Gitiles
Code Review Sign In
gerrit.twrp.me / android_device_samsung_j5lte / b8244e3462b969e74a830d9d999efac4d333a9c9 / . / rootdir / etc / init.rc
blob: d67dfd3d9ccb9071fe3fae61b19c1ef5e484881f [file] [log] [blame]
# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#
import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.${ro.zygote}.rc
import /init.trace.rc
import /init.sec_debug.rc
import /init.carrier.rc
import /init.rilcommon.rc
import /init.container.rc
# Include CM's extra init file
import /init.cm.rc
on early-init
# Set init and its forked children's oom_adj.
write /proc/1/oom_score_adj -1000
# Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
write /sys/fs/selinux/checkreqprot 0
# Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started.
setcon u:r:init:s0
# Set the security context of /adb_keys if present.
restorecon /adb_keys
start ueventd
# create mountpoints
mkdir /mnt 0775 root system
on init
sysclktz 0
loglevel 3
# SEC_SELINUX
# for audit message
chown system system /proc/avc_msg
chmod 0660 /proc/avc_msg
# Backward compatibility
symlink /system/etc /etc
symlink /sys/kernel/debug /d
# permission for CHARGING
chown system radio /sys/class/power_supply/battery/batt_discharging_check
chown system radio /sys/class/power_supply/battery/batt_discharging_check_adc
chown system radio /sys/class/power_supply/battery/batt_discharging_ntc
chown system radio /sys/class/power_supply/battery/batt_discharging_ntc_adc
chown system radio /sys/class/power_supply/battery/batt_self_discharging_control
chown system radio /sys/class/sec/switch/otg_test
chown system radio /sys/class/sec/switch/uart_en
# Right now vendor lives on the same filesystem as system,
# but someday that may change.
symlink /system/vendor /vendor
# Create cgroup mount point for cpu accounting
mkdir /acct
mount cgroup none /acct cpuacct
mkdir /acct/uid
# Create cgroup mount point for memory
mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
mkdir /sys/fs/cgroup/memory 0750 root system
mount cgroup none /sys/fs/cgroup/memory memory
write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/tasks
chmod 0660 /sys/fs/cgroup/memory/tasks
mkdir /sys/fs/cgroup/memory/sw 0750 root system
write /sys/fs/cgroup/memory/sw/memory.swappiness 100
write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/sw/tasks
chmod 0660 /sys/fs/cgroup/memory/sw/tasks
chmod 0220 /sys/fs/cgroup/memory/cgroup.event_control
mkdir /system
mkdir /data 0771 system system
mkdir /cache 0770 system cache
mkdir /config 0500 root root
mkdir /efs 0771 system radio
# See storage config details at http://source.android.com/tech/storage/
mkdir /mnt/shell 0700 shell shell
mkdir /mnt/media_rw 0700 media_rw media_rw
mkdir /storage 0751 root sdcard_r
# Directory for putting things only root should see.
mkdir /mnt/secure 0700 root root
symlink /dev/block/platform/7824900.sdhci/by-name/persistent /dev/block/persistent
# Directory for staging bindmounts
mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
mkdir /mnt/secure/asec 0700 root root
# Secure container public mount points.
mkdir /mnt/asec 0700 root system
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# Filesystem image public mount points.
mkdir /mnt/obb 0700 root system
mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
# memory control cgroup
mkdir /dev/memcg 0700 root system
mount cgroup none /dev/memcg memory
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
write /proc/sys/net/unix/max_dgram_qlen 300
write /proc/sys/kernel/sched_rt_runtime_us 950000
write /proc/sys/kernel/sched_rt_period_us 1000000
# reflect fwmark from incoming packets onto generated replies
write /proc/sys/net/ipv4/fwmark_reflect 1
write /proc/sys/net/ipv6/fwmark_reflect 1
# set fwmark on accepted sockets
write /proc/sys/net/ipv4/tcp_fwmark_accept 1
# Create cgroup mount points for process groups
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
chown system system /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0660 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
write /dev/cpuctl/cpu.rt_runtime_us 950000
write /dev/cpuctl/cpu.rt_period_us 1000000
mkdir /dev/cpuctl/apps
chown system system /dev/cpuctl/apps/tasks
chmod 0666 /dev/cpuctl/apps/tasks
write /dev/cpuctl/apps/cpu.shares 1024
write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
write /dev/cpuctl/apps/cpu.rt_period_us 1000000
mkdir /dev/cpuctl/apps/bg_non_interactive
chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
# 5.0 %
write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
# Create cgroup mount points for process groups
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
chown system system /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0666 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
write /dev/cpuctl/cpu.rt_runtime_us 800000
write /dev/cpuctl/cpu.rt_period_us 1000000
mkdir /dev/cpuctl/bg_non_interactive
chown system system /dev/cpuctl/bg_non_interactive/tasks
chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
# 5.0 %
write /dev/cpuctl/bg_non_interactive/cpu.shares 52
write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.
chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
chown root net_bw_stats /proc/net/xt_qtaguid/stats
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
chmod 0644 /dev/xt_qtaguid
# Create location for fs_mgr to store abbreviated output from filesystem
# checker programs.
mkdir /dev/fscklogs 0770 root system
# pstore/ramoops previous console log
mount pstore pstore /sys/fs/pstore
chown system log /sys/fs/pstore/console-ramoops
chmod 0440 /sys/fs/pstore/console-ramoops
# Healthd can trigger a full boot from charger mode by signaling this
# property when the power button is held.
on property:sys.boot_from_charger_mode=1
class_stop charger
trigger late-init
# Load properties from /system/ + /factory after fs mount.
on load_all_props_action
load_all_props
# Indicate to fw loaders that the relevant mounts are up.
on firmware_mounts_complete
rm /dev/.booting
# Mount filesystems and start core system services.
on late-init
trigger early-fs
trigger fs
trigger post-fs
trigger post-fs-data
# Load properties from /system/ + /factory after fs mount. Place
# this in another action so that the load will be scheduled after the prior
# issued fs triggers have completed.
trigger load_all_props_action
# Remove a file to wake up anything waiting for firmware.
trigger firmware_mounts_complete
trigger early-boot
trigger boot
on post-fs
# once everything is setup, no need to modify /
mount rootfs rootfs / ro remount
# mount shared so changes propagate into child namespaces
mount rootfs rootfs / shared rec
# We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache
chmod 0770 /cache
# We restorecon /cache in case the cache partition has been reset.
restorecon_recursive /cache
# This may have been created by the recovery system with odd permissions
chown system cache /cache/recovery
chmod 0770 /cache/recovery
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
chown root log /proc/slabinfo
chmod 0440 /proc/slabinfo
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg
chmod 0440 /proc/kmsg
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
chown system log /proc/last_kmsg
chmod 0440 /proc/last_kmsg
# make the selinux kernel policy world-readable
chmod 0444 /sys/fs/selinux/policy
# create the lost+found directories, so as to enforce our permissions
mkdir /cache/lost+found 0770 root root
on post-fs-data
# sec_efs_file
mkdir /efs/sec_efs 0775 radio system
# We chown/chmod /data again so because mount is run as root + defaults
chown system system /data
chmod 0771 /data
# We restorecon /data in case the userdata partition has been reset.
restorecon /data
restorecon_recursive /data/media
# Avoid predictable entropy pool. Carry over entropy from previous boot.
copy /data/system/entropy.dat /dev/urandom
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
mkdir /data/dontpanic 0750 root log
# Collect apanic data, free resources and re-arm trigger
copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console
copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads
write /proc/apanic_console 1
# create basic filesystem structure
mkdir /data/misc 01771 system misc
mkdir /data/misc/adb 02750 system shell
# SEC_SELINUX
mkdir /data/misc/audit 02775 audit system
mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/net 0750 root shell
mkdir /data/misc/radio 0771 system radio
mkdir /data/misc/sms 0770 system radio
mkdir /data/misc/zoneinfo 0775 system system
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/wifi 0770 wifi system
mkdir /data/misc/wifi/sockets 0770 wifi wifi
mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
mkdir /data/misc/wifi_share_profile 0771 wifi system
mkdir /data/misc/wifi_sns_patch 0770 wifi system
mkdir /data/misc/wifi_hostapd 0771 wifi system
mkdir /data/misc/ethernet 0770 system system
mkdir /data/misc/dhcp 0770 dhcp dhcp
mkdir /data/misc/user 0771 root root
# give system access to wpa_supplicant.conf for backup and restore
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
chown system wifi /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0751 root root
