1 # Copyright (C) 2012 The Android Open Source Project 2 # 3 # IMPORTANT: Do not create world writable files or directories. 4 # This is a common source of Android security bugs. 5 # 6 7 import /init.environ.rc 8 import /init.usb.rc 9 import /init.${ro.hardware}.rc 10 import /init.usb.configfs.rc 11 import /init.${ro.zygote}.rc 12 13 on early-init 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_score_adj -1000 16 17 # Disable sysrq from keyboard 18 write /proc/sys/kernel/sysrq 0 19 20 # Set the security context of /adb_keys if present. 21 restorecon /adb_keys 22 23 # Shouldn't be necessary, but sdcard won't start without it. http://b/22568628. 24 mkdir /mnt 0775 root system 25 26 # Set the security context of /postinstall if present. 27 restorecon /postinstall 28 29 start ueventd 30 31 on init 32 sysclktz 0 33 34 # Mix device-specific information into the entropy pool 35 copy /proc/cmdline /dev/urandom 36 copy /default.prop /dev/urandom 37 38 # Backward compatibility. 39 symlink /system/etc /etc 40 symlink /sys/kernel/debug /d 41 42 # Link /vendor to /system/vendor for devices without a vendor partition. 43 symlink /system/vendor /vendor 44 45 # Mount cgroup mount point for cpu accounting 46 mount cgroup none /acct cpuacct 47 mkdir /acct/uid 48 49 # Create energy-aware scheduler tuning nodes 50 mkdir /dev/stune 51 mount cgroup none /dev/stune schedtune 52 mkdir /dev/stune/foreground 53 mkdir /dev/stune/background 54 mkdir /dev/stune/top-app 55 chown system system /dev/stune 56 chown system system /dev/stune/foreground 57 chown system system /dev/stune/background 58 chown system system /dev/stune/top-app 59 chown system system /dev/stune/tasks 60 chown system system /dev/stune/foreground/tasks 61 chown system system /dev/stune/background/tasks 62 chown system system /dev/stune/top-app/tasks 63 chmod 0664 /dev/stune/tasks 64 chmod 0664 /dev/stune/foreground/tasks 65 chmod 0664 /dev/stune/background/tasks 66 chmod 0664 /dev/stune/top-app/tasks 67 68 # Mount staging areas for devices managed by vold 69 # See storage config details at http://source.android.com/tech/storage/ 70 mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000 71 restorecon_recursive /mnt 72 73 mount configfs none /config 74 chmod 0775 /config/sdcardfs 75 chown system package_info /config/sdcardfs 76 77 mkdir /mnt/secure 0700 root root 78 mkdir /mnt/secure/asec 0700 root root 79 mkdir /mnt/asec 0755 root system 80 mkdir /mnt/obb 0755 root system 81 mkdir /mnt/media_rw 0750 root media_rw 82 mkdir /mnt/user 0755 root root 83 mkdir /mnt/user/0 0755 root root 84 mkdir /mnt/expand 0771 system system 85 mkdir /mnt/appfuse 0711 root root 86 87 # Storage views to support runtime permissions 88 mkdir /mnt/runtime 0700 root root 89 mkdir /mnt/runtime/default 0755 root root 90 mkdir /mnt/runtime/default/self 0755 root root 91 mkdir /mnt/runtime/read 0755 root root 92 mkdir /mnt/runtime/read/self 0755 root root 93 mkdir /mnt/runtime/write 0755 root root 94 mkdir /mnt/runtime/write/self 0755 root root 95 96 # Symlink to keep legacy apps working in multi-user world 97 symlink /storage/self/primary /sdcard 98 symlink /storage/self/primary /mnt/sdcard 99 symlink /mnt/user/0/primary /mnt/runtime/default/self/primary 100 101 # root memory control cgroup, used by lmkd 102 mkdir /dev/memcg 0700 root system 103 mount cgroup none /dev/memcg memory 104 # app mem cgroups, used by activity manager, lmkd and zygote 105 mkdir /dev/memcg/apps/ 0755 system system 106 107 write /proc/sys/kernel/panic_on_oops 1 108 write /proc/sys/kernel/hung_task_timeout_secs 0 109 write /proc/cpu/alignment 4 110 111 # scheduler tunables 112 # Disable auto-scaling of scheduler tunables with hotplug. The tunables 113 # will vary across devices in unpredictable ways if allowed to scale with 114 # cpu cores. 