Gitiles
Code Review Sign In
gerrit.twrp.me / android_device_samsung_j5lte / c12cb45cc1915084d2b4cb01a591b9ddba105f5e / . / rootdir / etc / init.rc
blob: ddb6b54da84338deb405e0e95e3f1d90b6b7c95b [file] [log] [blame]
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -0400[diff] [blame]1# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7import /init.environ.rc
8import /init.usb.rc
9import /init.${ro.hardware}.rc
10import /init.${ro.zygote}.rc
11import /init.trace.rc
12import /init.carrier.rc
13# Include CM's extra init file
14import /init.cm.rc
15
16
17on early-init
18 # Set init and its forked children's oom_adj.
19 write /proc/1/oom_score_adj -1000
20
21 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
22 write /sys/fs/selinux/checkreqprot 0
23
24 # Set the security context for the init process.
25 # This should occur before anything else (e.g. ueventd) is started.
26 setcon u:r:init:s0
27
28 # Set the security context of /adb_keys if present.
29 restorecon /adb_keys
30
31 start ueventd
32
33 # create mountpoints
34 mkdir /mnt 0775 root system
35
36on init
37 sysclktz 0
38
39 loglevel 3
40
41 # SEC_SELINUX
42 # for audit message
43 chown system system /proc/avc_msg
44 chmod 0660 /proc/avc_msg
45
46 # Backward compatibility
47 symlink /system/etc /etc
48 symlink /sys/kernel/debug /d
49# permission for CHARGING
50 chown system radio /sys/class/power_supply/battery/batt_discharging_check
51 chown system radio /sys/class/power_supply/battery/batt_discharging_check_adc
52 chown system radio /sys/class/power_supply/battery/batt_discharging_ntc
53 chown system radio /sys/class/power_supply/battery/batt_discharging_ntc_adc
54 chown system radio /sys/class/power_supply/battery/batt_self_discharging_control
55
56 # Right now vendor lives on the same filesystem as system,
57 # but someday that may change.
58 symlink /system/vendor /vendor
59
60 # Create cgroup mount point for cpu accounting
61 mkdir /acct
62 mount cgroup none /acct cpuacct
63 mkdir /acct/uid
64
65 # Create cgroup mount point for memory
66 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
67 mkdir /sys/fs/cgroup/memory 0750 root system
68 mount cgroup none /sys/fs/cgroup/memory memory
69 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
70 chown root system /sys/fs/cgroup/memory/tasks
71 chmod 0660 /sys/fs/cgroup/memory/tasks
72 mkdir /sys/fs/cgroup/memory/sw 0750 root system
73 write /sys/fs/cgroup/memory/sw/memory.swappiness 100
74 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
75 chown root system /sys/fs/cgroup/memory/sw/tasks
76 chmod 0660 /sys/fs/cgroup/memory/sw/tasks
Zvikomborero VIncent Zvikarambac12cb452016-07-22 12:49:41 -0400[diff] [blame^]77 chmod 0220 /sys/fs/cgroup/memory/cgroup.event_control
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -0400[diff] [blame]78
79 mkdir /system
80 mkdir /data 0771 system system
81 mkdir /cache 0770 system cache
82 mkdir /config 0500 root root
83 mkdir /efs 0771 system radio
84
85 # See storage config details at http://source.android.com/tech/storage/
86 mkdir /mnt/shell 0700 shell shell
87 mkdir /mnt/media_rw 0700 media_rw media_rw
88 mkdir /storage 0751 root sdcard_r
89
90 # Directory for putting things only root should see.
91 mkdir /mnt/secure 0700 root root
92
93 # Directory for staging bindmounts
94 mkdir /mnt/secure/staging 0700 root root
95
96 # Directory-target for where the secure container
97 # imagefile directory will be bind-mounted
98 mkdir /mnt/secure/asec 0700 root root
99
100 # Secure container public mount points.
101 mkdir /mnt/asec 0700 root system
102 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
103
104 # Filesystem image public mount points.
105 mkdir /mnt/obb 0700 root system
106 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
107
108 # memory control cgroup
109 mkdir /dev/memcg 0700 root system
110 mount cgroup none /dev/memcg memory
111
112 write /proc/sys/kernel/panic_on_oops 1
113 write /proc/sys/kernel/hung_task_timeout_secs 0
114 write /proc/cpu/alignment 4
115 write /proc/sys/kernel/sched_latency_ns 10000000
116 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
117 write /proc/sys/kernel/sched_compat_yield 1
118 write /proc/sys/kernel/sched_child_runs_first 0
119 write /proc/sys/kernel/randomize_va_space 2
120 write /proc/sys/kernel/kptr_restrict 2
121 write /proc/sys/vm/mmap_min_addr 32768
122 write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
123 write /proc/sys/net/unix/max_dgram_qlen 300
124 write /proc/sys/kernel/sched_rt_runtime_us 950000
125 write /proc/sys/kernel/sched_rt_period_us 1000000
126
127 # reflect fwmark from incoming packets onto generated replies
128 write /proc/sys/net/ipv4/fwmark_reflect 1
129 write /proc/sys/net/ipv6/fwmark_reflect 1
130
131 # set fwmark on accepted sockets
132 write /proc/sys/net/ipv4/tcp_fwmark_accept 1
133
134 # Create cgroup mount points for process groups
135 mkdir /dev/cpuctl
136 mount cgroup none /dev/cpuctl cpu
137 chown system system /dev/cpuctl
138 chown system system /dev/cpuctl/tasks
139 chmod 0660 /dev/cpuctl/tasks
140 write /dev/cpuctl/cpu.shares 1024
141 write /dev/cpuctl/cpu.rt_runtime_us 950000
Zvikomborero VIncent Zvikarambac12cb452016-07-22 12:49:41 -0400[diff] [blame^]142 write /dev/cpuctl/cpu.rt_period_us 1000000
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -0400[diff] [blame]143
144 mkdir /dev/cpuctl/apps
145 chown system system /dev/cpuctl/apps/tasks
146 chmod 0666 /dev/cpuctl/apps/tasks
147 write /dev/cpuctl/apps/cpu.shares 1024
148 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
149 write /dev/cpuctl/apps/cpu.rt_period_us 1000000
150
151 mkdir /dev/cpuctl/apps/bg_non_interactive
152 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
153 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
154 # 5.0 %
155 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
156 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
157 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
Zvikomborero VIncent Zvikarambac12cb452016-07-22 12:49:41 -0400[diff] [blame^]158
159 # Create cgroup mount points for process groups
160 mkdir /dev/cpuctl
161 mount cgroup none /dev/cpuctl cpu
162 chown system system /dev/cpuctl
163 chown system system /dev/cpuctl/tasks
164 chmod 0666 /dev/cpuctl/tasks
165 write /dev/cpuctl/cpu.shares 1024
166 write /dev/cpuctl/cpu.rt_runtime_us 800000
167 write /dev/cpuctl/cpu.rt_period_us 1000000
168
169 mkdir /dev/cpuctl/bg_non_interactive
170 chown system system /dev/cpuctl/bg_non_interactive/tasks
171 chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
172 # 5.0 %
173 write /dev/cpuctl/bg_non_interactive/cpu.shares 52
174 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
175 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -0400[diff] [blame]176
177 # qtaguid will limit access to specific data based on group memberships.
