Gitiles
Code Review Sign In
gerrit.twrp.me / android_device_samsung_j5lte / 574f9610390c3a89decb5693f2be78d3609a8a58 / . / rootdir / etc / init.rc
blob: 7baedbd200546224cb0e53de262c1c8cea6ed998 [file] [log] [blame]
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -0400[diff] [blame]1# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7import /init.environ.rc
8import /init.usb.rc
9import /init.${ro.hardware}.rc
10import /init.${ro.zygote}.rc
11import /init.trace.rc
12import /init.carrier.rc
13# Include CM's extra init file
14import /init.cm.rc
15
16
17on early-init
18 # Set init and its forked children's oom_adj.
19 write /proc/1/oom_score_adj -1000
20
21 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
22 write /sys/fs/selinux/checkreqprot 0
23
24 # Set the security context for the init process.
25 # This should occur before anything else (e.g. ueventd) is started.
26 setcon u:r:init:s0
27
28 # Set the security context of /adb_keys if present.
29 restorecon /adb_keys
30
31 start ueventd
32
33 # create mountpoints
34 mkdir /mnt 0775 root system
35
36on init
37 sysclktz 0
38
39 loglevel 3
40
41 # SEC_SELINUX
42 # for audit message
43 chown system system /proc/avc_msg
44 chmod 0660 /proc/avc_msg
45
46 # Backward compatibility
47 symlink /system/etc /etc
48 symlink /sys/kernel/debug /d
49# permission for CHARGING
50 chown system radio /sys/class/power_supply/battery/batt_discharging_check
51 chown system radio /sys/class/power_supply/battery/batt_discharging_check_adc
52 chown system radio /sys/class/power_supply/battery/batt_discharging_ntc
53 chown system radio /sys/class/power_supply/battery/batt_discharging_ntc_adc
54 chown system radio /sys/class/power_supply/battery/batt_self_discharging_control
55
56 # Right now vendor lives on the same filesystem as system,
57 # but someday that may change.
58 symlink /system/vendor /vendor
59
60 # Create cgroup mount point for cpu accounting
61 mkdir /acct
62 mount cgroup none /acct cpuacct
63 mkdir /acct/uid
64
65 # Create cgroup mount point for memory
66 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
67 mkdir /sys/fs/cgroup/memory 0750 root system
68 mount cgroup none /sys/fs/cgroup/memory memory
69 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
70 chown root system /sys/fs/cgroup/memory/tasks
71 chmod 0660 /sys/fs/cgroup/memory/tasks
72 mkdir /sys/fs/cgroup/memory/sw 0750 root system
73 write /sys/fs/cgroup/memory/sw/memory.swappiness 100
74 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
75 chown root system /sys/fs/cgroup/memory/sw/tasks
76 chmod 0660 /sys/fs/cgroup/memory/sw/tasks
77
78 mkdir /system
79 mkdir /data 0771 system system
80 mkdir /cache 0770 system cache
81 mkdir /config 0500 root root
82 mkdir /efs 0771 system radio
83
84 # See storage config details at http://source.android.com/tech/storage/
85 mkdir /mnt/shell 0700 shell shell
86 mkdir /mnt/media_rw 0700 media_rw media_rw
87 mkdir /storage 0751 root sdcard_r
88
89 # Directory for putting things only root should see.
90 mkdir /mnt/secure 0700 root root
91
92 # Directory for staging bindmounts
93 mkdir /mnt/secure/staging 0700 root root
94
95 # Directory-target for where the secure container
96 # imagefile directory will be bind-mounted
97 mkdir /mnt/secure/asec 0700 root root
98
99 # Secure container public mount points.
100 mkdir /mnt/asec 0700 root system
101 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
102
103 # Filesystem image public mount points.
104 mkdir /mnt/obb 0700 root system
105 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
106
107 # memory control cgroup
108 mkdir /dev/memcg 0700 root system
109 mount cgroup none /dev/memcg memory
110
111 write /proc/sys/kernel/panic_on_oops 1
112 write /proc/sys/kernel/hung_task_timeout_secs 0
113 write /proc/cpu/alignment 4
114 write /proc/sys/kernel/sched_latency_ns 10000000
115 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
116 write /proc/sys/kernel/sched_compat_yield 1
117 write /proc/sys/kernel/sched_child_runs_first 0
118 write /proc/sys/kernel/randomize_va_space 2
119 write /proc/sys/kernel/kptr_restrict 2
120 write /proc/sys/vm/mmap_min_addr 32768
121 write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
122 write /proc/sys/net/unix/max_dgram_qlen 300
123 write /proc/sys/kernel/sched_rt_runtime_us 950000
124 write /proc/sys/kernel/sched_rt_period_us 1000000
125
126 # reflect fwmark from incoming packets onto generated replies
127 write /proc/sys/net/ipv4/fwmark_reflect 1
128 write /proc/sys/net/ipv6/fwmark_reflect 1
129
130 # set fwmark on accepted sockets
131 write /proc/sys/net/ipv4/tcp_fwmark_accept 1
132
133 # Create cgroup mount points for process groups
134 mkdir /dev/cpuctl
135 mount cgroup none /dev/cpuctl cpu
136 chown system system /dev/cpuctl
137 chown system system /dev/cpuctl/tasks
138 chmod 0660 /dev/cpuctl/tasks
139 write /dev/cpuctl/cpu.shares 1024
140 write /dev/cpuctl/cpu.rt_runtime_us 950000
141 write /dev/cpuctl/cpu.rt_period_us 1000000
142
143 mkdir /dev/cpuctl/apps
144 chown system system /dev/cpuctl/apps/tasks
145 chmod 0666 /dev/cpuctl/apps/tasks
146 write /dev/cpuctl/apps/cpu.shares 1024
147 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
148 write /dev/cpuctl/apps/cpu.rt_period_us 1000000
149
150 mkdir /dev/cpuctl/apps/bg_non_interactive
151 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
152 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
153 # 5.0 %
154 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
155 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
156 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
157
158 # qtaguid will limit access to specific data based on group memberships.