mkdir /data/misc/media 0700 media media
mkdir /data/misc/radio/hatp 0755 radio system
# icd
check_icd
chown system system /dev/icd
chmod 0644 /dev/icd
chown system system /dev/icdr
chmod 0644 /dev/icdr
chown system system /dev/tzic
restorecon /dev/icd
restorecon /dev/icdr
mkdir /data/misc/radio/hatp 0755 radio system
# vpnclient
mkdir /data/misc/vpnclientd 0770 system system
# h2k permission
mkdir /efs/cpk 0771 radio system
chmod 0644 /efs/redata.bin
chmod 0644 /efs/cpk/redata.bin
chown radio radio /efs/h2k.dat
chown radio radio /efs/cpk/h2k.dat
chmod 0644 /efs/h2k.dat
chmod 0644 /efs/cpk/h2k.dat
chown system system /efs/drm/h2k
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app-asec 0700 root root
mkdir /data/app-lib 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
# SA, System SW, SAMSUNG
# create log directory
mkdir /data/log 0775 system log
chown system log /data/log
mkdir /data/anr 0775 system system
chown system system /data/anr
chmod 0775 /data/log
chmod 0775 /data/anr
restorecon /data/log
restorecon /data/anr
# Mobicore
mkdir /data/app/mcRegistry 0775 system system
mkdir /efs/TEE 0770 radio system
chmod 700 /dev/mobicore
chmod 666 /dev/mobicore-user
chown system system /dev/mobicore
chown radio system /dev/mobicore-user
export MC_AUTH_TOKEN_PATH /efs
# create dalvik-cache, so as to enforce our permissions
mkdir /data/dalvik-cache 0771 root root
mkdir /data/dalvik-cache/profiles 0711 system system
# create resource-cache and double-check the perms
mkdir /data/resource-cache 0771 system system
chown system system /data/resource-cache
chmod 0771 /data/resource-cache
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770 root root
# create directory for DRM plug-ins - give drm the read/write access to
# the following directory.
mkdir /data/drm 0770 drm drm
# create directory for MediaDrm plug-ins - give drm the read/write access to
# the following directory.
mkdir /data/mediadrm 0770 mediadrm mediadrm
mkdir /data/adb 0700 root root
#create uibc dir
mkdir /dev/socket/uibc 0777 media system
chown media system /dev/socket/uibc
chmod 0775 /dev/socket/uibc
# DRK permission
mkdir /efs/prov 0770 radio system
mkdir /efs/prov_data 0770 radio system
chown radio system /efs/prov_data/dev_root
chmod 0770 /efs/prov_data/dev_root
chown radio system /efs/prov_data/dev_root/dev_root.dat
chmod 0640 /efs/prov_data/dev_root/dev_root.dat
chown radio system /efs/prov/libdevkm.lock
chmod 0660 /efs/prov/libdevkm.lock
rm /efs/prov/prov.b00
rm /efs/prov/prov.b01
rm /efs/prov/prov.b02
rm /efs/prov/prov.b03
rm /efs/prov/prov.mdt
# CS socket
mkdir /dev/socket/cs_socket 0770 system system
# [ SEC_MM_DRM
# OMA DB directory creation
mkdir /data/system/databases 0775
chown system system /data/system/databases
chmod 0775 /data/system/databases