115 write /proc/sys/kernel/sched_tunable_scaling 0 116 write /proc/sys/kernel/sched_latency_ns 10000000 117 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 118 write /proc/sys/kernel/sched_child_runs_first 0 119 120 write /proc/sys/kernel/randomize_va_space 2 121 write /proc/sys/kernel/kptr_restrict 2 122 write /proc/sys/vm/mmap_min_addr 32768 123 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" 124 write /proc/sys/net/unix/max_dgram_qlen 600 125 write /proc/sys/kernel/sched_rt_runtime_us 950000 126 write /proc/sys/kernel/sched_rt_period_us 1000000 127 128 # reflect fwmark from incoming packets onto generated replies 129 write /proc/sys/net/ipv4/fwmark_reflect 1 130 write /proc/sys/net/ipv6/fwmark_reflect 1 131 132 # set fwmark on accepted sockets 133 write /proc/sys/net/ipv4/tcp_fwmark_accept 1 134 135 # disable icmp redirects 136 write /proc/sys/net/ipv4/conf/all/accept_redirects 0 137 write /proc/sys/net/ipv6/conf/all/accept_redirects 0 138 139 # Create cgroup mount points for process groups 140 mkdir /dev/cpuctl 141 mount cgroup none /dev/cpuctl cpu 142 chown system system /dev/cpuctl 143 chown system system /dev/cpuctl/tasks 144 chmod 0666 /dev/cpuctl/tasks 145 write /dev/cpuctl/cpu.rt_period_us 1000000 146 write /dev/cpuctl/cpu.rt_runtime_us 950000 147 148 mkdir /dev/cpuctl/bg_non_interactive 149 chown system system /dev/cpuctl/bg_non_interactive/tasks 150 chmod 0666 /dev/cpuctl/bg_non_interactive/tasks 151 # 5.0 % 152 write /dev/cpuctl/bg_non_interactive/cpu.shares 52 153 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000 154 # active FIFO threads will never be in BG 155 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 10000 156 157 # sets up initial cpusets for ActivityManager 158 mkdir /dev/cpuset 159 mount cpuset none /dev/cpuset 160 161 # this ensures that the cpusets are present and usable, but the device's 162 # init.rc must actually set the correct cpus 163 mkdir /dev/cpuset/foreground 164 write /dev/cpuset/foreground/cpus 0 165 write /dev/cpuset/foreground/mems 0 166 mkdir /dev/cpuset/foreground/boost 167 write /dev/cpuset/foreground/boost/cpus 0 168 write /dev/cpuset/foreground/boost/mems 0 169 mkdir /dev/cpuset/background 170 write /dev/cpuset/background/cpus 0 171 write /dev/cpuset/background/mems 0 172 173 # system-background is for system tasks that should only run on 174 # little cores, not on bigs 175 # to be used only by init, so don't change system-bg permissions 176 mkdir /dev/cpuset/system-background 177 write /dev/cpuset/system-background/cpus 0 178 write /dev/cpuset/system-background/mems 0 179 180 mkdir /dev/cpuset/top-app 181 write /dev/cpuset/top-app/cpus 0 182 write /dev/cpuset/top-app/mems 0 183 184 # change permissions for all cpusets we'll touch at runtime 185 chown system system /dev/cpuset 186 chown system system /dev/cpuset/foreground 187 chown system system /dev/cpuset/foreground/boost 188 chown system system /dev/cpuset/background 189 chown system system /dev/cpuset/system-background 190 chown system system /dev/cpuset/top-app 191 chown system system /dev/cpuset/tasks 192 chown system system /dev/cpuset/foreground/tasks 193 chown system system /dev/cpuset/foreground/boost/tasks 194 chown system system /dev/cpuset/background/tasks 195 chown system system /dev/cpuset/system-background/tasks 196 chown system system /dev/cpuset/top-app/tasks 197 198 # set system-background to 0775 so SurfaceFlinger can touch it 199 chmod 0775 /dev/cpuset/system-background 200 201 chmod 0664 /dev/cpuset/foreground/tasks 202 chmod 0664 /dev/cpuset/foreground/boost/tasks 203 chmod 0664 /dev/cpuset/background/tasks 204 chmod 0664 /dev/cpuset/system-background/tasks 205 chmod 0664 /dev/cpuset/top-app/tasks 206 chmod 0664 /dev/cpuset/tasks 207 208 209 # qtaguid will limit access to specific data based on group memberships. 210 # net_bw_acct grants impersonation of socket owners. 211 # net_bw_stats grants access to other apps' detailed tagged-socket stats. 212 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl 213 chown root net_bw_stats /proc/net/xt_qtaguid/stats 214 215 # Allow everybody to read the xt_qtaguid resource tracking misc dev. 216 # This is needed by any process that uses socket tagging. 217 chmod 0644 /dev/xt_qtaguid 218 219 # Create location for fs_mgr to store abbreviated output from filesystem 220 # checker programs. 