159 # net_bw_acct grants impersonation of socket owners.
160 # net_bw_stats grants access to other apps' detailed tagged-socket stats.
161 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
162 chown root net_bw_stats /proc/net/xt_qtaguid/stats
163
164 # Allow everybody to read the xt_qtaguid resource tracking misc dev.
165 # This is needed by any process that uses socket tagging.
166 chmod 0644 /dev/xt_qtaguid
167
168 # Create location for fs_mgr to store abbreviated output from filesystem
169 # checker programs.
170 mkdir /dev/fscklogs 0770 root system
171
172 # pstore/ramoops previous console log
173 mount pstore pstore /sys/fs/pstore
174 chown system log /sys/fs/pstore/console-ramoops
175 chmod 0440 /sys/fs/pstore/console-ramoops
176
177# Healthd can trigger a full boot from charger mode by signaling this
178# property when the power button is held.
179on property:sys.boot_from_charger_mode=1
180 class_stop charger
181 trigger late-init
182
183# Load properties from /system/ + /factory after fs mount.
184on load_all_props_action
185 load_all_props
186
187# Indicate to fw loaders that the relevant mounts are up.
188on firmware_mounts_complete
189 rm /dev/.booting
190
191# Mount filesystems and start core system services.
192on late-init
193 trigger early-fs
194 trigger fs
195 trigger post-fs
196 trigger post-fs-data
197
198 # Load properties from /system/ + /factory after fs mount. Place
199 # this in another action so that the load will be scheduled after the prior
200 # issued fs triggers have completed.
201 trigger load_all_props_action
202
203 # Remove a file to wake up anything waiting for firmware.
204 trigger firmware_mounts_complete
205
206 trigger early-boot
207 trigger boot
208
209
210on post-fs
211 # once everything is setup, no need to modify /
212 mount rootfs rootfs / ro remount
213 # mount shared so changes propagate into child namespaces
214 mount rootfs rootfs / shared rec
215
216 # We chown/chmod /cache again so because mount is run as root + defaults
217 chown system cache /cache
218 chmod 0770 /cache
219 # We restorecon /cache in case the cache partition has been reset.
220 restorecon_recursive /cache
221
222 # This may have been created by the recovery system with odd permissions
223 chown system cache /cache/recovery
224 chmod 0770 /cache/recovery
225
226 #change permissions on vmallocinfo so we can grab it from bugreports
227 chown root log /proc/vmallocinfo
228 chmod 0440 /proc/vmallocinfo
229
230 chown root log /proc/slabinfo
231 chmod 0440 /proc/slabinfo
232
233 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
234 chown root system /proc/kmsg
235 chmod 0440 /proc/kmsg
236 chown root system /proc/sysrq-trigger
237 chmod 0220 /proc/sysrq-trigger
238 chown system log /proc/last_kmsg
239 chmod 0440 /proc/last_kmsg
240
241 # make the selinux kernel policy world-readable
242 chmod 0444 /sys/fs/selinux/policy
243
244 # create the lost+found directories, so as to enforce our permissions
245 mkdir /cache/lost+found 0770 root root
246
247on post-fs-data
248 # sec_efs_file
249 mkdir /efs/sec_efs 0775 radio system
250
251 # We chown/chmod /data again so because mount is run as root + defaults
252 chown system system /data
253 chmod 0771 /data
254 # We restorecon /data in case the userdata partition has been reset.
255 restorecon /data
256 restorecon_recursive /data/media
257
258 # Avoid predictable entropy pool. Carry over entropy from previous boot.
259 copy /data/system/entropy.dat /dev/urandom
260
261 # Create dump dir and collect dumps.
262 # Do this before we mount cache so eventually we can use cache for
263 # storing dumps on platforms which do not have a dedicated dump partition.
