blob: 255852ccff4b935020ebc403dcb3aeefd4613a74 [file] [log] [blame]
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -04001# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7import /init.environ.rc
8import /init.usb.rc
9import /init.${ro.hardware}.rc
10import /init.${ro.zygote}.rc
11import /init.trace.rc
Zvikomborero VIncent Zvikaramba9c3ebda2016-07-24 00:52:35 -040012import /init.sec_debug.rc
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -040013import /init.carrier.rc
Zvikomborero VIncent Zvikaramba9c3ebda2016-07-24 00:52:35 -040014import /init.rilcommon.rc
15import /init.container.rc
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -040016# Include CM's extra init file
17import /init.cm.rc
18
19
20on early-init
21 # Set init and its forked children's oom_adj.
22 write /proc/1/oom_score_adj -1000
23
24 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
25 write /sys/fs/selinux/checkreqprot 0
26
27 # Set the security context for the init process.
28 # This should occur before anything else (e.g. ueventd) is started.
29 setcon u:r:init:s0
30
31 # Set the security context of /adb_keys if present.
32 restorecon /adb_keys
33
34 start ueventd
35
36 # create mountpoints
37 mkdir /mnt 0775 root system
38
39on init
40 sysclktz 0
41
42 loglevel 3
43
44 # SEC_SELINUX
45 # for audit message
46 chown system system /proc/avc_msg
47 chmod 0660 /proc/avc_msg
48
49 # Backward compatibility
50 symlink /system/etc /etc
51 symlink /sys/kernel/debug /d
52# permission for CHARGING
53 chown system radio /sys/class/power_supply/battery/batt_discharging_check
54 chown system radio /sys/class/power_supply/battery/batt_discharging_check_adc
55 chown system radio /sys/class/power_supply/battery/batt_discharging_ntc
56 chown system radio /sys/class/power_supply/battery/batt_discharging_ntc_adc
57 chown system radio /sys/class/power_supply/battery/batt_self_discharging_control
58
59 # Right now vendor lives on the same filesystem as system,
60 # but someday that may change.
61 symlink /system/vendor /vendor
62
63 # Create cgroup mount point for cpu accounting
64 mkdir /acct
65 mount cgroup none /acct cpuacct
66 mkdir /acct/uid
67
68 # Create cgroup mount point for memory
69 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
70 mkdir /sys/fs/cgroup/memory 0750 root system
71 mount cgroup none /sys/fs/cgroup/memory memory
72 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
73 chown root system /sys/fs/cgroup/memory/tasks
74 chmod 0660 /sys/fs/cgroup/memory/tasks
75 mkdir /sys/fs/cgroup/memory/sw 0750 root system
76 write /sys/fs/cgroup/memory/sw/memory.swappiness 100
77 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
78 chown root system /sys/fs/cgroup/memory/sw/tasks
79 chmod 0660 /sys/fs/cgroup/memory/sw/tasks
Zvikomborero VIncent Zvikarambac12cb452016-07-22 12:49:41 -040080 chmod 0220 /sys/fs/cgroup/memory/cgroup.event_control
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -040081
82 mkdir /system
83 mkdir /data 0771 system system
84 mkdir /cache 0770 system cache
85 mkdir /config 0500 root root
86 mkdir /efs 0771 system radio
87
88 # See storage config details at http://source.android.com/tech/storage/
89 mkdir /mnt/shell 0700 shell shell
90 mkdir /mnt/media_rw 0700 media_rw media_rw
91 mkdir /storage 0751 root sdcard_r
92
93 # Directory for putting things only root should see.
94 mkdir /mnt/secure 0700 root root
95
96 # Directory for staging bindmounts
97 mkdir /mnt/secure/staging 0700 root root
98
99 # Directory-target for where the secure container
100 # imagefile directory will be bind-mounted
101 mkdir /mnt/secure/asec 0700 root root
102
103 # Secure container public mount points.
104 mkdir /mnt/asec 0700 root system
105 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
106
107 # Filesystem image public mount points.