221 mkdir /dev/fscklogs 0770 root system 222 223 # pstore/ramoops previous console log 224 mount pstore pstore /sys/fs/pstore 225 chown system log /sys/fs/pstore/console-ramoops 226 chmod 0440 /sys/fs/pstore/console-ramoops 227 chown system log /sys/fs/pstore/pmsg-ramoops-0 228 chmod 0440 /sys/fs/pstore/pmsg-ramoops-0 229 230 # enable armv8_deprecated instruction hooks 231 write /proc/sys/abi/swp 1 232 233 # Linux's execveat() syscall may construct paths containing /dev/fd 234 # expecting it to point to /proc/self/fd 235 symlink /proc/self/fd /dev/fd 236 237 export DOWNLOAD_CACHE /data/cache 238 239 # Healthd can trigger a full boot from charger mode by signaling this 240 # property when the power button is held. 241 on property:sys.boot_from_charger_mode=1 242 class_stop charger 243 trigger late-init 244 245 # Load properties from /system/ + /factory after fs mount. 246 on load_system_props_action 247 load_system_props 248 249 on load_persist_props_action 250 load_persist_props 251 start logd 252 start logd-reinit 253 254 # Indicate to fw loaders that the relevant mounts are up. 255 on firmware_mounts_complete 256 rm /dev/.booting 257 258 # Mount filesystems and start core system services. 259 on late-init 260 trigger early-fs 261 trigger fs 262 trigger post-fs 263 264 # Load properties from /system/ + /factory after fs mount. Place 265 # this in another action so that the load will be scheduled after the prior 266 # issued fs triggers have completed. 267 trigger load_system_props_action 268 269 # Now we can mount /data. File encryption requires keymaster to decrypt 270 # /data, which in turn can only be loaded when system properties are present 271 trigger post-fs-data 272 trigger load_persist_props_action 273 274 # Remove a file to wake up anything waiting for firmware. 275 trigger firmware_mounts_complete 276 277 trigger early-boot 278 trigger boot 279 280 281 on post-fs 282 start logd 283 # once everything is setup, no need to modify / 284 mount rootfs rootfs / ro remount 285 # Mount shared so changes propagate into child namespaces 286 mount rootfs rootfs / shared rec 287 # Mount default storage into root namespace 288 mount none /mnt/runtime/default /storage slave bind rec 289 290 # Make sure /sys/kernel/debug (if present) is labeled properly 291 restorecon_recursive /sys/kernel/debug 292 293 # We chown/chmod /cache again so because mount is run as root + defaults 294 chown system cache /cache 295 chmod 0770 /cache 296 # We restorecon /cache in case the cache partition has been reset. 297 restorecon_recursive /cache 298 299 # Create /cache/recovery in case it's not there. It'll also fix the odd 300 # permissions if created by the recovery system. 301 mkdir /cache/recovery 0770 system cache 302 303 # Backup/restore mechanism uses the cache partition 304 mkdir /cache/backup_stage 0700 system system 305 mkdir /cache/backup 0700 system system 306 307 #change permissions on vmallocinfo so we can grab it from bugreports 308 chown root log /proc/vmallocinfo 309 chmod 0440 /proc/vmallocinfo 310 311 chown root log /proc/slabinfo 312 chmod 0440 /proc/slabinfo 313 314 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 315 chown root system /proc/kmsg 316 chmod 0440 /proc/kmsg 317 chown root system /proc/sysrq-trigger 318 chmod 0220 /proc/sysrq-trigger 319 chown system log /proc/last_kmsg 320 chmod 0440 /proc/last_kmsg 321 322 # make the selinux kernel policy world-readable 323 chmod 0444 /sys/fs/selinux/policy 324 325 # create the lost+found directories, so as to enforce our permissions 326 mkdir /cache/lost+found 0770 root root 327 328 on post-fs-data 329 # We chown/chmod /data again so because mount is run as root + defaults 330 chown system system /data 331 chmod 0771 /data 332 # We restorecon /data in case the userdata partition has been reset. 333 restorecon /data 334 335 # start debuggerd to make debugging early-boot crashes easier. 