# DRM directory creation
mkdir /system/etc/security/.drm 0775
chown root root /system/etc/security/.drm
chmod 0775 /system/etc/security/.drm
# Added for Playready DRM Support
mkdir /data/data/.drm 0775
chown drm system /data/data/.drm
chmod 0775 /data/data/.drm
mkdir /data/data/.drm/.playready 0775
chown drm system /data/data/.drm/.playready
chmod 0775 /data/data/.drm/.playready
# Added drm folder to copy drm plugins
mkdir /system/lib/drm 0775
chown root root /system/lib/drm
chmod 0775 /system/lib/drm
restorecon -R /efs
restorecon -R /carrier
restorecon_recursive /data/misc/keystore
restorecon_recursive /data/property
restorecon_recursive /data/security
# ]
# MTP device permission
chmod 0660 /dev/usb_mtp_gadget
chown system mtp /dev/usb_mtp_gadget
mkdir /dev/socket/mtp 0770 system mtp
# symlink to bugreport storage location
symlink /data/data/com.android.shell/files/bugreports /data/bugreports
# Separate location for storing security policy files on data
mkdir /data/security 0711 system system
# Reload policy from /data/security if present.
setprop selinux.reload_policy 1
# SA, System SW, SAMSUNG create log directory
mkdir /data/log 0775 system log
chown system log /data/log
mkdir /data/anr 0775 system system
chown system system /data/anr
chmod 0775 /data/log
chmod 0775 /data/anr
restorecon /data/log
restorecon /data/anr
# Set SELinux security contexts on upgrade or policy update.
restorecon_recursive /data
restorecon /data/data
restorecon /data/user
restorecon /data/user/0
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1
# Downloadable Filter
mkdir /data/DownFilters 0775 system system
mkdir /data/DownFilters/Lib 0775 system system
mkdir /data/DownFilters/Lib64 0775 system system
#SideSync
chown system system /dev/android_ssusbcon
chmod 0660 /dev/android_ssusbcon
on boot
# Mobicore
mkdir /data/app/mcRegistry 0775 system system
# basic network init
ifup lo
hostname localhost
domainname localdomain
# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40
# Memory management. Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4
chown root system /sys/module/lowmemorykiller/parameters/adj
chmod 0220 /sys/module/lowmemorykiller/parameters/adj
chown root system /sys/module/lowmemorykiller/parameters/minfree
chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
# Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
# permission for Input Device(TSP).
chown system radio /sys/class/sec/tsp/cmd
chmod 0660 /sys/class/sec/tsp/input/enabled
chown system system /sys/class/sec/tsp/input/enabled
# permission for Input Device(TKEY).
chmod 0660 /sys/class/sec/sec_touchkey/input/enabled
chown system system /sys/class/sec/sec_touchkey/input/enabled
chown system system /sys/class/sec/sec_touchkey/brightness
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown system system /sys/power/autosleep