108 mkdir /mnt/obb 0700 root system
109 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
110
111 # memory control cgroup
112 mkdir /dev/memcg 0700 root system
113 mount cgroup none /dev/memcg memory
114
115 write /proc/sys/kernel/panic_on_oops 1
116 write /proc/sys/kernel/hung_task_timeout_secs 0
117 write /proc/cpu/alignment 4
118 write /proc/sys/kernel/sched_latency_ns 10000000
119 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
120 write /proc/sys/kernel/sched_compat_yield 1
121 write /proc/sys/kernel/sched_child_runs_first 0
122 write /proc/sys/kernel/randomize_va_space 2
123 write /proc/sys/kernel/kptr_restrict 2
124 write /proc/sys/vm/mmap_min_addr 32768
125 write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
126 write /proc/sys/net/unix/max_dgram_qlen 300
127 write /proc/sys/kernel/sched_rt_runtime_us 950000
128 write /proc/sys/kernel/sched_rt_period_us 1000000
129
130 # reflect fwmark from incoming packets onto generated replies
131 write /proc/sys/net/ipv4/fwmark_reflect 1
132 write /proc/sys/net/ipv6/fwmark_reflect 1
133
134 # set fwmark on accepted sockets
135 write /proc/sys/net/ipv4/tcp_fwmark_accept 1
136
137 # Create cgroup mount points for process groups
138 mkdir /dev/cpuctl
139 mount cgroup none /dev/cpuctl cpu
140 chown system system /dev/cpuctl
141 chown system system /dev/cpuctl/tasks
142 chmod 0660 /dev/cpuctl/tasks
143 write /dev/cpuctl/cpu.shares 1024
144 write /dev/cpuctl/cpu.rt_runtime_us 950000
Zvikomborero VIncent Zvikarambac12cb452016-07-22 12:49:41 -0400145 write /dev/cpuctl/cpu.rt_period_us 1000000
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -0400146
147 mkdir /dev/cpuctl/apps
148 chown system system /dev/cpuctl/apps/tasks
149 chmod 0666 /dev/cpuctl/apps/tasks
150 write /dev/cpuctl/apps/cpu.shares 1024
151 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
152 write /dev/cpuctl/apps/cpu.rt_period_us 1000000
153
154 mkdir /dev/cpuctl/apps/bg_non_interactive
155 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
156 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
157 # 5.0 %
158 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
159 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
160 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
Zvikomborero VIncent Zvikarambac12cb452016-07-22 12:49:41 -0400161
162 # Create cgroup mount points for process groups
163 mkdir /dev/cpuctl
164 mount cgroup none /dev/cpuctl cpu
165 chown system system /dev/cpuctl
166 chown system system /dev/cpuctl/tasks
167 chmod 0666 /dev/cpuctl/tasks
168 write /dev/cpuctl/cpu.shares 1024
169 write /dev/cpuctl/cpu.rt_runtime_us 800000
170 write /dev/cpuctl/cpu.rt_period_us 1000000
171
172 mkdir /dev/cpuctl/bg_non_interactive
173 chown system system /dev/cpuctl/bg_non_interactive/tasks
174 chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
175 # 5.0 %
176 write /dev/cpuctl/bg_non_interactive/cpu.shares 52
177 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
178 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -0400179
180 # qtaguid will limit access to specific data based on group memberships.
181 # net_bw_acct grants impersonation of socket owners.
182 # net_bw_stats grants access to other apps' detailed tagged-socket stats.
183 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
184 chown root net_bw_stats /proc/net/xt_qtaguid/stats
185
186 # Allow everybody to read the xt_qtaguid resource tracking misc dev.
187 # This is needed by any process that uses socket tagging.
188 chmod 0644 /dev/xt_qtaguid
189
190 # Create location for fs_mgr to store abbreviated output from filesystem
191 # checker programs.
192 mkdir /dev/fscklogs 0770 root system
193
194 # pstore/ramoops previous console log
195 mount pstore pstore /sys/fs/pstore
196 chown system log /sys/fs/pstore/console-ramoops
197 chmod 0440 /sys/fs/pstore/console-ramoops
198
199# Healthd can trigger a full boot from charger mode by signaling this
200# property when the power button is held.
201on property:sys.boot_from_charger_mode=1
202 class_stop charger
203 trigger late-init
204
205# Load properties from /system/ + /factory after fs mount.
206on load_all_props_action
207 load_all_props
208
209# Indicate to fw loaders that the relevant mounts are up.
210on firmware_mounts_complete
211 rm /dev/.booting
212
213# Mount filesystems and start core system services.
214on late-init
215 trigger early-fs
216 trigger fs
217 trigger post-fs
218 trigger post-fs-data
219
220 # Load properties from /system/ + /factory after fs mount. Place
221 # this in another action so that the load will be scheduled after the prior
222 # issued fs triggers have completed.
223 trigger load_all_props_action
224
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -0400225 # Remove a file to wake up anything waiting for firmware.
226 trigger firmware_mounts_complete
227
228 trigger early-boot
229 trigger boot
230
231
232on post-fs
233 # once everything is setup, no need to modify /
234 mount rootfs rootfs / ro remount
235 # mount shared so changes propagate into child namespaces
236 mount rootfs rootfs / shared rec
237
238 # We chown/chmod /cache again so because mount is run as root + defaults
239 chown system cache /cache
240 chmod 0770 /cache
241 # We restorecon /cache in case the cache partition has been reset.
242 restorecon_recursive /cache
243
244 # This may have been created by the recovery system with odd permissions
245 chown system cache /cache/recovery
246 chmod 0770 /cache/recovery
247
248 #change permissions on vmallocinfo so we can grab it from bugreports
249 chown root log /proc/vmallocinfo
250 chmod 0440 /proc/vmallocinfo
251
252 chown root log /proc/slabinfo
253 chmod 0440 /proc/slabinfo
254
255 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
256 chown root system /proc/kmsg
257 chmod 0440 /proc/kmsg
258 chown root system /proc/sysrq-trigger
259 chmod 0220 /proc/sysrq-trigger
260 chown system log /proc/last_kmsg
261 chmod 0440 /proc/last_kmsg
262
263 # make the selinux kernel policy world-readable
264 chmod 0444 /sys/fs/selinux/policy
265
266 # create the lost+found directories, so as to enforce our permissions
267 mkdir /cache/lost+found 0770 root root
268
269on post-fs-data
270 # sec_efs_file
271 mkdir /efs/sec_efs 0775 radio system
272
273 # We chown/chmod /data again so because mount is run as root + defaults
274 chown system system /data
275 chmod 0771 /data
276 # We restorecon /data in case the userdata partition has been reset.
277 restorecon /data
278 restorecon_recursive /data/media
279
280 # Avoid predictable entropy pool. Carry over entropy from previous boot.
281 copy /data/system/entropy.dat /dev/urandom
282
283 # Create dump dir and collect dumps.
284 # Do this before we mount cache so eventually we can use cache for
285 # storing dumps on platforms which do not have a dedicated dump partition.