264 mkdir /data/dontpanic 0750 root log
265
266 # Collect apanic data, free resources and re-arm trigger
267 copy /proc/apanic_console /data/dontpanic/apanic_console
268 chown root log /data/dontpanic/apanic_console
269 chmod 0640 /data/dontpanic/apanic_console
270
271 copy /proc/apanic_threads /data/dontpanic/apanic_threads
272 chown root log /data/dontpanic/apanic_threads
273 chmod 0640 /data/dontpanic/apanic_threads
274
275 write /proc/apanic_console 1
276
277 # create basic filesystem structure
278 mkdir /data/misc 01771 system misc
279 mkdir /data/misc/adb 02750 system shell
280 # SEC_SELINUX
281 mkdir /data/misc/audit 02775 audit system
282 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
283 mkdir /data/misc/bluetooth 0770 system system
284 mkdir /data/misc/keystore 0700 keystore keystore
285 mkdir /data/misc/keychain 0771 system system
286 mkdir /data/misc/net 0750 root shell
287 mkdir /data/misc/radio 0771 system radio
288 mkdir /data/misc/sms 0770 system radio
289 mkdir /data/misc/zoneinfo 0775 system system
290 mkdir /data/misc/vpn 0770 system vpn
291 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
292 mkdir /data/misc/systemkeys 0700 system system
293 mkdir /data/misc/wifi 0770 wifi system
294 mkdir /data/misc/wifi/sockets 0770 wifi wifi
295 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
296 mkdir /data/misc/wifi_share_profile 0771 wifi system
297 mkdir /data/misc/wifi_hostapd 0771 wifi system
298 mkdir /data/misc/ethernet 0770 system system
299 mkdir /data/misc/dhcp 0770 dhcp dhcp
300 mkdir /data/misc/user 0771 root root
301 # give system access to wpa_supplicant.conf for backup and restore
302 chmod 0660 /data/misc/wifi/wpa_supplicant.conf
303 chown system wifi /data/misc/wifi/wpa_supplicant.conf
304 mkdir /data/local 0751 root root
305 mkdir /data/misc/media 0700 media media
306
307 # icd
308 check_icd
309 chown system system /dev/icd
310 chmod 0644 /dev/icd
311 chown system system /dev/icdr
312 chmod 0644 /dev/icdr
313 chown system system /dev/tzic
314
315 mkdir /data/misc/radio/hatp 0755 radio system
316 # vpnclient
317 mkdir /data/misc/vpnclientd 0770 system system
318
319 # h2k permission
320 mkdir /efs/cpk 0771 radio system
321 chmod 0644 /efs/redata.bin
322 chmod 0644 /efs/cpk/redata.bin
323 chown radio radio /efs/h2k.dat
324 chown radio radio /efs/cpk/h2k.dat
325 chmod 0644 /efs/h2k.dat
326 chmod 0644 /efs/cpk/h2k.dat
327 chown system system /efs/drm/h2k
328
329 # For security reasons, /data/local/tmp should always be empty.
330 # Do not place files or directories in /data/local/tmp
331 mkdir /data/local/tmp 0771 shell shell
332 mkdir /data/data 0771 system system
333 mkdir /data/app-private 0771 system system
334 mkdir /data/app-asec 0700 root root
335 mkdir /data/app-lib 0771 system system
336 mkdir /data/app 0771 system system
337 mkdir /data/property 0700 root root
338
339 # SA, System SW, SAMSUNG
340 # create log directory
341 mkdir /data/log 0775 system log
342 chown system log /data/log
343 mkdir /data/anr 0775 system system
344 chown system system /data/anr
345 chmod 0775 /data/log
346 chmod 0775 /data/anr
347 restorecon /data/log
348 restorecon /data/anr
349
350 # create dalvik-cache, so as to enforce our permissions
351 mkdir /data/dalvik-cache 0771 root root
352 mkdir /data/dalvik-cache/profiles 0711 system system
353
354 # create resource-cache and double-check the perms
355 mkdir /data/resource-cache 0771 system system
356 chown system system /data/resource-cache
357 chmod 0771 /data/resource-cache
358
359 # create the lost+found directories, so as to enforce our permissions
360 mkdir /data/lost+found 0770 root root
361
362 # create directory for DRM plug-ins - give drm the read/write access to
363 # the following directory.
364 mkdir /data/drm 0770 drm drm
365
366 # create directory for MediaDrm plug-ins - give drm the read/write access to
367 # the following directory.
368 mkdir /data/mediadrm 0770 mediadrm mediadrm
369
370# DRK permission
371 mkdir /efs/prov 0770 radio system
372 mkdir /efs/prov_data 0770 radio system
373 chown radio system /efs/prov_data/dev_root
374 chmod 0770 /efs/prov_data/dev_root
375 chown radio system /efs/prov_data/dev_root/dev_root.dat
376 chmod 0640 /efs/prov_data/dev_root/dev_root.dat
377 chown radio system /efs/prov/libdevkm.lock
378 chmod 0660 /efs/prov/libdevkm.lock
379 rm /efs/prov/prov.b00
380 rm /efs/prov/prov.b01
381 rm /efs/prov/prov.b02
382 rm /efs/prov/prov.b03
383 rm /efs/prov/prov.mdt
384# CS socket
385 mkdir /dev/socket/cs_socket 0770 system system
386
387# [ SEC_MM_DRM
388 # Added drm folder to copy drm plugins
389 mkdir /system/lib/drm 0775
390 chown root root /system/lib/drm
391 chmod 0775 /system/lib/drm
392
393 restorecon -R /efs
394 restorecon -R /carrier
395 restorecon_recursive /data/misc/keystore
396 restorecon_recursive /data/property
397 restorecon_recursive /data/security
398# ]
399
400 # symlink to bugreport storage location
401 symlink /data/data/com.android.shell/files/bugreports /data/bugreports
402
403 # Separate location for storing security policy files on data
404 mkdir /data/security 0711 system system
405
406 # Reload policy from /data/security if present.
407 setprop selinux.reload_policy 1
408
409 # SA, System SW, SAMSUNG create log directory
410 mkdir /data/log 0775 system log
411 chown system log /data/log
412 mkdir /data/anr 0775 system system
413 chown system system /data/anr
414 chmod 0775 /data/log
415 chmod 0775 /data/anr
416 restorecon /data/log
417 restorecon /data/anr
418
419 # Set SELinux security contexts on upgrade or policy update.
