1 on early-init 2 # Set init and its forked children's oom_adj. 3 write /proc/1/oom_adj -16 4 5 start ueventd 6 7 # create mountpoints 8 mkdir /mnt 0775 root system 9 10 on init 11 12 sysclktz 0 13 14 loglevel 3 15 16 # setup the global environment 17 export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin 18 export LD_LIBRARY_PATH /vendor/lib:/system/lib 19 export ANDROID_BOOTLOGO 1 20 export ANDROID_ROOT /system 21 export ANDROID_ASSETS /system/app 22 export ANDROID_DATA /data 23 export ASEC_MOUNTPOINT /mnt/asec 24 export LOOP_MOUNTPOINT /mnt/obb 25 export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar:/system/framework/filterfw.jar 26 27 # Backward compatibility 28 symlink /system/etc /etc 29 symlink /sys/kernel/debug /d 30 31 # Right now vendor lives on the same filesystem as system, 32 # but someday that may change. 33 symlink /system/vendor /vendor 34 35 # Create cgroup mount point for cpu accounting 36 mkdir /acct 37 mount cgroup none /acct cpuacct 38 mkdir /acct/uid 39 40 mkdir /system 41 mkdir /data 0771 system system 42 mkdir /cache 0770 system cache 43 mkdir /config 0500 root root 44 45 # Directory for putting things only root should see. 46 mkdir /mnt/secure 0700 root root 47 48 # Directory for staging bindmounts 49 mkdir /mnt/secure/staging 0700 root root 50 51 # Directory-target for where the secure container 52 # imagefile directory will be bind-mounted 53 mkdir /mnt/secure/asec 0700 root root 54 55 # Secure container public mount points. 56 mkdir /mnt/asec 0700 root system 57 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 58 59 # Filesystem image public mount points. 60 mkdir /mnt/obb 0700 root system 61 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 62 63 write /proc/sys/kernel/panic_on_oops 1 64 write /proc/sys/kernel/hung_task_timeout_secs 0 65 write /proc/cpu/alignment 4 66 write /proc/sys/kernel/sched_latency_ns 10000000 67 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 68 write /proc/sys/kernel/sched_compat_yield 1 69 write /proc/sys/kernel/sched_child_runs_first 0 70 write /proc/sys/kernel/randomize_va_space 2 71 72 # Create cgroup mount points for process groups 73 mkdir /dev/cpuctl 74 mount cgroup none /dev/cpuctl cpu 75 chown system system /dev/cpuctl 76 chown system system /dev/cpuctl/tasks 77 chmod 0777 /dev/cpuctl/tasks 78 write /dev/cpuctl/cpu.shares 1024 79 80 mkdir /dev/cpuctl/fg_boost 81 chown system system /dev/cpuctl/fg_boost/tasks 82 chmod 0777 /dev/cpuctl/fg_boost/tasks 83 write /dev/cpuctl/fg_boost/cpu.shares 1024 84 85 mkdir /dev/cpuctl/bg_non_interactive 86 chown system system /dev/cpuctl/bg_non_interactive/tasks 87 chmod 0777 /dev/cpuctl/bg_non_interactive/tasks 88 # 5.0 % 89 write /dev/cpuctl/bg_non_interactive/cpu.shares 52 90 91 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 92 # This is needed by any process that uses socket tagging. 93 chmod 0644 /dev/xt_qtaguid 94 95 on fs 96 # mount mtd partitions 97 # Mount /system rw first to give the filesystem a chance to save a checkpoint 98 mount yaffs2 mtd@system /system 99 mount yaffs2 mtd@system /system ro remount 100 mount yaffs2 mtd@userdata /data nosuid nodev 101 mount yaffs2 mtd@cache /cache nosuid nodev 102 103 on post-fs 104 # once everything is setup, no need to modify / 105 mount rootfs rootfs / ro remount 106 107 # We chown/chmod /cache again so because mount is run as root + defaults 108 chown system cache /cache 109 chmod 0770 /cache 110 111 # This may have been created by the recovery system with odd permissions 112 chown system cache /cache/recovery 113 chmod 0770 /cache/recovery 114 115 #change permissions on vmallocinfo so we can grab it from bugreports 116 chown root log /proc/vmallocinfo 117 chmod 0440 /proc/vmallocinfo 118 119 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 120 chown root system /proc/kmsg 121 chmod 0440 /proc/kmsg 122 chown root system /proc/sysrq-trigger 123 chmod 0220 /proc/sysrq-trigger 124 125 # create the lost+found directories, so as to enforce our permissions 126 mkdir /cache/lost+found 0770 root root 127 128 on post-fs-data 129 # We chown/chmod /data again so because mount is run as root + defaults 130 chown system system /data 131 chmod 0771 /data 132 133 # Create dump dir and collect dumps. 