chown system system /sys/power/state
chown system system /sys/power/wakeup_count
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
chown system system /sys/module/msm_thermal/core_control/enabled
# SEC DVFS sysfs node
chown radio system /sys/power/cpufreq_max_limit
chown radio system /sys/power/cpufreq_min_limit
chown radio system /sys/power/cpufreq_table
chmod 664 /sys/power/cpufreq_max_limit
chmod 664 /sys/power/cpufreq_min_limit
chmod 664 /sys/power/cpufreq_table
chown radio system /sys/devices/system/cpu/kernel_max
chmod 664 /sys/devices/system/cpu/kernel_max
chown radio system /sys/class/kgsl/kgsl-3d0/max_pwrlevel
chmod 664 /sys/class/kgsl/kgsl-3d0/max_pwrlevel
chown radio system /sys/class/kgsl/kgsl-3d0/min_pwrlevel
chmod 664 /sys/class/kgsl/kgsl-3d0/min_pwrlevel
chown radio system /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
chmod 664 /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
# Permissions for SSRM
chmod 0664 /sys/devices/platform/sec-thermistor/temperature
chmod 0664 /sys/class/power_supply/battery/siop_level
chmod 0664 /sys/class/power_supply/battery/test_charge_current
chown radio system /sys/devices/platform/sec-thermistor/temperature
chown radio system /sys/class/power_supply/battery/siop_level
chown radio system /sys/class/power_supply/battery/test_charge_current
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
# Assume SMP uses shared cpufreq policy for all CPUs
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
# Assign TCP buffer thresholds to be ceiling value of technology maximums
# Increased technology maximums should be reflected here.
write /proc/sys/net/core/rmem_max 1048576
write /proc/sys/net/core/wmem_max 2097152
# Auto Brightness
chown system system /sys/class/backlight/panel/auto_brightness
chmod 0660 /sys/class/backlight/panel/auto_brightness
# LCD mdnie and panel work
chown system system /sys/class/mdnie/mdnie/lcdtype
chown system system /sys/class/mdnie/mdnie/lcd_power
chown system media_rw /sys/class/mdnie/mdnie/scenario
chmod 0660 /sys/class/mdnie/mdnie/scenario
chown system system /sys/class/mdnie/mdnie/tuning
chown system media_rw /sys/class/mdnie/mdnie/outdoor
chown system system /sys/class/mdnie/mdnie/mdnie_temp
chown system media_rw /sys/class/mdnie/mdnie/mode
chown system system /sys/class/mdnie/mdnie/negative
chown system media_rw /sys/class/mdnie/mdnie/playspeed
chown system media_rw /sys/class/mdnie/mdnie/accessibility
chown system system /sys/class/mdnie/mdnie/cabc
chown system system /sys/class/mdnie/mdnie/bypass
chown system media_rw /sys/class/mdnie/mdnie/sensorRGB
chmod 0660 /sys/class/mdnie/mdnie/sensorRGB
chown system system /sys/class/lcd/panel/panel/auto_brightness
chown system system /sys/class/lcd/panel/window_type
chown radio system /sys/class/lcd/panel/power_reduce
chown radio system /sys/class/lcd/panel/siop_enable
chown radio system /sys/class/lcd/panel/temperature
chown radio system /sys/class/lcd/panel/tuning
chown radio system /sys/class/lcd/panel/lux
chown radio system /sys/class/lcd/panel/partial_disp
chmod 0660 /sys/class/lcd/panel/partial_disp
# Adjust YUV to RGB Conversion(CSC_Conversion)
chown system media_rw /sys/class/graphics/fb0/csc_cfg
chmod 0660 /sys/class/graphics/fb0/csc_cfg
# permission for Input Device(TSP).
chown system radio /sys/class/sec/tsp/cmd
chmod 0660 /sys/class/sec/tsp/input/enabled
chown system system /sys/class/sec/tsp/input/enabled
# permission for Input Device(TKEY).
chmod 0660 /sys/class/sec/sec_touchkey/input/enabled
chown system system /sys/class/sec/sec_touchkey/input/enabled
# permission for TKEY LED EN
chmod 0660 /sys/class/sec/sec_touchkey/brightness
chown system system /sys/class/sec/sec_touchkey/brightness
# Permissions for gpio_keys
chown system radio /sys/class/sec/sec_key/wakeup_keys
write /sys/class/sec/sec_key/wakeup_keys 116,172
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown system system /sys/power/autosleep
chown system system /sys/power/state
chown system system /sys/power/wakeup_count
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
chown system system /sys/module/msm_thermal/core_control/enabled
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
# Assume SMP uses shared cpufreq policy for all CPUs
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/torch-light/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