336 start debuggerd 337 start debuggerd64 338 339 # Make sure we have the device encryption key. 340 start vold 341 installkey /data 342 343 # Start bootcharting as soon as possible after the data partition is 344 # mounted to collect more data. 345 mkdir /data/bootchart 0755 shell shell 346 bootchart_init 347 348 # Avoid predictable entropy pool. Carry over entropy from previous boot. 349 copy /data/system/entropy.dat /dev/urandom 350 351 # create basic filesystem structure 352 mkdir /data/misc 01771 system misc 353 mkdir /data/misc/bluedroid 02770 bluetooth net_bt_stack 354 # Fix the access permissions and group ownership for 'bt_config.conf' 355 chmod 0660 /data/misc/bluedroid/bt_config.conf 356 chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf 357 mkdir /data/misc/bluetooth 0770 system system 358 mkdir /data/misc/keystore 0700 keystore keystore 359 mkdir /data/misc/gatekeeper 0700 system system 360 mkdir /data/misc/keychain 0771 system system 361 mkdir /data/misc/net 0750 root shell 362 mkdir /data/misc/radio 0770 system radio 363 mkdir /data/misc/sms 0770 system radio 364 mkdir /data/misc/zoneinfo 0775 system system 365 mkdir /data/misc/vpn 0770 system vpn 366 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro 367 mkdir /data/misc/systemkeys 0700 system system 368 mkdir /data/misc/wifi 0770 wifi wifi 369 mkdir /data/misc/wifi/sockets 0770 wifi wifi 370 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi 371 mkdir /data/misc/ethernet 0770 system system 372 mkdir /data/misc/dhcp 0770 dhcp dhcp 373 mkdir /data/misc/user 0771 root root 374 mkdir /data/misc/perfprofd 0775 root root 375 # give system access to wpa_supplicant.conf for backup and restore 376 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 377 mkdir /data/local 0751 root root 378 mkdir /data/misc/media 0700 media media 379 mkdir /data/misc/audioserver 0700 audioserver audioserver 380 mkdir /data/misc/cameraserver 0700 cameraserver cameraserver 381 mkdir /data/misc/vold 0700 root root 382 mkdir /data/misc/boottrace 0771 system shell 383 mkdir /data/misc/update_engine 0700 root root 384 mkdir /data/misc/trace 0700 root root 385 # profile file layout 386 mkdir /data/misc/profiles 0771 system system 387 mkdir /data/misc/profiles/cur 0771 system system 388 mkdir /data/misc/profiles/ref 0771 system system 389 mkdir /data/misc/profman 0770 system shell 390 391 # For security reasons, /data/local/tmp should always be empty. 392 # Do not place files or directories in /data/local/tmp 393 mkdir /data/local/tmp 0771 shell shell 394 mkdir /data/data 0771 system system 395 mkdir /data/app-private 0771 system system 396 mkdir /data/app-ephemeral 0771 system system 397 mkdir /data/app-asec 0700 root root 398 mkdir /data/app-lib 0771 system system 399 mkdir /data/app 0771 system system 400 mkdir /data/property 0700 root root 401 mkdir /data/tombstones 0771 system system 402 403 # create dalvik-cache, so as to enforce our permissions 404 mkdir /data/dalvik-cache 0771 root root 405 # create the A/B OTA directory, so as to enforce our permissions 406 mkdir /data/ota 0771 root root 407 408 # create the OTA package directory. It will be accessed by GmsCore (cache 409 # group), update_engine and update_verifier. 410 mkdir /data/ota_package 0770 system cache 411 412 # create resource-cache and double-check the perms 413 mkdir /data/resource-cache 0771 system system 414 chown system system /data/resource-cache 415 chmod 0771 /data/resource-cache 416 417 # create the lost+found directories, so as to enforce our permissions 418 mkdir /data/lost+found 0770 root root 419 420 # create directory for DRM plug-ins - give drm the read/write access to 421 # the following directory. 422 mkdir /data/drm 0770 drm drm 423 424 # create directory for MediaDrm plug-ins - give drm the read/write access to 425 # the following directory. 