134 # Do this before we mount cache so eventually we can use cache for 135 # storing dumps on platforms which do not have a dedicated dump partition. 136 mkdir /data/dontpanic 0750 root log 137 138 # Collect apanic data, free resources and re-arm trigger 139 copy /proc/apanic_console /data/dontpanic/apanic_console 140 chown root log /data/dontpanic/apanic_console 141 chmod 0640 /data/dontpanic/apanic_console 142 143 copy /proc/apanic_threads /data/dontpanic/apanic_threads 144 chown root log /data/dontpanic/apanic_threads 145 chmod 0640 /data/dontpanic/apanic_threads 146 147 write /proc/apanic_console 1 148 149 # create basic filesystem structure 150 mkdir /data/misc 01771 system misc 151 mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth 152 mkdir /data/misc/bluetooth 0770 system system 153 mkdir /data/misc/keystore 0700 keystore keystore 154 mkdir /data/misc/keychain 0771 system system 155 mkdir /data/misc/vpn 0770 system vpn 156 mkdir /data/misc/systemkeys 0700 system system 157 # give system access to wpa_supplicant.conf for backup and restore 158 mkdir /data/misc/wifi 0770 wifi wifi 159 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 160 mkdir /data/local 0751 root root 161 mkdir /data/local/tmp 0771 shell shell 162 mkdir /data/data 0771 system system 163 mkdir /data/app-private 0771 system system 164 mkdir /data/app 0771 system system 165 mkdir /data/property 0700 root root 166 167 # create dalvik-cache, so as to enforce our permissions 168 mkdir /data/dalvik-cache 0771 system system 169 170 # create resource-cache and double-check the perms 171 mkdir /data/resource-cache 0771 system system 172 chown system system /data/resource-cache 173 chmod 0771 /data/resource-cache 174 175 # create the lost+found directories, so as to enforce our permissions 176 mkdir /data/lost+found 0770 root root 177 178 # create directory for DRM plug-ins - give drm the read/write access to 179 # the following directory. 180 mkdir /data/drm 0770 drm drm 181 182 # If there is no fs-post-data action in the init.<device>.rc file, you 183 # must uncomment this line, otherwise encrypted filesystems 184 # won't work. 185 # Set indication (checked by vold) that we have finished this action 186 #setprop vold.post_fs_data_done 1 187 188 chown system system /sys/class/android_usb/android0/f_mass_storage/lun/file 189 chmod 0660 /sys/class/android_usb/android0/f_mass_storage/lun/file 190 chown system system /sys/class/android_usb/android0/f_rndis/ethaddr 191 chmod 0660 /sys/class/android_usb/android0/f_rndis/ethaddr 192 193 on boot 194 # basic network init 195 ifup lo 196 hostname localhost 197 domainname localdomain 198 199 # set RLIMIT_NICE to allow priorities from 19 to -20 200 setrlimit 13 40 40 201 202 # Memory management. Basic kernel parameters, and allow the high 203 # level system server to be able to adjust the kernel OOM driver 204 # paramters to match how it is managing things. 205 write /proc/sys/vm/overcommit_memory 1 206 write /proc/sys/vm/min_free_order_shift 4 207 chown root system /sys/module/lowmemorykiller/parameters/adj 208 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 209 chown root system /sys/module/lowmemorykiller/parameters/minfree 210 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 211 212 # Tweak background writeout 213 write /proc/sys/vm/dirty_expire_centisecs 200 214 write /proc/sys/vm/dirty_background_ratio 5 215 216 # Permissions for System Server and daemons. 217 chown radio system /sys/android_power/state 218 chown radio system /sys/android_power/request_state 219 chown radio system /sys/android_power/acquire_full_wake_lock 220 chown radio system /sys/android_power/acquire_partial_wake_lock 221 chown radio system /sys/android_power/release_wake_lock 222 chown radio system /sys/power/state 223 chown radio system /sys/power/wake_lock 224 chown radio system /sys/power/wake_unlock 225 chmod 0660 /sys/power/state 226 chmod 0660 /sys/power/wake_lock 227 chmod 0660 /sys/power/wake_unlock 228 chown system system /sys/class/timed_output/vibrator/enable 229 chown system system /sys/class/leds/keyboard-backlight/brightness 230 chown system system /sys/class/leds/lcd-backlight/brightness 231 chown system system /sys/class/leds/button-backlight/brightness 232 chown system system /sys/class/leds/jogball-backlight/brightness 233 chown system system /sys/class/leds/red/brightness 234 chown system system /sys/class/leds/green/brightness 235 chown system system /sys/class/leds/blue/brightness 236 chown system system /sys/class/leds/red/device/grpfreq 237 chown system system /sys/class/leds/red/device/grppwm 238 chown system system /sys/class/leds/red/device/blink 239 chown system system /sys/class/leds/red/brightness 240 chown system system /sys/class/leds/green/brightness 241 chown system system /sys/class/leds/blue/brightness 242 chown system system /sys/class/leds/red/device/grpfreq 243 chown system system /sys/class/leds/red/device/grppwm 244 chown system system /sys/class/leds/red/device/blink 245 chown system system /sys/class/timed_output/vibrator/enable 246 chown system system /sys/module/sco/parameters/disable_esco 247 chown system system /sys/kernel/ipv4/tcp_wmem_min 248 chown system system /sys/kernel/ipv4/tcp_wmem_def 249 chown system system /sys/kernel/ipv4/tcp_wmem_max 250 chown system system /sys/kernel/ipv4/tcp_rmem_min 251 chown system system /sys/kernel/ipv4/tcp_rmem_def 252 chown system system /sys/kernel/ipv4/tcp_rmem_max 253 chown root radio /proc/cmdline 254 255 # Define TCP buffer sizes for various networks 256 # ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax, 257 setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208 258 setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576 259 setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576 260 setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208 261 setprop net.tcp.buffersize.hspa 4094,87380,262144,4096,16384,262144 262 setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040 263 setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680 264 265 # Set this property so surfaceflinger is not started by system_init 266 setprop system_init.startsurfaceflinger 0 267 268 class_start core 269 class_start main 270 271 on nonencrypted 272 class_start late_start 273 274 on charger 275 class_start charger 276 277 on property:vold.decrypt=trigger_reset_main 278 class_reset main 279 280 on property:vold.decrypt=trigger_load_persist_props 281 load_persist_props 282 283 on property:vold.decrypt=trigger_post_fs_data 284 trigger post-fs-data 285 286 on property:vold.decrypt=trigger_restart_min_framework 287 class_start main 288 289 on property:vold.decrypt=trigger_restart_framework 290 class_start main 291 class_start late_start 292 293 on property:vold.decrypt=trigger_shutdown_framework 294 class_reset late_start 295 class_reset main 296 297 # Used to disable USB when switching states 298 on property:sys.usb.config=none 299 stop adbd 300 write /sys/class/android_usb/android0/enable 0 301 write /sys/class/android_usb/android0/bDeviceClass 0 302 setprop sys.usb.state $sys.usb.config 303 304 # adb only USB configuration 305 # This should only be used during device bringup 306 # and as a fallback if the USB manager fails to set a standard configuration 307 on property:sys.usb.config=adb 308 write /sys/class/android_usb/android0/enable 0 309 write /sys/class/android_usb/android0/idVendor 18d1 310 write /sys/class/android_usb/android0/idProduct D002 311 write /sys/class/android_usb/android0/functions $sys.usb.config 312 write /sys/class/android_usb/android0/enable 1 313 start adbd 314 setprop sys.usb.state $sys.usb.config 315 316 # USB accessory configuration 317 on property:sys.usb.config=accessory 318 write /sys/class/android_usb/android0/enable 0 319 write /sys/class/android_usb/android0/idVendor 18d1 320 write /sys/class/android_usb/android0/idProduct 2d00 321 write /sys/class/android_usb/android0/functions $sys.usb.config 322 write /sys/class/android_usb/android0/enable 1 323 setprop sys.usb.state $sys.usb.config 324 325 # USB accessory configuration, with adb 326 on property:sys.usb.config=accessory,adb 327 write /sys/class/android_usb/android0/enable 0 328 write /sys/class/android_usb/android0/idVendor 18d1 329 write /sys/class/android_usb/android0/idProduct 2d01 330 write /sys/class/android_usb/android0/functions $sys.usb.config 331 write /sys/class/android_usb/android0/enable 1 332 start adbd 333 setprop sys.usb.state $sys.usb.config 334 335 # Used to set USB configuration at boot and to switch the configuration 336 # when changing the default configuration 337 on property:persist.sys.usb.config=* 338 setprop sys.usb.config $persist.sys.usb.config 339 340 ## Daemon processes to be run by init. 341 ## 342 service ueventd /sbin/ueventd 343 class core 344 critical 345 346 service console /system/bin/sh 347 class core 348 console 349 disabled 350 user shell 351 group log 352 353 on property:ro.debuggable=1 354 start console 355 356 # adbd is controlled via property triggers in init.