286 mkdir /data/dontpanic 0750 root log
287
288 # Collect apanic data, free resources and re-arm trigger
289 copy /proc/apanic_console /data/dontpanic/apanic_console
290 chown root log /data/dontpanic/apanic_console
291 chmod 0640 /data/dontpanic/apanic_console
292
293 copy /proc/apanic_threads /data/dontpanic/apanic_threads
294 chown root log /data/dontpanic/apanic_threads
295 chmod 0640 /data/dontpanic/apanic_threads
296
297 write /proc/apanic_console 1
298
299 # create basic filesystem structure
300 mkdir /data/misc 01771 system misc
301 mkdir /data/misc/adb 02750 system shell
302 # SEC_SELINUX
303 mkdir /data/misc/audit 02775 audit system
304 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
305 mkdir /data/misc/bluetooth 0770 system system
306 mkdir /data/misc/keystore 0700 keystore keystore
307 mkdir /data/misc/keychain 0771 system system
308 mkdir /data/misc/net 0750 root shell
309 mkdir /data/misc/radio 0771 system radio
310 mkdir /data/misc/sms 0770 system radio
311 mkdir /data/misc/zoneinfo 0775 system system
312 mkdir /data/misc/vpn 0770 system vpn
313 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
314 mkdir /data/misc/systemkeys 0700 system system
315 mkdir /data/misc/wifi 0770 wifi system
316 mkdir /data/misc/wifi/sockets 0770 wifi wifi
317 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
318 mkdir /data/misc/wifi_share_profile 0771 wifi system
319 mkdir /data/misc/wifi_hostapd 0771 wifi system
320 mkdir /data/misc/ethernet 0770 system system
321 mkdir /data/misc/dhcp 0770 dhcp dhcp
322 mkdir /data/misc/user 0771 root root
323 # give system access to wpa_supplicant.conf for backup and restore
324 chmod 0660 /data/misc/wifi/wpa_supplicant.conf
325 chown system wifi /data/misc/wifi/wpa_supplicant.conf
326 mkdir /data/local 0751 root root
327 mkdir /data/misc/media 0700 media media
328
329 # icd
330 check_icd
331 chown system system /dev/icd
332 chmod 0644 /dev/icd
333 chown system system /dev/icdr
334 chmod 0644 /dev/icdr
335 chown system system /dev/tzic
336
337 mkdir /data/misc/radio/hatp 0755 radio system
338 # vpnclient
339 mkdir /data/misc/vpnclientd 0770 system system
340
341 # h2k permission
342 mkdir /efs/cpk 0771 radio system
343 chmod 0644 /efs/redata.bin
344 chmod 0644 /efs/cpk/redata.bin
345 chown radio radio /efs/h2k.dat
346 chown radio radio /efs/cpk/h2k.dat
347 chmod 0644 /efs/h2k.dat
348 chmod 0644 /efs/cpk/h2k.dat
349 chown system system /efs/drm/h2k
350
351 # For security reasons, /data/local/tmp should always be empty.
352 # Do not place files or directories in /data/local/tmp
353 mkdir /data/local/tmp 0771 shell shell
354 mkdir /data/data 0771 system system
355 mkdir /data/app-private 0771 system system
356 mkdir /data/app-asec 0700 root root
357 mkdir /data/app-lib 0771 system system
358 mkdir /data/app 0771 system system
359 mkdir /data/property 0700 root root
360
361 # SA, System SW, SAMSUNG
362 # create log directory
363 mkdir /data/log 0775 system log
364 chown system log /data/log
365 mkdir /data/anr 0775 system system
366 chown system system /data/anr
367 chmod 0775 /data/log
368 chmod 0775 /data/anr
369 restorecon /data/log
370 restorecon /data/anr
371
372 # create dalvik-cache, so as to enforce our permissions
373 mkdir /data/dalvik-cache 0771 root root
374 mkdir /data/dalvik-cache/profiles 0711 system system
375
376 # create resource-cache and double-check the perms
377 mkdir /data/resource-cache 0771 system system
378 chown system system /data/resource-cache
379 chmod 0771 /data/resource-cache
380
381 # create the lost+found directories, so as to enforce our permissions
382 mkdir /data/lost+found 0770 root root
383
384 # create directory for DRM plug-ins - give drm the read/write access to
385 # the following directory.
386 mkdir /data/drm 0770 drm drm
387
388 # create directory for MediaDrm plug-ins - give drm the read/write access to
389 # the following directory.
390 mkdir /data/mediadrm 0770 mediadrm mediadrm
391
392# DRK permission
393 mkdir /efs/prov 0770 radio system
394 mkdir /efs/prov_data 0770 radio system
395 chown radio system /efs/prov_data/dev_root
396 chmod 0770 /efs/prov_data/dev_root
397 chown radio system /efs/prov_data/dev_root/dev_root.dat
398 chmod 0640 /efs/prov_data/dev_root/dev_root.dat
399 chown radio system /efs/prov/libdevkm.lock
400 chmod 0660 /efs/prov/libdevkm.lock
401 rm /efs/prov/prov.b00
402 rm /efs/prov/prov.b01
403 rm /efs/prov/prov.b02
404 rm /efs/prov/prov.b03
405 rm /efs/prov/prov.mdt
406# CS socket
407 mkdir /dev/socket/cs_socket 0770 system system
408
409# [ SEC_MM_DRM
410 # Added drm folder to copy drm plugins
411 mkdir /system/lib/drm 0775
412 chown root root /system/lib/drm
413 chmod 0775 /system/lib/drm
414
415 restorecon -R /efs
416 restorecon -R /carrier
417 restorecon_recursive /data/misc/keystore
418 restorecon_recursive /data/property
419 restorecon_recursive /data/security
420# ]
421
422 # symlink to bugreport storage location
423 symlink /data/data/com.android.shell/files/bugreports /data/bugreports
424
425 # Separate location for storing security policy files on data
426 mkdir /data/security 0711 system system
427
428 # Reload policy from /data/security if present.