426 mkdir /data/mediadrm 0770 mediadrm mediadrm 427 428 mkdir /data/anr 0775 system system 429 430 # symlink to bugreport storage location 431 rm /data/bugreports 432 symlink /data/user_de/0/com.android.shell/files/bugreports /data/bugreports 433 434 # Separate location for storing security policy files on data 435 mkdir /data/security 0711 system system 436 437 # Create all remaining /data root dirs so that they are made through init 438 # and get proper encryption policy installed 439 mkdir /data/backup 0700 system system 440 mkdir /data/ss 0700 system system 441 442 mkdir /data/system 0775 system system 443 mkdir /data/system/heapdump 0700 system system 444 mkdir /data/system/users 0775 system system 445 446 mkdir /data/system_de 0770 system system 447 mkdir /data/system_ce 0770 system system 448 449 mkdir /data/misc_de 01771 system misc 450 mkdir /data/misc_ce 01771 system misc 451 452 mkdir /data/user 0711 system system 453 mkdir /data/user_de 0711 system system 454 symlink /data/data /data/user/0 455 456 mkdir /data/media 0770 media_rw media_rw 457 mkdir /data/media/obb 0770 media_rw media_rw 458 459 mkdir /data/cache 0770 system cache 460 mkdir /data/cache/recovery 0770 system cache 461 mkdir /data/cache/backup_stage 0700 system system 462 mkdir /data/cache/backup 0700 system system 463 464 init_user0 465 466 # Reload policy from /data/security if present. 467 setprop selinux.reload_policy 1 468 469 # Set SELinux security contexts on upgrade or policy update. 470 restorecon_recursive /data 471 472 # Check any timezone data in /data is newer than the copy in /system, delete if not. 473 exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo 474 475 # If there is no fs-post-data action in the init.<device>.rc file, you 476 # must uncomment this line, otherwise encrypted filesystems 477 # won't work. 478 # Set indication (checked by vold) that we have finished this action 479 #setprop vold.post_fs_data_done 1 480 481 on boot 482 # basic network init 483 ifup lo 484 hostname localhost 485 domainname localdomain 486 487 # set RLIMIT_NICE to allow priorities from 19 to -20 488 setrlimit 13 40 40 489 490 # Memory management. Basic kernel parameters, and allow the high 491 # level system server to be able to adjust the kernel OOM driver 492 # parameters to match how it is managing things. 493 write /proc/sys/vm/overcommit_memory 1 494 write /proc/sys/vm/min_free_order_shift 4 495 chown root system /sys/module/lowmemorykiller/parameters/adj 496 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 497 chown root system /sys/module/lowmemorykiller/parameters/minfree 498 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 499 500 # Tweak background writeout 501 write /proc/sys/vm/dirty_expire_centisecs 200 502 write /proc/sys/vm/dirty_background_ratio 5 503 504 # Permissions for System Server and daemons. 505 chown radio system /sys/android_power/state 506 chown radio system /sys/android_power/request_state 507 chown radio system /sys/android_power/acquire_full_wake_lock 508 chown radio system /sys/android_power/acquire_partial_wake_lock 509 chown radio system /sys/android_power/release_wake_lock 510 chown system system /sys/power/autosleep 511 chown system system /sys/power/state 512 chown system system /sys/power/wakeup_count 513 chown radio wakelock /sys/power/wake_lock 514 chown radio wakelock /sys/power/wake_unlock 515 chmod 0660 /sys/power/state 516 chmod 0660 /sys/power/wake_lock 517 chmod 0660 /sys/power/wake_unlock 518 519 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 520 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 521 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack 522 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack 523 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 524 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 525 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 526 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 527 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads 528 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads 529 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 530 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 531 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 532 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 533 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 534 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 535 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 536 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 537 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 538 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 539 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration 540 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 541 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy 542 543 # Assume SMP uses shared cpufreq policy for all CPUs 544 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 545 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 546 547 chown system system /sys/class/timed_output/vibrator/enable 548 chown system system /sys/class/leds/keyboard-backlight/brightness 549 chown system system /sys/class/leds/lcd-backlight/brightness 550 chown system system /sys/class/leds/button-backlight/brightness 551 chown system system /sys/class/leds/jogball-backlight/brightness 552 chown system system /sys/class/leds/red/brightness 553 chown system system /sys/class/leds/green/brightness 554 chown system system /sys/class/leds/blue/brightness 555 chown system system /sys/class/leds/red/device/grpfreq 556 chown system system /sys/class/leds/red/device/grppwm 557 chown system system /sys/class/leds/red/device/blink 558 chown system system /sys/class/timed_output/vibrator/enable 559 chown system system /sys/module/sco/parameters/disable_esco 560 chown system system /sys/kernel/ipv4/tcp_wmem_min 561 chown system system /sys/kernel/ipv4/tcp_wmem_def 562 chown system system /sys/kernel/ipv4/tcp_wmem_max 563 chown system system /sys/kernel/ipv4/tcp_rmem_min 564 chown system system /sys/kernel/ipv4/tcp_rmem_def 565 chown system system /sys/kernel/ipv4/tcp_rmem_max 566 chown root radio /proc/cmdline 567 568 # Define default initial receive window size in segments. 569 setprop net.tcp.default_init_rwnd 60 570 571 class_start core 572 573 on nonencrypted 574 # A/B update verifier that marks a successful boot. 575 exec - root cache -- /system/bin/update_verifier nonencrypted 576 class_start main 577 class_start late_start 578 579 on property:sys.init_log_level=* 580 loglevel ${sys.init_log_level} 581 582 on charger 583 class_start charger 584 585 on property:vold.decrypt=trigger_reset_main 586 class_reset main 587 588 on property:vold.decrypt=trigger_load_persist_props 589 load_persist_props 590 start logd 591 start logd-reinit 592 593 on property:vold.decrypt=trigger_post_fs_data 594 trigger post-fs-data 595 596 on property:vold.decrypt=trigger_restart_min_framework 597 # A/B update verifier that marks a successful boot. 598 exec - root cache -- /system/bin/update_verifier trigger_restart_min_framework 599 class_start main 600 601 on property:vold.decrypt=trigger_restart_framework 602 # A/B update verifier that marks a successful boot. 603 exec - root cache -- /system/bin/update_verifier trigger_restart_framework 604 class_start main 605 class_start late_start 606 607 on property:vold.decrypt=trigger_shutdown_framework 608 class_reset late_start 609 class_reset main 610 611 on property:sys.powerctl=* 612 powerctl ${sys.powerctl} 613 614 # system server cannot write to /proc/sys files, 615 # and chown/chmod does not work for /proc/sys/ entries. 616 # So proxy writes through init. 617 on property:sys.sysctl.extra_free_kbytes=* 618 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} 619 620 # "tcp_default_init_rwnd" Is too long! 621 on property:sys.sysctl.tcp_def_init_rwnd=* 622 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} 623 624 on property:security.perf_harden=0 625 write /proc/sys/kernel/perf_event_paranoid 1 626 627 on property:security.perf_harden=1 628 write /proc/sys/kernel/perf_event_paranoid 3 629 630 ## Daemon processes to be run by init. 631 ## 632 service ueventd /sbin/ueventd 633 class core 634 critical 635 seclabel u:r:ueventd:s0 636 637 service healthd /sbin/healthd 638 class core 639 critical 640 seclabel u:r:healthd:s0 641 group root system wakelock 642 643 service console /system/bin/sh 644 class core 645 console 646 disabled 647 user shell 648 group shell log readproc 649 seclabel u:r:shell:s0 650 651 on property:ro.debuggable=1 652 # Give writes to anyone for the trace folder on debug builds. 653 # The folder is used to store method traces. 654 chmod 0773 /data/misc/trace 655 start console 656 657 service flash_recovery /system/bin/install-recovery.sh 658 class main 659 oneshot 660