420 restorecon_recursive /data
421 restorecon /data/data
422 restorecon /data/user
423 restorecon /data/user/0
424
425 # If there is no fs-post-data action in the init.<device>.rc file, you
426 # must uncomment this line, otherwise encrypted filesystems
427 # won't work.
428 # Set indication (checked by vold) that we have finished this action
429 #setprop vold.post_fs_data_done 1
430
431on boot
432 # basic network init
433 ifup lo
434 hostname localhost
435 domainname localdomain
436
437 # set RLIMIT_NICE to allow priorities from 19 to -20
438 setrlimit 13 40 40
439
440 # Memory management. Basic kernel parameters, and allow the high
441 # level system server to be able to adjust the kernel OOM driver
442 # parameters to match how it is managing things.
443 write /proc/sys/vm/overcommit_memory 1
444 write /proc/sys/vm/min_free_order_shift 4
445 chown root system /sys/module/lowmemorykiller/parameters/adj
446 chmod 0220 /sys/module/lowmemorykiller/parameters/adj
447 chown root system /sys/module/lowmemorykiller/parameters/minfree
448 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
449
450 # Tweak background writeout
451 write /proc/sys/vm/dirty_expire_centisecs 200
452 write /proc/sys/vm/dirty_background_ratio 5
453
454# SEC DVFS sysfs node
455 chown radio system /sys/power/cpufreq_max_limit
456 chown radio system /sys/power/cpufreq_min_limit
457 chown radio system /sys/power/cpufreq_table
458 chmod 664 /sys/power/cpufreq_max_limit
459 chmod 664 /sys/power/cpufreq_min_limit
460 chmod 664 /sys/power/cpufreq_table
461
462 chown radio system /sys/devices/system/cpu/kernel_max
463 chmod 664 /sys/devices/system/cpu/kernel_max
464
465 chown radio system /sys/class/kgsl/kgsl-3d0/max_pwrlevel
466 chmod 664 /sys/class/kgsl/kgsl-3d0/max_pwrlevel
467 chown radio system /sys/class/kgsl/kgsl-3d0/min_pwrlevel
468 chmod 664 /sys/class/kgsl/kgsl-3d0/min_pwrlevel
469 chown radio system /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
470 chmod 664 /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
471
472# Permissions for SSRM
473 chmod 0664 /sys/devices/platform/sec-thermistor/temperature
474 chmod 0664 /sys/class/power_supply/battery/siop_level
475 chmod 0664 /sys/class/power_supply/battery/test_charge_current
476 chown radio system /sys/devices/platform/sec-thermistor/temperature
477 chown radio system /sys/class/power_supply/battery/siop_level
478 chown radio system /sys/class/power_supply/battery/test_charge_current
479
480 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
481 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
482 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
483 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
484 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
485 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
486 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
487 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
488 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
489 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
490 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
491 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
492 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
493 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
494 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
495 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
496 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
497 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
498 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
499 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
500 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
501 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
502 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
503
504 # Assume SMP uses shared cpufreq policy for all CPUs
505 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
506 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
507
508 chown system system /sys/class/timed_output/vibrator/enable
509 chown system system /sys/class/leds/keyboard-backlight/brightness
510 chown system system /sys/class/leds/lcd-backlight/brightness
511 chown system system /sys/class/leds/button-backlight/brightness
512 chown system system /sys/class/leds/jogball-backlight/brightness
513 chown system system /sys/class/leds/red/brightness
514 chown system system /sys/class/leds/green/brightness
515 chown system system /sys/class/leds/blue/brightness
516 chown system system /sys/class/leds/red/device/grpfreq
517 chown system system /sys/class/leds/red/device/grppwm
518 chown system system /sys/class/leds/red/device/blink
519 chown system system /sys/class/timed_output/vibrator/enable
520 chown system system /sys/module/sco/parameters/disable_esco
521 chown system system /sys/kernel/ipv4/tcp_wmem_min
522 chown system system /sys/kernel/ipv4/tcp_wmem_def
523 chown system system /sys/kernel/ipv4/tcp_wmem_max
524 chown system system /sys/kernel/ipv4/tcp_rmem_min
525 chown system system /sys/kernel/ipv4/tcp_rmem_def
526 chown system system /sys/kernel/ipv4/tcp_rmem_max
527 chown root radio /proc/cmdline
528
529# Auto Brightness
530 chown system system /sys/class/backlight/panel/auto_brightness
531 chmod 0660 /sys/class/backlight/panel/auto_brightness
532
533# LCD mdnie and panel work
534 chown system system /sys/class/mdnie/mdnie/lcdtype
535 chown system system /sys/class/mdnie/mdnie/lcd_power
536 chown system media_rw /sys/class/mdnie/mdnie/scenario
537 chmod 0660 /sys/class/mdnie/mdnie/scenario
538
539 chown system system /sys/class/mdnie/mdnie/tuning
540 chown system media_rw /sys/class/mdnie/mdnie/outdoor
541 chown system system /sys/class/mdnie/mdnie/mdnie_temp
542 chown system media_rw /sys/class/mdnie/mdnie/mode
543 chown system system /sys/class/mdnie/mdnie/negative
544 chown system media_rw /sys/class/mdnie/mdnie/playspeed
545 chown system media_rw /sys/class/mdnie/mdnie/accessibility
546 chown system system /sys/class/mdnie/mdnie/cabc
547 chown system system /sys/class/mdnie/mdnie/bypass
548 chown system media_rw /sys/class/mdnie/mdnie/sensorRGB
549 chmod 0660 /sys/class/mdnie/mdnie/sensorRGB
550
551 chown system system /sys/class/lcd/panel/panel/auto_brightness
552 chown system system /sys/class/lcd/panel/window_type
553 chown radio system /sys/class/lcd/panel/power_reduce
554 chown radio system /sys/class/lcd/panel/siop_enable
555 chown radio system /sys/class/lcd/panel/temperature
556 chown radio system /sys/class/lcd/panel/tuning
557 chown radio system /sys/class/lcd/panel/lux
558
559# Adjust YUV to RGB Conversion(CSC_Conversion)
560 chown system media_rw /sys/class/graphics/fb0/csc_cfg
561 chmod 0660 /sys/class/graphics/fb0/csc_cfg
562
563# permission for Input Device(TSP).