429 setprop selinux.reload_policy 1
430
431 # SA, System SW, SAMSUNG create log directory
432 mkdir /data/log 0775 system log
433 chown system log /data/log
434 mkdir /data/anr 0775 system system
435 chown system system /data/anr
436 chmod 0775 /data/log
437 chmod 0775 /data/anr
438 restorecon /data/log
439 restorecon /data/anr
440
441 # Set SELinux security contexts on upgrade or policy update.
442 restorecon_recursive /data
443 restorecon /data/data
444 restorecon /data/user
445 restorecon /data/user/0
446
447 # If there is no fs-post-data action in the init.<device>.rc file, you
448 # must uncomment this line, otherwise encrypted filesystems
449 # won't work.
450 # Set indication (checked by vold) that we have finished this action
451 #setprop vold.post_fs_data_done 1
452
453on boot
454 # basic network init
455 ifup lo
456 hostname localhost
457 domainname localdomain
458
459 # set RLIMIT_NICE to allow priorities from 19 to -20
460 setrlimit 13 40 40
461
462 # Memory management. Basic kernel parameters, and allow the high
463 # level system server to be able to adjust the kernel OOM driver
464 # parameters to match how it is managing things.
465 write /proc/sys/vm/overcommit_memory 1
466 write /proc/sys/vm/min_free_order_shift 4
467 chown root system /sys/module/lowmemorykiller/parameters/adj
468 chmod 0220 /sys/module/lowmemorykiller/parameters/adj
469 chown root system /sys/module/lowmemorykiller/parameters/minfree
470 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
471
472 # Tweak background writeout
473 write /proc/sys/vm/dirty_expire_centisecs 200
474 write /proc/sys/vm/dirty_background_ratio 5
475
476# SEC DVFS sysfs node
477 chown radio system /sys/power/cpufreq_max_limit
478 chown radio system /sys/power/cpufreq_min_limit
479 chown radio system /sys/power/cpufreq_table
480 chmod 664 /sys/power/cpufreq_max_limit
481 chmod 664 /sys/power/cpufreq_min_limit
482 chmod 664 /sys/power/cpufreq_table
483
484 chown radio system /sys/devices/system/cpu/kernel_max
485 chmod 664 /sys/devices/system/cpu/kernel_max
486
487 chown radio system /sys/class/kgsl/kgsl-3d0/max_pwrlevel
488 chmod 664 /sys/class/kgsl/kgsl-3d0/max_pwrlevel
489 chown radio system /sys/class/kgsl/kgsl-3d0/min_pwrlevel
490 chmod 664 /sys/class/kgsl/kgsl-3d0/min_pwrlevel
491 chown radio system /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
492 chmod 664 /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
493
494# Permissions for SSRM
495 chmod 0664 /sys/devices/platform/sec-thermistor/temperature
496 chmod 0664 /sys/class/power_supply/battery/siop_level
497 chmod 0664 /sys/class/power_supply/battery/test_charge_current
498 chown radio system /sys/devices/platform/sec-thermistor/temperature
499 chown radio system /sys/class/power_supply/battery/siop_level
500 chown radio system /sys/class/power_supply/battery/test_charge_current
501
502 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
503 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
504 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
505 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
506 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
507 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
508 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
509 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
510 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
511 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
512 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
513 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
514 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
515 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
516 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
517 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
518 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
519 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
520 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
521 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
522 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
523 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
524 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
525
526 # Assume SMP uses shared cpufreq policy for all CPUs
527 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
528 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
529
530 chown system system /sys/class/timed_output/vibrator/enable
531 chown system system /sys/class/leds/keyboard-backlight/brightness
532 chown system system /sys/class/leds/lcd-backlight/brightness
533 chown system system /sys/class/leds/button-backlight/brightness
534 chown system system /sys/class/leds/jogball-backlight/brightness
535 chown system system /sys/class/leds/red/brightness
536 chown system system /sys/class/leds/green/brightness
537 chown system system /sys/class/leds/blue/brightness
538 chown system system /sys/class/leds/red/device/grpfreq
539 chown system system /sys/class/leds/red/device/grppwm
540 chown system system /sys/class/leds/red/device/blink
541 chown system system /sys/class/timed_output/vibrator/enable
542 chown system system /sys/module/sco/parameters/disable_esco
543 chown system system /sys/kernel/ipv4/tcp_wmem_min
544 chown system system /sys/kernel/ipv4/tcp_wmem_def
545 chown system system /sys/kernel/ipv4/tcp_wmem_max
546 chown system system /sys/kernel/ipv4/tcp_rmem_min
547 chown system system /sys/kernel/ipv4/tcp_rmem_def
548 chown system system /sys/kernel/ipv4/tcp_rmem_max
549 chown root radio /proc/cmdline
550
551# Auto Brightness
552 chown system system /sys/class/backlight/panel/auto_brightness
553 chmod 0660 /sys/class/backlight/panel/auto_brightness
554
555# LCD mdnie and panel work
556 chown system system /sys/class/mdnie/mdnie/lcdtype
557 chown system system /sys/class/mdnie/mdnie/lcd_power
558 chown system media_rw /sys/class/mdnie/mdnie/scenario
559 chmod 0660 /sys/class/mdnie/mdnie/scenario
560
561 chown system system /sys/class/mdnie/mdnie/tuning
562 chown system media_rw /sys/class/mdnie/mdnie/outdoor
563 chown system system /sys/class/mdnie/mdnie/mdnie_temp
564 chown system media_rw /sys/class/mdnie/mdnie/mode
565 chown system system /sys/class/mdnie/mdnie/negative
566 chown system media_rw /sys/class/mdnie/mdnie/playspeed
567 chown system media_rw /sys/class/mdnie/mdnie/accessibility
568 chown system system /sys/class/mdnie/mdnie/cabc
569 chown system system /sys/class/mdnie/mdnie/bypass
570 chown system media_rw /sys/class/mdnie/mdnie/sensorRGB
571 chmod 0660 /sys/class/mdnie/mdnie/sensorRGB
572
573 chown system system /sys/class/lcd/panel/panel/auto_brightness
574 chown system system /sys/class/lcd/panel/window_type
575 chown radio system /sys/class/lcd/panel/power_reduce
576 chown radio system /sys/class/lcd/panel/siop_enable
577 chown radio system /sys/class/lcd/panel/temperature
578 chown radio system /sys/class/lcd/panel/tuning
579 chown radio system /sys/class/lcd/panel/lux
580
581# Adjust YUV to RGB Conversion(CSC_Conversion)
582 chown system media_rw /sys/class/graphics/fb0/csc_cfg
583 chmod 0660 /sys/class/graphics/fb0/csc_cfg
584
585# permission for Input Device(TSP).