###############################################################################
# System LSI
# Comment : add permission to device driver
# NFC : Permissions for NFC
chmod 0660 /dev/sec-nfc
# NFC : change owner
chown nfc nfc /dev/sec-nfc
# NFC : create data/nfc for nv storage
mkdir /data/nfc 0700 nfc nfc
mkdir /data/nfc/param 0700 nfc nfc
chmod 0660 /dev/pn547
# NFC : change owner
chown nfc nfc /dev/pn547
# NFC : create data/nfc for nv storage
mkdir /data/nfc 0700 nfc nfc
mkdir /data/nfc/param 0700 nfc nfc
###############################################################################
# Permissions for Camera
chown system system /sys/class/camera/rear/isp_core
chown system system /sys/class/camera/rear/rear_camfw_full
chown system system /sys/class/camera/rear/rear_camfw
chown system system /sys/class/camera/rear/rear_camtype
chown system radio /sys/class/camera/flash/rear_flash
chown system system /sys/class/camera/front/front_camfw
chown system system /sys/class/camera/front/front_camtype
chown system system /sys/class/camera/front/front_camfw_full
chown system system /sys/class/camera/front/front_camfw_load
chown system system /sys/class/camera/rear/rear_checkfw_user
chown system system /sys/class/camera/rear/rear_checkfw_factory
#OTG Test
chown system radio /sys/class/host_notify/usb_otg/booster
chmod 0660 /sys/class/host_notify/usb_otg/booster
# Accelerometer_sensor
chown system radio /sys/class/sensors/accelerometer_sensor/raw_data
chown system radio /sys/class/sensors/accelerometer_sensor/calibration
chown system radio /sys/class/sensors/accelerometer_sensor/reactive_alert
chown system radio /sys/class/sensors/accelerometer_sensor/vendor
chown system radio /sys/class/sensors/accelerometer_sensor/name
chown system radio /sys/class/sensors/accelerometer_sensor/selftest
chown system radio /sys/class/sensors/accelerometer_sensor/lowpassfilter
# Proximity_sensor
chown system radio /sys/class/sensors/proximity_sensor/state
chown system radio /sys/class/sensors/proximity_sensor/raw_data
chown system radio /sys/class/sensors/proximity_sensor/prox_avg
chown system radio /sys/class/sensors/proximity_sensor/prox_cal
chown system radio /sys/class/sensors/proximity_sensor/vendor
chown system radio /sys/class/sensors/proximity_sensor/name
chown system radio /sys/class/sensors/proximity_sensor/thresh_high
chown system radio /sys/class/sensors/proximity_sensor/thresh_low
chown system radio /sys/class/sensors/proximity_sensor/prox_offset_pass
chown system radio /sys/class/sensors/proximity_sensor/prox_trim
# Light_sensor
chown system radio /sys/class/sensors/light_sensor/lux
chown system radio /sys/class/sensors/light_sensor/raw_data
chown system radio /sys/class/sensors/light_sensor/vendor
chown system radio /sys/class/sensors/light_sensor/name
# Gyro_sensor
chown system radio /sys/class/sensors/gyro_sensor/power_on
chown system radio /sys/class/sensors/gyro_sensor/power_off
chown system radio /sys/class/sensors/gyro_sensor/temperature
chown system radio /sys/class/sensors/gyro_sensor/selftest
chown system radio /sys/class/sensors/gyro_sensor/vendor
chown system radio /sys/class/sensors/gyro_sensor/name
# Magnetic_sensor
chown system radio /sys/class/sensors/magnetic_sensor/selftest
chown system radio /sys/class/sensors/magnetic_sensor/raw_data
chown system radio /sys/class/sensors/magnetic_sensor/adc
chown system radio /sys/class/sensors/magnetic_sensor/vendor
chown system radio /sys/class/sensors/magnetic_sensor/name
chown system radio /sys/class/sensors/magnetic_sensor/status
# MetaEvent
chown system radio /sys/class/sensors/sensor_dev/flush
# Permissions for Charging
mkdir /efs/Battery 0775 radio system
chown system radio /sys/class/power_supply/battery/batt_reset_soc
chown system radio /sys/class/power_supply/battery/update
chown system radio /sys/class/power_supply/battery/factory_mode
chown system radio /sys/class/power_supply/battery/batt_slate_mode
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/call
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/video
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/music
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/browser
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/hotspot
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/camera
chown system radio /sys/class/power_supply/battery/talk_wcdma
chown system radio /sys/class/power_supply/battery/talk_gsm
chown system radio /sys/class/power_supply/battery/call
chown system radio /sys/class/power_supply/battery/data_call
chown system radio /sys/class/power_supply/battery/gps
