovery/proc 0770 system log copy /data/misc/recovery/proc/version /data/misc/recovery/proc/version.1 chmod 0440 /data/misc/recovery/proc/version.1 chown system log /data/misc/recovery/proc/version.1 copy /proc/version /data/misc/recovery/proc/version chmod 0440 /data/misc/recovery/proc/version chown system log /data/misc/recovery/proc/version mkdir /data/misc/bluedroid 02770 bluetooth bluetooth # Fix the access permissions and group ownership for 'bt_config.conf' chmod 0660 /data/misc/bluedroid/bt_config.conf chown bluetooth bluetooth /data/misc/bluedroid/bt_config.conf mkdir /data/misc/bluetooth 0770 bluetooth bluetooth mkdir /data/misc/bluetooth/logs 0770 bluetooth bluetooth mkdir /data/misc/keystore 0700 keystore keystore mkdir /data/misc/gatekeeper 0700 system system mkdir /data/misc/keychain 0771 system system mkdir /data/misc/net 0750 root shell mkdir /data/misc/radio 0770 system radio mkdir /data/misc/sms 0770 system radio mkdir /data/misc/carrierid 0770 system radio mkdir /data/misc/zoneinfo 0775 system system mkdir /data/misc/textclassifier 0771 system system mkdir /data/misc/vpn 0770 system vpn mkdir /data/misc/shared_relro 0771 shared_relro shared_relro mkdir /data/misc/systemkeys 0700 system system mkdir /data/misc/wifi 0770 wifi wifi mkdir /data/misc/wifi/sockets 0770 wifi wifi mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi mkdir /data/misc/ethernet 0770 system system mkdir /data/misc/dhcp 0770 dhcp dhcp mkdir /data/misc/user 0771 root root mkdir /data/misc/perfprofd 0775 root root # give system access to wpa_supplicant.conf for backup and restore chmod 0660 /data/misc/wifi/wpa_supplicant.conf mkdir /data/local 0751 root root mkdir /data/misc/media 0700 media media mkdir /data/misc/audioserver 0700 audioserver audioserver mkdir /data/misc/cameraserver 0700 cameraserver cameraserver mkdir /data/misc/vold 0700 root root mkdir /data/misc/boottrace 0771 system shell mkdir /data/misc/update_engine 0700 root root mkdir /data/misc/update_engine_log 02750 root log mkdir /data/misc/trace 0700 root root # create location to store surface and window trace files mkdir /data/misc/wmtrace 0700 system system # profile file layout mkdir /data/misc/profiles 0771 system system mkdir /data/misc/profiles/cur 0771 system system mkdir /data/misc/profiles/ref 0771 system system mkdir /data/misc/profman 0770 system shell mkdir /data/misc/gcov 0770 root root mkdir /data/vendor 0771 root root mkdir /data/vendor/hardware 0771 root root # For security reasons, /data/local/tmp should always be empty. # Do not place files or directories in /data/local/tmp mkdir /data/local/tmp 0771 shell shell mkdir /data/local/traces 0777 shell shell mkdir /data/data 0771 system system mkdir /data/app-private 0771 system system mkdir /data/app-ephemeral 0771 system system mkdir /data/app-asec 0700 root root mkdir /data/app-lib 0771 system system mkdir /data/app 0771 system system mkdir /data/property 0700 root root mkdir /data/tombstones 0771 system system mkdir /data/vendor/tombstones 0771 root root mkdir /data/vendor/tombstones/wifi 0771 wifi wifi # create dalvik-cache, so as to enforce our permissions mkdir /data/dalvik-cache 0771 root root # create the A/B OTA directory, so as to enforce our permissions mkdir /data/ota 0771 root root # create the OTA package directory. It will be accessed by GmsCore (cache # group), update_engine and update_verifier. mkdir /data/ota_package 0770 system cache # create resource-cache and double-check the perms mkdir /data/resource-cache 0771 system system chown system system /data/resource-cache chmod 0771 /data/resource-cache # create the lost+found directories, so as to enforce our permissions mkdir /data/lost+found 0770 root root # create directory for DRM plug-ins - give drm the read/write access to # the following directory. mkdir /data/drm 0770 drm drm # create directory for MediaDrm plug-ins - give drm the read/write access to # the following directory. mkdir /data/mediadrm 0770 mediadrm mediadrm mkdir /data/anr 0775 system system # NFC: create data/nfc for nv storage mkdir /data/nfc 0770 nfc nfc mkdir /data/nfc/param 0770 nfc nfc # Create all remaining /data root dirs so that they are made through init # and get proper encryption policy installed mkdir /data/backup 0700 system system mkdir /data/ss 0700 system system mkdir /data/system 0775 system system mkdir /data/system/heapdump 0700 system system mkdir /data/system/users 0775 system system mkdir /data/system_de 0770 system system mkdir /data/system_ce 0770 system system mkdir /data/misc_de 01771 system misc mkdir /data/misc_ce 01771 system misc mkdir /data/user 0711 system system mkdir /data/user_de 0711 system system symlink /data/data /data/user/0 mkdir /data/media 0770 media_rw media_rw mkdir /data/media/obb 0770 media_rw media_rw mkdir /data/cache 0770 system cache mkdir /data/cache/recovery 0770 system cache mkdir /data/cache/backup_stage 0700 system system mkdir /data/cache/backup 0700 system system init_user0 # Set SELinux security contexts on upgrade or policy update. restorecon --recursive --skip-ce /data # Check any timezone data in /data is newer than the copy in /system, delete if not. exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo # If there is no post-fs-data action in the init..rc file, you # must uncomment this line, otherwise encrypted filesystems # won't work. # Set indication (checked by vold) that we have finished this action #setprop vold.post_fs_data_done 1 # It is recommended to put unnecessary data/ initialization from post-fs-data # to start-zygote in device's init.rc to unblock zygote start. on zygote-start && property:ro.crypto.state=unencrypted # A/B update verifier that marks a successful boot. exec_start update_verifier_nonencrypted start netd start zygote start zygote_secondary on zygote-start && property:ro.crypto.state=unsupported # A/B update verifier that marks a successful boot. exec_start update_verifier_nonencrypted start netd start zygote start zygote_secondary on zygote-start && property:ro.crypto.state=encrypted && property:ro.crypto.type=file # A/B update verifier that marks a successful boot. exec_start update_verifier_nonencrypted start netd start zygote start zygote_secondary on boot # basic network init ifup lo hostname localhost domainname localdomain # IPsec SA default expiration length write /proc/sys/net/core/xfrm_acq_expires 3600 # Memory management. Basic kernel parameters, and allow the high # level system server to be able to adjust the kernel OOM driver # parameters to match how it is managing things. write /proc/sys/vm/overcommit_memory 1 write /proc/sys/vm/min_free_order_shift 4 chown root system /sys/module/lowmemorykiller/parameters/adj chmod 0664 /sys/module/lowmemorykiller/parameters/adj chown root system /sys/module/lowmemorykiller/parameters/minfree chmod 0664 /sys/module/lowmemorykiller/parameters/minfree # Tweak background writeout write /proc/sys/vm/dirty_expire_centisecs 200 write /proc/sys/vm/dirty_background_ratio 5 # Permissions for System Server and daemons. chown radio system /sys/android_power/state chown radio system /sys/android_power/request_state chown radio system /sys/android_power/acquire_full_wake_lock chown radio system /sys/android_power/acquire_partial_wake_lock chown radio system /sys/android_power/release_wake_lock chown system system /sys/power/autosleep chown system system /sys/power/state chown system system /sys/power/wakeup_count chown radio wakelock /sys/power/wake_lock chown radio wakelock /sys/power/wake_unlock chmod 0660 /sys/power/state chmod 0660 /sys/power/wake_lock chmod 0660 /sys/power/wake_unlock chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay chown system system /sys/devices/system/cpu/cpufreq/interactive/boost chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy # Assume SMP uses shared cpufreq policy for all CPUs chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq chown system system /sys/class/leds/vibrator/trigger chown system system /sys/class/leds/vibrator/activate chown system system /sys/class/leds/vibrator/brightness chown system system /sys/class/leds/vibrator/duration chown system system /sys/class/leds/vibrator/state chown system system /sys/class/timed_output/vibrator/enable chown system system /sys/class/leds/keyboard-backlight/brightness chown system system /sys/class/leds/lcd-backlight/brightness chown system system /sys/class/leds/button-backlight/brightness chown system system /sys/class/leds/jogball-backlight/brightness chown system system /sys/class/leds/red/brightness chown system system /sys/class/leds/green/brightness chown system system /sys/class/leds/blue/brightness chown system system /sys/class/leds/red/device/grpfreq chown system system /sys/class/leds/red/device/grppwm chown system system /sys/class/leds/red/device/blink chown system system /sys/module/sco/parameters/disable_esco chown system system /sys/kernel/ipv4/tcp_wmem_min chown system system /sys/kernel/ipv4/tcp_wmem_def chown system system /sys/kernel/ipv4/tcp_wmem_max chown system system /sys/kernel/ipv4/tcp_rmem_min chown system system /sys/kernel/ipv4/tcp_rmem_def chown system system /sys/kernel/ipv4/tcp_rmem_max chown root radio /proc/cmdline # Define default initial receive window size in segments. setprop net.tcp.default_init_rwnd 60 # Start standard binderized HAL daemons class_start hal class_start core on nonencrypted class_start main class_start late_start on property:sys.init_log_level=* loglevel ${sys.init_log_level} on charger class_start charger on property:vold.decrypt=trigger_reset_main class_reset main on property:vold.decrypt=trigger_load_persist_props load_persist_props start logd start logd-reinit on property:vold.decrypt=trigger_post_fs_data trigger post-fs-data on property:vold.decrypt=trigger_restart_min_framework # A/B update verifier that marks a successful boot. exec_start update_verifier class_start main on property:vold.decrypt=trigger_restart_framework # A/B update verifier that marks a successful boot. exec_start update_verifier class_start main class_start late_start on property:vold.decrypt=trigger_shutdown_framework class_reset late_start class_reset main on property:sys.boot_completed=1 bootchart stop # system server cannot write to /proc/sys files, # and chown/chmod does not work for /proc/sys/ entries. # So proxy writes through init. on property:sys.sysctl.extra_free_kbytes=* write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} # "tcp_default_init_rwnd" Is too long! on property:sys.sysctl.tcp_def_init_rwnd=* write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} on property:security.perf_harden=0 write /proc/sys/kernel/perf_event_paranoid 1 on property:security.perf_harden=1 write /proc/sys/kernel/perf_event_paranoid 3 # on shutdown # In device's init.rc, this trigger can be used to do device-specific actions # before shutdown. e.g disable watchdog and mask error handling ## Daemon processes to be run by init. ## service ueventd /sbin/ueventd class core critical seclabel u:r:ueventd:s0 shutdown critical service healthd /system/bin/healthd class core critical group root system wakelock service console /system/bin/sh class core console disabled user shell group shell log readproc seclabel u:r:shell:s0 setenv HOSTNAME console on property:ro.debuggable=1 # Give writes to anyone for the trace folder on debug builds. # The folder is used to store method traces. chmod 0773 /data/misc/trace # Give reads to anyone for the window trace folder on debug builds. chmod 0775 /data/misc/wmtrace start console service flash_recovery /system/bin/install-recovery.sh class main oneshot