586 chown system radio /sys/class/sec/tsp/cmd
587 chmod 0660 /sys/class/sec/tsp/input/enabled
588 chown system system /sys/class/sec/tsp/input/enabled
589
590# permission for Input Device(TKEY).
591 chmod 0660 /sys/class/sec/sec_touchkey/input/enabled
592 chown system system /sys/class/sec/sec_touchkey/input/enabled
593
594# permission for TKEY LED EN
595 chmod 0660 /sys/class/sec/sec_touchkey/brightness
596 chown system system /sys/class/sec/sec_touchkey/brightness
597
598# Permissions for gpio_keys
599 chown system radio /sys/class/sec/sec_key/wakeup_keys
600 write /sys/class/sec/sec_key/wakeup_keys 116,172
601
602 # Permissions for System Server and daemons.
603 chown radio system /sys/android_power/state
604 chown radio system /sys/android_power/request_state
605 chown radio system /sys/android_power/acquire_full_wake_lock
606 chown radio system /sys/android_power/acquire_partial_wake_lock
607 chown radio system /sys/android_power/release_wake_lock
608 chown system system /sys/power/autosleep
609 chown system system /sys/power/state
610 chown system system /sys/power/wakeup_count
611 chown radio system /sys/power/wake_lock
612 chown radio system /sys/power/wake_unlock
613 chmod 0660 /sys/power/state
614 chmod 0660 /sys/power/wake_lock
615 chmod 0660 /sys/power/wake_unlock
616 chown system system /sys/module/msm_thermal/core_control/enabled
617
618 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
619 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
620 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
621 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
622 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
623 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
624 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
625 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
626 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
627 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
628 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
629 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
630 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
631 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
632 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
633 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
634 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
635 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
636 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
637 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
638 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
639 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
640 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
641
642 # Assume SMP uses shared cpufreq policy for all CPUs
643 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
644 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
645
646 chown system system /sys/class/timed_output/vibrator/enable
647 chown system system /sys/class/leds/keyboard-backlight/brightness
648 chown system system /sys/class/leds/lcd-backlight/brightness
649 chown system system /sys/class/leds/torch-light/brightness
650 chown system system /sys/class/leds/button-backlight/brightness
651 chown system system /sys/class/leds/jogball-backlight/brightness
652 chown system system /sys/class/leds/red/brightness
653 chown system system /sys/class/leds/green/brightness
654 chown system system /sys/class/leds/blue/brightness
655 chown system system /sys/class/leds/red/device/grpfreq
656 chown system system /sys/class/leds/red/device/grppwm
657 chown system system /sys/class/leds/red/device/blink
658 chown system system /sys/class/timed_output/vibrator/enable
659 chown system system /sys/module/sco/parameters/disable_esco
660 chown system system /sys/kernel/ipv4/tcp_wmem_min
661 chown system system /sys/kernel/ipv4/tcp_wmem_def
662 chown system system /sys/kernel/ipv4/tcp_wmem_max
663 chown system system /sys/kernel/ipv4/tcp_rmem_min
664 chown system system /sys/kernel/ipv4/tcp_rmem_def
665 chown system system /sys/kernel/ipv4/tcp_rmem_max
666 chown root radio /proc/cmdline
667# NFC_SLSI
668 chmod 0660 /dev/sec-nfc
669 chown nfc nfc /dev/sec-nfc
670 mkdir /data/nfc 0700 nfc nfc
671 mkdir /data/nfc/param 0700 nfc nfc
672
673# Permissions for Camera
674 chown root system /sys/class/camera/rear/rear_camantibanding
675 chown system system /sys/class/camera/rear/rear_camfw
676 chown system system /sys/class/camera/rear/rear_checkfw_user
677 chown system system /sys/class/camera/rear/rear_checkfw_factory
678 chown system system /sys/class/camera/rear/rear_camfw_full
679 chown system system /sys/class/camera/rear/rear_camfw_load
680 chown system system /sys/class/camera/rear/rear_camtype
681 chown system radio /sys/class/camera/rear/rear_corever