<platform>.usb.rc 357 service adbd /sbin/adbd 358 class core 359 disabled 360 361 # adbd on at boot in emulator 362 on property:ro.kernel.qemu=1 363 start adbd 364 365 # This property trigger has added to imitiate the previous behavior of "adb root". 366 # The adb gadget driver used to reset the USB bus when the adbd daemon exited, 367 # and the host side adb relied on this behavior to force it to reconnect with the 368 # new adbd instance after init relaunches it. So now we force the USB bus to reset 369 # here when adbd sets the service.adb.root property to 1. We also restart adbd here 370 # rather than waiting for init to notice its death and restarting it so the timing 371 # of USB resetting and adb restarting more closely matches the previous behavior. 372 on property:service.adb.root=1 373 write /sys/class/android_usb/android0/enable 0 374 restart adbd 375 write /sys/class/android_usb/android0/enable 1 376 377 service servicemanager /system/bin/servicemanager 378 class core 379 user system 380 group system 381 critical 382 onrestart restart zygote 383 onrestart restart media 384 onrestart restart surfaceflinger 385 onrestart restart drm 386 387 service vold /system/bin/vold 388 class core 389 socket vold stream 0660 root mount 390 ioprio be 2 391 392 service netd /system/bin/netd 393 class main 394 socket netd stream 0660 root system 395 socket dnsproxyd stream 0660 root inet 396 397 service debuggerd /system/bin/debuggerd 398 class main 399 400 service ril-daemon /system/bin/rild 401 class main 402 socket rild stream 660 root radio 403 socket rild-debug stream 660 radio system 404 user root 405 group radio cache inet misc audio sdcard_rw log 406 407 service surfaceflinger /system/bin/surfaceflinger 408 class main 409 user system 410 group graphics 411 onrestart restart zygote 412 413 service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server 414 class main 415 socket zygote stream 666 416 onrestart write /sys/android_power/request_state wake 417 onrestart write /sys/power/state on 418 onrestart restart media 419 onrestart restart netd 420 421 service drm /system/bin/drmserver 422 class main 423 user drm 424 group system inet drmrpc 425 426 service media /system/bin/mediaserver 427 class main 428 user media 429 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc 430 ioprio rt 4 431 432 service bootanim /system/bin/bootanimation 433 class main 434 user graphics 435 group graphics 436 disabled 437 oneshot 438 439 service dbus /system/bin/dbus-daemon --system --nofork 440 class main 441 socket dbus stream 660 bluetooth bluetooth 442 user bluetooth 443 group bluetooth net_bt_admin 444 445 service bluetoothd /system/bin/bluetoothd -n 446 class main 447 socket bluetooth stream 660 bluetooth bluetooth 448 socket dbus_bluetooth stream 660 bluetooth bluetooth 449 # init.rc does not yet support applying capabilities, so run as root and 450 # let bluetoothd drop uid to bluetooth with the right linux capabilities 451 group bluetooth net_bt_admin misc 452 disabled 453 454 service installd /system/bin/installd 455 class main 456 socket installd stream 600 system system 457 458 service flash_recovery /system/etc/install-recovery.sh 459 class main 460 oneshot 461 462 service racoon /system/bin/racoon 463 class main 464 socket racoon stream 600 system system 465 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 466 group vpn net_admin inet 467 disabled 468 oneshot 469 470 service mtpd /system/bin/mtpd 471 class main 472 socket mtpd stream 600 system system 473 user vpn 474 group vpn net_admin inet net_raw 475 disabled 476 oneshot 477 478 service keystore /system/bin/keystore /data/misc/keystore 479 class main 480 user keystore 481 group keystore 482 socket keystore stream 666 483 484 service dumpstate /system/bin/dumpstate -s 485 class main 486 socket dumpstate stream 0660 shell log 487 disabled 488 oneshot 489