564 chown system radio /sys/class/sec/tsp/cmd
565 chmod 0660 /sys/class/sec/tsp/input/enabled
566 chown system system /sys/class/sec/tsp/input/enabled
567
568# permission for Input Device(TKEY).
569 chmod 0660 /sys/class/sec/sec_touchkey/input/enabled
570 chown system system /sys/class/sec/sec_touchkey/input/enabled
571
572# permission for TKEY LED EN
573 chmod 0660 /sys/class/sec/sec_touchkey/brightness
574 chown system system /sys/class/sec/sec_touchkey/brightness
575
576# Permissions for gpio_keys
577 chown system radio /sys/class/sec/sec_key/wakeup_keys
578 write /sys/class/sec/sec_key/wakeup_keys 116,172
579
580 # Permissions for System Server and daemons.
581 chown radio system /sys/android_power/state
582 chown radio system /sys/android_power/request_state
583 chown radio system /sys/android_power/acquire_full_wake_lock
584 chown radio system /sys/android_power/acquire_partial_wake_lock
585 chown radio system /sys/android_power/release_wake_lock
586 chown system system /sys/power/autosleep
587 chown system system /sys/power/state
588 chown system system /sys/power/wakeup_count
589 chown radio system /sys/power/wake_lock
590 chown radio system /sys/power/wake_unlock
591 chmod 0660 /sys/power/state
592 chmod 0660 /sys/power/wake_lock
593 chmod 0660 /sys/power/wake_unlock
594 chown system system /sys/module/msm_thermal/core_control/enabled
595
596 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
597 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
598 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
599 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
600 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
601 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
602 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
603 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
604 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
605 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
606 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
607 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
608 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
609 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
610 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
611 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
612 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
613 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
614 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
615 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
616 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
617 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
618 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
619
620 # Assume SMP uses shared cpufreq policy for all CPUs
621 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
622 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
623
624 chown system system /sys/class/timed_output/vibrator/enable
625 chown system system /sys/class/leds/keyboard-backlight/brightness
626 chown system system /sys/class/leds/lcd-backlight/brightness
627 chown system system /sys/class/leds/torch-light/brightness
628 chown system system /sys/class/leds/button-backlight/brightness
629 chown system system /sys/class/leds/jogball-backlight/brightness
630 chown system system /sys/class/leds/red/brightness
631 chown system system /sys/class/leds/green/brightness
632 chown system system /sys/class/leds/blue/brightness
633 chown system system /sys/class/leds/red/device/grpfreq
634 chown system system /sys/class/leds/red/device/grppwm
635 chown system system /sys/class/leds/red/device/blink
636 chown system system /sys/class/timed_output/vibrator/enable
637 chown system system /sys/module/sco/parameters/disable_esco
638 chown system system /sys/kernel/ipv4/tcp_wmem_min
639 chown system system /sys/kernel/ipv4/tcp_wmem_def
640 chown system system /sys/kernel/ipv4/tcp_wmem_max
641 chown system system /sys/kernel/ipv4/tcp_rmem_min
642 chown system system /sys/kernel/ipv4/tcp_rmem_def
643 chown system system /sys/kernel/ipv4/tcp_rmem_max
644 chown root radio /proc/cmdline
645# NFC_SLSI
646 chmod 0660 /dev/sec-nfc
647 chown nfc nfc /dev/sec-nfc
648 mkdir /data/nfc 0700 nfc nfc
649 mkdir /data/nfc/param 0700 nfc nfc
650
651# Permissions for Camera
652 chown root system /sys/class/camera/rear/rear_camantibanding
653 chown system system /sys/class/camera/rear/rear_camfw
654 chown system system /sys/class/camera/rear/rear_checkfw_user
655 chown system system /sys/class/camera/rear/rear_checkfw_factory
656 chown system system /sys/class/camera/rear/rear_camfw_full
657 chown system system /sys/class/camera/rear/rear_camfw_load
658 chown system system /sys/class/camera/rear/rear_camtype
659 chown system radio /sys/class/camera/rear/rear_corever