682 chown system radio /sys/class/camera/rear/rear_companionfw_full
683 chown system radio /sys/class/camera/rear/rear_calcheck
684 chown system radio /sys/class/camera/rear/rear_fwcheck
685 chown system system /sys/class/camera/rear/isp_core
686 chown system radio /sys/class/camera/flash/rear_flash
687 chown system radio /sys/class/camera/flash/front_flash
688 chown system system /sys/class/camera/front/front_camfw
689 chown system system /sys/class/camera/front/front_camtype
690 chown system system /sys/class/camera/front/front_camfw_full
691 chown system system /sys/class/camera/front/front_camfw_load
692
693#OTG Test
694 chown system radio /sys/class/host_notify/usb_otg/booster
695 chmod 0660 /sys/class/host_notify/usb_otg/booster
696 chown system radio /sys/class/usb_notify/usb_control/disable
697 chmod 0660 /sys/class/usb_notify/usb_control/disable
698# Accelerometer_sensor
699 chown system radio /sys/class/sensors/accelerometer_sensor/raw_data
700 chown system radio /sys/class/sensors/accelerometer_sensor/calibration
701 chown system radio /sys/class/sensors/accelerometer_sensor/reactive_alert
702 chown system radio /sys/class/sensors/accelerometer_sensor/vendor
703 chown system radio /sys/class/sensors/accelerometer_sensor/name
704 chown system radio /sys/class/sensors/accelerometer_sensor/selftest
705 chown system radio /sys/class/sensors/accelerometer_sensor/lowpassfilter
706# Proximity_sensor
707 chown system radio /sys/class/sensors/proximity_sensor/state
708 chown system radio /sys/class/sensors/proximity_sensor/raw_data
709 chown system radio /sys/class/sensors/proximity_sensor/prox_avg
710 chown system radio /sys/class/sensors/proximity_sensor/prox_cal
711 chown system radio /sys/class/sensors/proximity_sensor/vendor
712 chown system radio /sys/class/sensors/proximity_sensor/name
713 chown system radio /sys/class/sensors/proximity_sensor/thresh_high
714 chown system radio /sys/class/sensors/proximity_sensor/thresh_low
715 chown system radio /sys/class/sensors/proximity_sensor/prox_offset_pass
716 chown system radio /sys/class/sensors/proximity_sensor/prox_trim
717# Light_sensor
718 chown system radio /sys/class/sensors/light_sensor/lux
719 chown system radio /sys/class/sensors/light_sensor/raw_data
720 chown system radio /sys/class/sensors/light_sensor/vendor
721 chown system radio /sys/class/sensors/light_sensor/name
722# Gyro_sensor
723 chown system radio /sys/class/sensors/gyro_sensor/power_on
724 chown system radio /sys/class/sensors/gyro_sensor/power_off
725 chown system radio /sys/class/sensors/gyro_sensor/temperature
726 chown system radio /sys/class/sensors/gyro_sensor/selftest
727 chown system radio /sys/class/sensors/gyro_sensor/vendor
728 chown system radio /sys/class/sensors/gyro_sensor/name
729# Magnetic_sensor
730 chown system radio /sys/class/sensors/magnetic_sensor/selftest
731 chown system radio /sys/class/sensors/magnetic_sensor/raw_data
732 chown system radio /sys/class/sensors/magnetic_sensor/adc
733 chown system radio /sys/class/sensors/magnetic_sensor/vendor
734 chown system radio /sys/class/sensors/magnetic_sensor/name
735 chown system radio /sys/class/sensors/magnetic_sensor/status
736# MetaEvent
737 chown system radio /sys/class/sensors/sensor_dev/flush
738
739# Permissions for Charging
740 mkdir /efs/Battery 0775 radio system
741 chown system radio /sys/class/power_supply/battery/batt_reset_soc
742 chown system radio /sys/class/power_supply/battery/update
743 chown system radio /sys/class/power_supply/battery/factory_mode
744 chown system radio /sys/class/power_supply/battery/batt_slate_mode
745 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/call
746 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/video
747 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/music
748 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/browser
749 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/hotspot
750 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/camera
751 chown system radio /sys/class/power_supply/battery/talk_wcdma
752 chown system radio /sys/class/power_supply/battery/talk_gsm
753 chown system radio /sys/class/power_supply/battery/call
754 chown system radio /sys/class/power_supply/battery/data_call
755 chown system radio /sys/class/power_supply/battery/gps
756 chown system radio /sys/class/power_supply/battery/wifi
757 chown system radio /sys/class/power_supply/battery/lte
758 chown system radio /sys/class/power_supply/battery/wc_enable
759 chown system radio /sys/class/power_supply/battery/lcd
760 chown system radio /sys/class/power_supply/ps/status
761 chmod 0664 /sys/class/power_supply/ps/status
762 chown system radio /sys/class/power_supply/battery/batt_temp_table
763
764 # Define default initial receive window size in segments.