chown system radio /sys/class/power_supply/battery/wifi
chown system radio /sys/class/power_supply/battery/lte
chown system radio /sys/class/power_supply/battery/wc_enable
chown system radio /sys/class/power_supply/battery/lcd
chown system radio /sys/class/power_supply/ps/status
chmod 0664 /sys/class/power_supply/ps/status
chown system radio /sys/class/power_supply/battery/batt_temp_table
# Define default initial receive window size in segments.
setprop net.tcp.default_init_rwnd 60
write /sys/block/mmcblk0/queue/scheduler noop
copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table
class_start core
# Permission for fast dormancy for RIL
chown system radio /sys/devices/virtual/sec/bamdmux/waketime
# Permission for a RPMB checking thru IMEI
chown system radio /sys/kernel/debug/tzdbg/log
# MTP permission
chmod 0660 /dev/usb_mtp_gadget
chown system mtp /dev/usb_mtp_gadget
mkdir /dev/socket/mtp 0770 system mtp
on nonencrypted
class_start main
class_start late_start
on property:vold.decrypt=trigger_default_encryption
start defaultcrypto
on property:vold.decrypt=trigger_encryption
start surfaceflinger
start encrypt
on property:sys.init_log_level=*
loglevel ${sys.init_log_level}
on charger
mount ext4 /dev/block/bootdevice/by-name/system /system wait ro
copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table
wait /dev/block/bootdevice/by-name/efs
check_fs /dev/block/bootdevice/by-name/efs ext4
mount ext4 /dev/block/bootdevice/by-name/efs /efs nosuid nodev noatime noauto_da_alloc,discard,journal_async_commit,errors=panic
chown system radio /efs
chmod 0771 /efs
mkdir /efs/Battery 0775 radio system
class_start charger
on property:vold.decrypt=trigger_reset_main
class_reset main
on property:vold.decrypt=trigger_load_persist_props
load_persist_props
on property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data
on property:vold.decrypt=trigger_restart_min_framework
class_start main
on property:vold.decrypt=trigger_restart_framework
class_start main
class_start late_start
start keystore
on property:vold.decrypt=trigger_shutdown_framework
class_reset late_start
class_reset main
on property:sys.powerctl=*
powerctl ${sys.powerctl}
# system server cannot write to /proc/sys files,
# and chown/chmod does not work for /proc/sys/ entries.
# So proxy writes through init.
on property:sys.sysctl.extra_free_kbytes=*
write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
# "tcp_default_init_rwnd" Is too long!
on property:sys.sysctl.tcp_def_init_rwnd=*
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
## Daemon processes to be run by init.
##
service ueventd /sbin/ueventd
class core
critical
seclabel u:r:ueventd:s0
service logd /system/bin/logd
class core
socket logd stream 0666 logd logd
socket logdr seqpacket 0666 logd logd
socket logdw dgram 0222 logd logd
seclabel u:r:logd:s0
service healthd /sbin/healthd
class core
critical
seclabel u:r:healthd:s0
service lpm /system/bin/logwrapper /system/bin/lpm
class charger
critical
#start SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID
# Reload SE Android Policy for MDM
on property:persist.security.mdm.policy=1
setprop selinux.reload_policy 1
#end SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID
service console /system/bin/sh
class core
console
disabled
user shell
group shell log
seclabel u:r:shell:s0
## WTL_EDM_START
## EDM AuditLog
service edmaudit /system/bin/edmaudit
class main
user root
## WTL_EDM_END
service auditd /system/bin/auditd -k
seclabel u:r:logd:s0
class main
# SEC_LINUX DRS Service
service drsd /system/bin/drsd
class main
socket drsd stream 600 system system
service prepare_param /system/bin/prepare_param.sh /dev/block/platform/7824900.sdhci/by-name/param
class core
user root
group root
seclabel u:r:prepare_param:s0
oneshot
# icd
service icd /system/bin/icd
class main
user system
group system log
onrestart check_icd
oneshot
on property:ro.debuggable=1
start console
# SEC_SELINUX
on property:selinux.reload_policy=1
chown system system /sys/fs/selinux/enforce
chown -R system system /sys/fs/selinux/booleans
chown system system /sys/fs/selinux/commit_pending_bools
# SEC_SELINUX to support spota
on property:selinux.sec.restorecon=1
restorecon_recursive /data/security/spota
# SEC_SELINUX
on property:init.svc.bootanim=stopped
start auditd
# adbd is controlled via property triggers in init.<platform>.usb.rc
service adbd /sbin/adbd --root_seclabel=u:r:su:s0
class core
socket adbd stream 660 system system
disabled
seclabel u:r:adbd:s0
# adbd on at boot in emulator
on property:ro.kernel.qemu=1
start adbd
service lmkd /system/bin/lmkd