660 chown system radio /sys/class/camera/rear/rear_companionfw_full
661 chown system radio /sys/class/camera/rear/rear_calcheck
662 chown system radio /sys/class/camera/rear/rear_fwcheck
663 chown system system /sys/class/camera/rear/isp_core
664 chown system radio /sys/class/camera/flash/rear_flash
665 chown system radio /sys/class/camera/flash/front_flash
666 chown system system /sys/class/camera/front/front_camfw
667 chown system system /sys/class/camera/front/front_camtype
668 chown system system /sys/class/camera/front/front_camfw_full
669 chown system system /sys/class/camera/front/front_camfw_load
670
671#OTG Test
672 chown system radio /sys/class/host_notify/usb_otg/booster
673 chmod 0660 /sys/class/host_notify/usb_otg/booster
674 chown system radio /sys/class/usb_notify/usb_control/disable
675 chmod 0660 /sys/class/usb_notify/usb_control/disable
676# Accelerometer_sensor
677 chown system radio /sys/class/sensors/accelerometer_sensor/raw_data
678 chown system radio /sys/class/sensors/accelerometer_sensor/calibration
679 chown system radio /sys/class/sensors/accelerometer_sensor/reactive_alert
680 chown system radio /sys/class/sensors/accelerometer_sensor/vendor
681 chown system radio /sys/class/sensors/accelerometer_sensor/name
682 chown system radio /sys/class/sensors/accelerometer_sensor/selftest
683 chown system radio /sys/class/sensors/accelerometer_sensor/lowpassfilter
684# Proximity_sensor
685 chown system radio /sys/class/sensors/proximity_sensor/state
686 chown system radio /sys/class/sensors/proximity_sensor/raw_data
687 chown system radio /sys/class/sensors/proximity_sensor/prox_avg
688 chown system radio /sys/class/sensors/proximity_sensor/prox_cal
689 chown system radio /sys/class/sensors/proximity_sensor/vendor
690 chown system radio /sys/class/sensors/proximity_sensor/name
691 chown system radio /sys/class/sensors/proximity_sensor/thresh_high
692 chown system radio /sys/class/sensors/proximity_sensor/thresh_low
693 chown system radio /sys/class/sensors/proximity_sensor/prox_offset_pass
694 chown system radio /sys/class/sensors/proximity_sensor/prox_trim
695# Light_sensor
696 chown system radio /sys/class/sensors/light_sensor/lux
697 chown system radio /sys/class/sensors/light_sensor/raw_data
698 chown system radio /sys/class/sensors/light_sensor/vendor
699 chown system radio /sys/class/sensors/light_sensor/name
700# Gyro_sensor
701 chown system radio /sys/class/sensors/gyro_sensor/power_on
702 chown system radio /sys/class/sensors/gyro_sensor/power_off
703 chown system radio /sys/class/sensors/gyro_sensor/temperature
704 chown system radio /sys/class/sensors/gyro_sensor/selftest
705 chown system radio /sys/class/sensors/gyro_sensor/vendor
706 chown system radio /sys/class/sensors/gyro_sensor/name
707# Magnetic_sensor
708 chown system radio /sys/class/sensors/magnetic_sensor/selftest
709 chown system radio /sys/class/sensors/magnetic_sensor/raw_data
710 chown system radio /sys/class/sensors/magnetic_sensor/adc
711 chown system radio /sys/class/sensors/magnetic_sensor/vendor
712 chown system radio /sys/class/sensors/magnetic_sensor/name
713 chown system radio /sys/class/sensors/magnetic_sensor/status
714# MetaEvent
715 chown system radio /sys/class/sensors/sensor_dev/flush
716
717# Permissions for Charging
718 mkdir /efs/Battery 0775 radio system
719 chown system radio /sys/class/power_supply/battery/batt_reset_soc
720 chown system radio /sys/class/power_supply/battery/update
721 chown system radio /sys/class/power_supply/battery/factory_mode
722 chown system radio /sys/class/power_supply/battery/batt_slate_mode
723 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/call
724 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/video
725 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/music
726 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/browser
727 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/hotspot
728 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/camera
729 chown system radio /sys/class/power_supply/battery/talk_wcdma
730 chown system radio /sys/class/power_supply/battery/talk_gsm
731 chown system radio /sys/class/power_supply/battery/call
732 chown system radio /sys/class/power_supply/battery/data_call
733 chown system radio /sys/class/power_supply/battery/gps
734 chown system radio /sys/class/power_supply/battery/wifi
735 chown system radio /sys/class/power_supply/battery/lte
736 chown system radio /sys/class/power_supply/battery/wc_enable
737 chown system radio /sys/class/power_supply/battery/lcd
738 chown system radio /sys/class/power_supply/ps/status
739 chmod 0664 /sys/class/power_supply/ps/status
740 chown system radio /sys/class/power_supply/battery/batt_temp_table
741
742 # Define default initial receive window size in segments.