765 setprop net.tcp.default_init_rwnd 60
766
767 write /sys/block/mmcblk0/queue/scheduler noop
768 copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table
769
770 class_start core
771
772# Permission for fast dormancy for RIL
773 chown system radio /sys/devices/virtual/sec/bamdmux/waketime
774
775# Permission for a RPMB checking thru IMEI
776 chown system radio /sys/kernel/debug/tzdbg/log
777
778# MTP permission
779 chmod 0660 /dev/usb_mtp_gadget
780 chown system mtp /dev/usb_mtp_gadget
781 mkdir /dev/socket/mtp 0770 system mtp
782
783on nonencrypted
784 class_start main
785 class_start late_start
786
787on property:vold.decrypt=trigger_default_encryption
788 start defaultcrypto
789
790on property:vold.decrypt=trigger_encryption
791 start surfaceflinger
792 start encrypt
793
794on property:sys.init_log_level=*
795 loglevel ${sys.init_log_level}
796
797on charger
798 mount ext4 /dev/block/bootdevice/by-name/system /system wait ro
799 copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table
800
801 wait /dev/block/bootdevice/by-name/efs
802 check_fs /dev/block/bootdevice/by-name/efs ext4
803 mount ext4 /dev/block/bootdevice/by-name/efs /efs nosuid nodev noatime noauto_da_alloc,discard,journal_async_commit,errors=panic
804 chown system radio /efs
805 chmod 0771 /efs
806 mkdir /efs/Battery 0775 radio system
807
808 class_start charger
809
810
811on property:vold.decrypt=trigger_reset_main
812 class_reset main
813
814on property:vold.decrypt=trigger_load_persist_props
815 load_persist_props
816
817on property:vold.decrypt=trigger_post_fs_data
818 trigger post-fs-data
819
820on property:vold.decrypt=trigger_restart_min_framework
821 class_start main
822
823on property:vold.decrypt=trigger_restart_framework
824 class_start main
825 class_start late_start
826 start keystore
827
828on property:vold.decrypt=trigger_shutdown_framework
829 class_reset late_start
830 class_reset main
831
832on property:sys.powerctl=*
833 powerctl ${sys.powerctl}
834
835# system server cannot write to /proc/sys files,
836# and chown/chmod does not work for /proc/sys/ entries.
837# So proxy writes through init.
838on property:sys.sysctl.extra_free_kbytes=*
839 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
840
841# "tcp_default_init_rwnd" Is too long!
842on property:sys.sysctl.tcp_def_init_rwnd=*
843 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
844
845
846## Daemon processes to be run by init.
847##
848
849service ueventd /sbin/ueventd
850 class core
851 critical
852 seclabel u:r:ueventd:s0
853
854service logd /system/bin/logd
855 class core
856 socket logd stream 0666 logd logd
857 socket logdr seqpacket 0666 logd logd
858 socket logdw dgram 0222 logd logd
859 seclabel u:r:logd:s0
860
861service healthd /sbin/healthd
862 class core
863 critical
864 seclabel u:r:healthd:s0
865
866service lpm /system/bin/lpm
867 class charger
868 critical
869#start SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID
870# Reload SE Android Policy for MDM
871on property:persist.security.mdm.policy=1
872 setprop selinux.reload_policy 1
873#end SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID
874
875service console /system/bin/sh
876 class core
877 console
878 disabled
879 user shell
880 group shell log
881 seclabel u:r:shell:s0
882
883## WTL_EDM_START
884## EDM AuditLog
885service edmaudit /system/bin/edmaudit
886 class main
887 user root
888
889## WTL_EDM_END
890service auditd /system/bin/auditd -k
891 seclabel u:r:logd:s0
892 class main
893# SEC_LINUX DRS Service
894service drsd /system/bin/drsd
895 class main
896 socket drsd stream 600 system system
897
898
899service prepare_param /system/bin/prepare_param.sh /dev/block/platform/7824900.sdhci/by-name/param
900 class core
901 user root
902 group root
903 seclabel u:r:prepare_param:s0
904 oneshot
905
906# icd
907service icd /system/bin/icd
908 class main
909 user system
910 group system log
911 onrestart check_icd
912 oneshot
913
914on property:ro.debuggable=1
915 start console
916
917# SEC_SELINUX
918on property:selinux.reload_policy=1
919 chown system system /sys/fs/selinux/enforce
920 chown -R system system /sys/fs/selinux/booleans
921 chown system system /sys/fs/selinux/commit_pending_bools
922
923# SEC_SELINUX to support spota
924on property:selinux.sec.restorecon=1
925 restorecon_recursive /data/security/spota
926
927# SEC_SELINUX
928on property:init.svc.bootanim=stopped
929 start auditd
930
931# adbd is controlled via property triggers in init.<platform>.usb.rc
932service adbd /sbin/adbd --root_seclabel=u:r:su:s0
933 class core
934 socket adbd stream 660 system system
935 disabled
936 seclabel u:r:adbd:s0
937
938# adbd on at boot in emulator
939on property:ro.kernel.qemu=1
940 start adbd
941
942service lmkd /system/bin/lmkd
943 class core
944 critical
945 socket lmkd seqpacket 0660 system system
946
947service scs /system/bin/scs
948 class main
949 user system
950 group system
951 oneshot
952
953service servicemanager /system/bin/servicemanager
954 class core
955 user system
956 group system
957 critical
958 onrestart restart healthd
959 onrestart restart zygote
960 onrestart restart media
961 onrestart restart surfaceflinger
962 onrestart restart drm
963 onrestart restart sensorhubservice
964 onrestart restart keystore
965
966service vold /system/bin/vold
967 class core
968 socket vold stream 0660 root mount
969## Samsung ODE >>>
970 socket dir_enc_report stream 0660 root mount
971## Samsung ODE <<<
972 ioprio be 2
973
974## Frigatebird
975 socket frigate stream 0660 system system
976
977service epmd /system/bin/epmd
978 class main
979 socket epm stream 0660 system system
980 socket ppm stream 0660 system system
981 ioprio be 2
982
983service netd /system/bin/netd
984 class main
985 socket netd stream 0660 root system
986 socket dnsproxyd stream 0660 root inet
987 socket mdns stream 0660 root system
988 socket fwmarkd stream 0660 root inet
989
990service debuggerd /system/bin/debuggerd
991 class main
992
993service ril-daemon /system/bin/rild
994 class main
995 socket rild stream 660 root radio
996 socket rild-debug stream 660 radio system
997 user root
998 group radio cache inet misc audio sdcard_rw qcom_diag log
999
1000service surfaceflinger /system/bin/surfaceflinger
1001 class core
1002 user system
1003 group graphics drmrpc
1004 onrestart restart zygote
1005
1006service DR-daemon /system/bin/ddexe
1007 class main
1008 user root
1009 group system radio inet net_raw
1010
1011service SMD-daemon /system/bin/smdexe
1012 class main
1013 user root
1014 group system radio inet net_raw
1015
1016service BCS-daemon /system/bin/connfwexe
1017 class main
1018 user root
1019 group system radio inet net_raw
1020
1021service drm /system/bin/drmserver
1022 class main
1023 user drm
1024# [ SEC_MM_DRM
1025# fix
1026 group drm system inet drmrpc radio
1027# org
1028# group drm system inet drmrpc
1029# ]
1030
1031service media /system/bin/mediaserver
1032 class main
1033 user media
1034 group system audio camera inet net_bt net_bt_admin net_raw net_bw_acct drmrpc mediadrm qcom_diag radio media_rw
1035 ioprio rt 4
1036
1037# One shot invocation to deal with encrypted volume.