class core
critical
socket lmkd seqpacket 0660 system system
service scs /system/bin/scs
class main
user system
group system
oneshot
service servicemanager /system/bin/servicemanager
class core
user system
group system
critical
onrestart restart healthd
onrestart restart zygote
onrestart restart media
onrestart restart surfaceflinger
onrestart restart drm
onrestart restart sensorhubservice
onrestart restart keystore
service vold /system/bin/vold
class core
socket vold stream 0660 root mount
## Samsung ODE >>>
socket dir_enc_report stream 0660 root mount
## Samsung ODE <<<
ioprio be 2
## Frigatebird
socket frigate stream 0660 system system
service epmd /system/bin/epmd
class main
socket epm stream 0660 system system
socket ppm stream 0660 system system
ioprio be 2
service netd /system/bin/netd
class main
socket netd stream 0660 root system
socket dnsproxyd stream 0660 root inet
socket mdns stream 0660 root system
socket fwmarkd stream 0660 root inet
service debuggerd /system/bin/debuggerd
class main
# icd
service icd /system/bin/icd
class main
user system
group system log
onrestart check_icd
oneshot
service surfaceflinger /system/bin/surfaceflinger
class core
user system
group graphics drmrpc
onrestart restart zygote
service drm /system/bin/drmserver
class main
user drm
# [ SEC_MM_DRM
# fix
group drm system inet drmrpc radio
# org
# group drm system inet drmrpc
# ]
service media /system/bin/mediaserver
class main
user media
group system audio camera inet net_bt net_bt_admin net_raw net_bw_acct drmrpc mediadrm qcom_diag radio media_rw
ioprio rt 4
# One shot invocation to deal with encrypted volume.
service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
disabled
oneshot
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption) or trigger_restart_min_framework (other encryption)
# One shot invocation to encrypt unencrypted volumes
service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
disabled
oneshot
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption)
service bootanim /system/bin/bootanimation
class core
user graphics
group graphics audio
disabled
oneshot
service installd /system/bin/installd
class main
socket installd stream 600 system system
service flash_recovery /system/bin/install-recovery.sh
class main
seclabel u:r:install_recovery:s0
oneshot
disabled
# update recovery if enabled
on property:persist.sys.recovery_update=true
start flash_recovery
service racoon /system/bin/racoon
class main
socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
group vpn net_admin inet
disabled
oneshot
service mtpd /system/bin/mtpd
class main
socket mtpd stream 600 system system
user vpn
group vpn net_admin inet net_raw
disabled
oneshot
service keystore /system/bin/keystore /data/misc/keystore
class main
user keystore
group keystore drmrpc system
disabled
service dumpstate /system/bin/dumpstate -s
class main
socket dumpstate stream 0660 shell log
disabled
oneshot
service mdnsd /system/bin/mdnsd
class main
user mdnsr
group inet net_raw
socket mdnsd stream 0660 mdnsr inet
disabled
oneshot
service pre-recovery /system/bin/uncrypt
class main
disabled
oneshot
service SIDESYNC_service /system/bin/ss_conn_daemon
class main
socket ss_conn_daemon stream 0666 system system
user system
group inet net_raw
# otp
service otp /system/bin/otp_server
user system
group system
disabled
on property:persist.security.tlc.otp=1
start otp
setprop persist.security.tlc.otp 0
# ccm
service ccm /system/bin/tlc_server
user system
group system
disabled
on property:persist.security.tlc.ccm=1
start ccm
setprop persist.security.tlc.ccm 0
# tui
service tui /system/bin/tlc_server TUI
user system
group system
disabled
on property:persist.security.tlc.tui=1
start tui
setprop persist.security.tlc.tui 0
# CS DAEMON
service cs_service /system/bin/cs
class main
user system
group system
disabled
# insthk
service insthk /system/bin/insthk
class main
user root
disabled
oneshot
on property:sys.qseecomd.enable=true
start cs_service
start keystore
start insthk
service mcStarter /system/bin/tbaseLoader tbase
class core
user root
group root
disabled
oneshot
service run-mobicore /system/bin/mcDriverDaemon
class core
user system
group system
disabled
on property:sys.qseecomd.enable=true
start mcStarter
on property:sys.mobicore.loaded=true
start run-mobicore
on property:sys.boot_completed=1
write /sys/block/mmcblk0/queue/scheduler cfq
# icd
on property:init.svc.media=restarting
check_icd
start icd
# Activate Background Compaction
on property:sys.sysctl.compact_memory=1
write /proc/sys/vm/compact_memory 1
setprop sys.sysctl.compact_memory=0