743 setprop net.tcp.default_init_rwnd 60
744
745 write /sys/block/mmcblk0/queue/scheduler noop
746 copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table
747
748 class_start core
749
750# Permission for fast dormancy for RIL
751 chown system radio /sys/devices/virtual/sec/bamdmux/waketime
752
753# Permission for a RPMB checking thru IMEI
754 chown system radio /sys/kernel/debug/tzdbg/log
755
756# MTP permission
757 chmod 0660 /dev/usb_mtp_gadget
758 chown system mtp /dev/usb_mtp_gadget
759 mkdir /dev/socket/mtp 0770 system mtp
760
761on nonencrypted
762 class_start main
763 class_start late_start
764
765on property:vold.decrypt=trigger_default_encryption
766 start defaultcrypto
767
768on property:vold.decrypt=trigger_encryption
769 start surfaceflinger
770 start encrypt
771
772on property:sys.init_log_level=*
773 loglevel ${sys.init_log_level}
774
775on charger
776 mount ext4 /dev/block/bootdevice/by-name/system /system wait ro
777 copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table
778
779 wait /dev/block/bootdevice/by-name/efs
780 check_fs /dev/block/bootdevice/by-name/efs ext4
781 mount ext4 /dev/block/bootdevice/by-name/efs /efs nosuid nodev noatime noauto_da_alloc,discard,journal_async_commit,errors=panic
782 chown system radio /efs
783 chmod 0771 /efs
784 mkdir /efs/Battery 0775 radio system
785
786 class_start charger
787
788
789on property:vold.decrypt=trigger_reset_main
790 class_reset main
791
792on property:vold.decrypt=trigger_load_persist_props
793 load_persist_props
794
795on property:vold.decrypt=trigger_post_fs_data
796 trigger post-fs-data
797
798on property:vold.decrypt=trigger_restart_min_framework
799 class_start main
800
801on property:vold.decrypt=trigger_restart_framework
802 class_start main
803 class_start late_start
804 start keystore
805
806on property:vold.decrypt=trigger_shutdown_framework
807 class_reset late_start
808 class_reset main
809
810on property:sys.powerctl=*
811 powerctl ${sys.powerctl}
812
813# system server cannot write to /proc/sys files,
814# and chown/chmod does not work for /proc/sys/ entries.
815# So proxy writes through init.
816on property:sys.sysctl.extra_free_kbytes=*
817 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
818
819# "tcp_default_init_rwnd" Is too long!
820on property:sys.sysctl.tcp_def_init_rwnd=*
821 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
822
823
824## Daemon processes to be run by init.
825##
826
827service ueventd /sbin/ueventd
828 class core
829 critical
830 seclabel u:r:ueventd:s0
831
832service logd /system/bin/logd
833 class core
834 socket logd stream 0666 logd logd
835 socket logdr seqpacket 0666 logd logd
836 socket logdw dgram 0222 logd logd
837 seclabel u:r:logd:s0
838
839service healthd /sbin/healthd
840 class core
841 critical
842 seclabel u:r:healthd:s0
843
844service lpm /system/bin/lpm
845 class charger
846 critical
847#start SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID
848# Reload SE Android Policy for MDM
849on property:persist.security.mdm.policy=1
850 setprop selinux.reload_policy 1
851#end SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID
852
853service console /system/bin/sh
854 class core
855 console
856 disabled
857 user shell
858 group shell log
859 seclabel u:r:shell:s0
860
861## WTL_EDM_START
862## EDM AuditLog
863service edmaudit /system/bin/edmaudit
864 class main
865 user root
866
867## WTL_EDM_END
868service auditd /system/bin/auditd -k
869 seclabel u:r:logd:s0
870 class main
871# SEC_LINUX DRS Service
872service drsd /system/bin/drsd
873 class main
874 socket drsd stream 600 system system
875
876
877service prepare_param /system/bin/prepare_param.sh /dev/block/platform/7824900.sdhci/by-name/param
878 class core
879 user root
880 group root
881 seclabel u:r:prepare_param:s0
882 oneshot
883
884# icd
885service icd /system/bin/icd
886 class main
887 user system
888 group system log
889 onrestart check_icd
890 oneshot
891
892on property:ro.debuggable=1
893 start console
894
895# SEC_SELINUX
896on property:selinux.reload_policy=1
897 chown system system /sys/fs/selinux/enforce
898 chown -R system system /sys/fs/selinux/booleans
899 chown system system /sys/fs/selinux/commit_pending_bools
900
901# SEC_SELINUX to support spota
902on property:selinux.sec.restorecon=1
903 restorecon_recursive /data/security/spota
904
905# SEC_SELINUX
906on property:init.svc.bootanim=stopped
907 start auditd
908
909# adbd is controlled via property triggers in init.<platform>.usb.rc
910service adbd /sbin/adbd --root_seclabel=u:r:su:s0
911 class core
912 socket adbd stream 660 system system
913 disabled
914 seclabel u:r:adbd:s0
915
916# adbd on at boot in emulator
917on property:ro.kernel.qemu=1
918 start adbd
919
920service lmkd /system/bin/lmkd
921 class core
922 critical
923 socket lmkd seqpacket 0660 system system
924
925service scs /system/bin/scs
926 class main
927 user system
928 group system
929 oneshot
930
931service servicemanager /system/bin/servicemanager
932 class core
933 user system
934 group system
935 critical
936 onrestart restart healthd
937 onrestart restart zygote
938 onrestart restart media
939 onrestart restart surfaceflinger
940 onrestart restart drm
941 onrestart restart sensorhubservice
942 onrestart restart keystore
943
944service vold /system/bin/vold
945 class core
946 socket vold stream 0660 root mount
947## Samsung ODE >>>
948 socket dir_enc_report stream 0660 root mount
949## Samsung ODE <<<
950 ioprio be 2
951
952## Frigatebird
953 socket frigate stream 0660 system system
954
955service epmd /system/bin/epmd
956 class main
957 socket epm stream 0660 system system
958 socket ppm stream 0660 system system
959 ioprio be 2
960
961service netd /system/bin/netd
962 class main
963 socket netd stream 0660 root system
964 socket dnsproxyd stream 0660 root inet
965 socket mdns stream 0660 root system
966 socket fwmarkd stream 0660 root inet
967
968service debuggerd /system/bin/debuggerd
969 class main
970
971service ril-daemon /system/bin/rild
972 class main
973 socket rild stream 660 root radio
974 socket rild-debug stream 660 radio system
975 user root
976 group radio cache inet misc audio sdcard_rw qcom_diag log
977
978service surfaceflinger /system/bin/surfaceflinger
979 class core
980 user system
981 group graphics drmrpc
982 onrestart restart zygote
983
984service DR-daemon /system/bin/ddexe
985 class main
986 user root
987 group system radio inet net_raw
988
989service SMD-daemon /system/bin/smdexe
990 class main
991 user root
992 group system radio inet net_raw
993
994service BCS-daemon /system/bin/connfwexe
995 class main
996 user root
997 group system radio inet net_raw
998
999service drm /system/bin/drmserver
1000 class main
1001 user drm
1002# [ SEC_MM_DRM
1003# fix
1004 group drm system inet drmrpc radio
1005# org
1006# group drm system inet drmrpc
1007# ]
1008
1009service media /system/bin/mediaserver
1010 class main
1011 user media
1012 group system audio camera inet net_bt net_bt_admin net_raw net_bw_acct drmrpc mediadrm qcom_diag radio media_rw
1013 ioprio rt 4
1014
1015# One shot invocation to deal with encrypted volume.