1038service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
1039 disabled
1040 oneshot
1041 # vold will set vold.decrypt to trigger_restart_framework (default
1042 # encryption) or trigger_restart_min_framework (other encryption)
1043
1044# One shot invocation to encrypt unencrypted volumes
1045service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
1046 disabled
1047 oneshot
1048 # vold will set vold.decrypt to trigger_restart_framework (default
1049 # encryption)
1050
1051service bootanim /system/bin/bootanimation
1052 class core
1053 user graphics
1054 group graphics audio
1055 disabled
1056 oneshot
1057
1058service installd /system/bin/installd
1059 class main
1060 socket installd stream 600 system system
1061
1062service flash_recovery /system/bin/install-recovery.sh
1063 class main
1064 seclabel u:r:install_recovery:s0
1065 oneshot
1066 disabled
1067
1068# update recovery if enabled
1069on property:persist.sys.recovery_update=true
1070 start flash_recovery
1071
1072service racoon /system/bin/racoon
1073 class main
1074 socket racoon stream 600 system system
1075 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
1076 group vpn net_admin inet
1077 disabled
1078 oneshot
1079
1080service mtpd /system/bin/mtpd
1081 class main
1082 socket mtpd stream 600 system system
1083 user vpn
1084 group vpn net_admin inet net_raw
1085 disabled
1086 oneshot
1087
1088service keystore /system/bin/keystore /data/misc/keystore
1089 class main
1090 user keystore
1091 group keystore drmrpc system
1092 disabled
1093
1094service dumpstate /system/bin/dumpstate -s
1095 class main
1096 socket dumpstate stream 0660 shell log
1097 disabled
1098 oneshot
1099
1100service mdnsd /system/bin/mdnsd
1101 class main
1102 user mdnsr
1103 group inet net_raw
1104 socket mdnsd stream 0660 mdnsr inet
1105 disabled
1106 oneshot
1107
1108service pre-recovery /system/bin/uncrypt
1109 class main
1110 disabled
1111 oneshot
1112
1113# otp
1114service otp /system/bin/otp_server
1115 user system
1116 group system
1117 disabled
1118
1119on property:persist.security.tlc.otp=1
1120 start otp
1121 setprop persist.security.tlc.otp 0
1122
1123# ccm
1124 service ccm /system/bin/tlc_server
1125 user system
1126 group system
1127 disabled
1128
1129on property:persist.security.tlc.ccm=1
1130 start ccm
1131 setprop persist.security.tlc.ccm 0
1132
1133# tui
1134 service tui /system/bin/tlc_server TUI
1135 user system
1136 group system
1137 disabled
1138
1139on property:persist.security.tlc.tui=1
1140 start tui
1141 setprop persist.security.tlc.tui 0
1142
1143# CS DAEMON
1144service cs_service /system/bin/cs
1145 class main
1146 user system
1147 group system
1148 disabled
1149
1150# insthk
1151service insthk /system/bin/insthk
1152 class main
1153 user root
1154 disabled
1155 oneshot
1156
1157on property:sys.qseecomd.enable=true
1158 start cs_service
1159 start keystore
1160 start insthk
1161
1162service mcStarter /system/bin/tbaseLoader tbase
1163 class core
1164 user root
1165 group root
1166 disabled
1167 oneshot
1168
1169service run-mobicore /system/bin/mcDriverDaemon
1170 class core
1171 user system
1172 group system
1173 disabled
1174
1175on property:sys.qseecomd.enable=true
1176 start mcStarter
1177
1178on property:sys.mobicore.loaded=true
1179 start run-mobicore
1180
1181on property:sys.boot_completed=1
1182 write /sys/block/mmcblk0/queue/scheduler cfq
1183
1184# icd
1185on property:init.svc.media=restarting
1186 check_icd
1187 start icd
1188
1189# Activate Background Compaction
1190on property:sys.sysctl.compact_memory=1
1191 write /proc/sys/vm/compact_memory 1
1192 setprop sys.sysctl.compact_memory=0