1016service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
1017 disabled
1018 oneshot
1019 # vold will set vold.decrypt to trigger_restart_framework (default
1020 # encryption) or trigger_restart_min_framework (other encryption)
1021
1022# One shot invocation to encrypt unencrypted volumes
1023service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
1024 disabled
1025 oneshot
1026 # vold will set vold.decrypt to trigger_restart_framework (default
1027 # encryption)
1028
1029service bootanim /system/bin/bootanimation
1030 class core
1031 user graphics
1032 group graphics audio
1033 disabled
1034 oneshot
1035
1036service installd /system/bin/installd
1037 class main
1038 socket installd stream 600 system system
1039
1040service flash_recovery /system/bin/install-recovery.sh
1041 class main
1042 seclabel u:r:install_recovery:s0
1043 oneshot
1044 disabled
1045
1046# update recovery if enabled
1047on property:persist.sys.recovery_update=true
1048 start flash_recovery
1049
1050service racoon /system/bin/racoon
1051 class main
1052 socket racoon stream 600 system system
1053 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
1054 group vpn net_admin inet
1055 disabled
1056 oneshot
1057
1058service mtpd /system/bin/mtpd
1059 class main
1060 socket mtpd stream 600 system system
1061 user vpn
1062 group vpn net_admin inet net_raw
1063 disabled
1064 oneshot
1065
1066service keystore /system/bin/keystore /data/misc/keystore
1067 class main
1068 user keystore
1069 group keystore drmrpc system
1070 disabled
1071
1072service dumpstate /system/bin/dumpstate -s
1073 class main
1074 socket dumpstate stream 0660 shell log
1075 disabled
1076 oneshot
1077
1078service mdnsd /system/bin/mdnsd
1079 class main
1080 user mdnsr
1081 group inet net_raw
1082 socket mdnsd stream 0660 mdnsr inet
1083 disabled
1084 oneshot
1085
1086service pre-recovery /system/bin/uncrypt
1087 class main
1088 disabled
1089 oneshot
1090
1091# otp
1092service otp /system/bin/otp_server
1093 user system
1094 group system
1095 disabled
1096
1097on property:persist.security.tlc.otp=1
1098 start otp
1099 setprop persist.security.tlc.otp 0
1100
1101# ccm
1102 service ccm /system/bin/tlc_server
1103 user system
1104 group system
1105 disabled
1106
1107on property:persist.security.tlc.ccm=1
1108 start ccm
1109 setprop persist.security.tlc.ccm 0
1110
1111# tui
1112 service tui /system/bin/tlc_server TUI
1113 user system
1114 group system
1115 disabled
1116
1117on property:persist.security.tlc.tui=1
1118 start tui
1119 setprop persist.security.tlc.tui 0
1120
1121# CS DAEMON
1122service cs_service /system/bin/cs
1123 class main
1124 user system
1125 group system
1126 disabled
1127
1128# insthk
1129service insthk /system/bin/insthk
1130 class main
1131 user root
1132 disabled
1133 oneshot
1134
1135on property:sys.qseecomd.enable=true
1136 start cs_service
1137 start keystore
1138 start insthk
1139
1140service mcStarter /system/bin/tbaseLoader tbase
1141 class core
1142 user root
1143 group root
1144 disabled
1145 oneshot
1146
1147service run-mobicore /system/bin/mcDriverDaemon
1148 class core
1149 user system
1150 group system
1151 disabled
1152
1153on property:sys.qseecomd.enable=true
1154 start mcStarter
1155
1156on property:sys.mobicore.loaded=true
1157 start run-mobicore
1158
1159on property:sys.boot_completed=1
1160 write /sys/block/mmcblk0/queue/scheduler cfq
1161
1162# icd
1163on property:init.svc.media=restarting
1164 check_icd
1165 start icd
1166
1167# Activate Background Compaction
1168on property:sys.sysctl.compact_memory=1
1169 write /proc/sys/vm/compact_memory 1
1170 setprop sys.sysctl.compact_memory=0