178 # net_bw_acct grants impersonation of socket owners.
179 # net_bw_stats grants access to other apps' detailed tagged-socket stats.
180 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
181 chown root net_bw_stats /proc/net/xt_qtaguid/stats
182
183 # Allow everybody to read the xt_qtaguid resource tracking misc dev.
184 # This is needed by any process that uses socket tagging.
185 chmod 0644 /dev/xt_qtaguid
186
187 # Create location for fs_mgr to store abbreviated output from filesystem
188 # checker programs.
189 mkdir /dev/fscklogs 0770 root system
190
191 # pstore/ramoops previous console log
192 mount pstore pstore /sys/fs/pstore
193 chown system log /sys/fs/pstore/console-ramoops
194 chmod 0440 /sys/fs/pstore/console-ramoops
195
196# Healthd can trigger a full boot from charger mode by signaling this
197# property when the power button is held.
198on property:sys.boot_from_charger_mode=1
199 class_stop charger
200 trigger late-init
201
202# Load properties from /system/ + /factory after fs mount.
203on load_all_props_action
204 load_all_props
205
206# Indicate to fw loaders that the relevant mounts are up.
207on firmware_mounts_complete
208 rm /dev/.booting
209
210# Mount filesystems and start core system services.
211on late-init
212 trigger early-fs
213 trigger fs
214 trigger post-fs
215 trigger post-fs-data
216
217 # Load properties from /system/ + /factory after fs mount. Place
218 # this in another action so that the load will be scheduled after the prior
219 # issued fs triggers have completed.
220 trigger load_all_props_action
221
Zvikomborero VIncent Zvikarambac12cb452016-07-22 12:49:41 -0400[diff] [blame^]222 modprobe ansi_cprng
223 modprobe core_ctl
224 modprobe dma_test
225 modprobe evbug
226 modprobe gator
227 modprobe mmc_block_test
228 modprobe mmc_test
229 modprobe msm-buspm-dev
230 modprobe oprofile
231 modprobe radio-iris-transport
232 modprobe spidev
233 modprobe tcp_htcp
234 modprobe tcp_westwood
235 modprobe test-iosched
236
Zvikomborero VIncent Zvikarambaa25011a2016-07-21 16:32:35 -0400[diff] [blame]237 # Remove a file to wake up anything waiting for firmware.
238 trigger firmware_mounts_complete
239
240 trigger early-boot
241 trigger boot
242
243
244on post-fs
245 # once everything is setup, no need to modify /
246 mount rootfs rootfs / ro remount
247 # mount shared so changes propagate into child namespaces
248 mount rootfs rootfs / shared rec
249
250 # We chown/chmod /cache again so because mount is run as root + defaults
251 chown system cache /cache
252 chmod 0770 /cache
253 # We restorecon /cache in case the cache partition has been reset.
254 restorecon_recursive /cache
255
256 # This may have been created by the recovery system with odd permissions
257 chown system cache /cache/recovery
258 chmod 0770 /cache/recovery
259
260 #change permissions on vmallocinfo so we can grab it from bugreports
261 chown root log /proc/vmallocinfo
262 chmod 0440 /proc/vmallocinfo
263
264 chown root log /proc/slabinfo
265 chmod 0440 /proc/slabinfo
266
267 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
268 chown root system /proc/kmsg
269 chmod 0440 /proc/kmsg
270 chown root system /proc/sysrq-trigger
271 chmod 0220 /proc/sysrq-trigger
272 chown system log /proc/last_kmsg
273 chmod 0440 /proc/last_kmsg
274
275 # make the selinux kernel policy world-readable
276 chmod 0444 /sys/fs/selinux/policy
277
278 # create the lost+found directories, so as to enforce our permissions
279 mkdir /cache/lost+found 0770 root root
280
281on post-fs-data
282 # sec_efs_file
283 mkdir /efs/sec_efs 0775 radio system
284
285 # We chown/chmod /data again so because mount is run as root + defaults
286 chown system system /data
287 chmod 0771 /data
288 # We restorecon /data in case the userdata partition has been reset.
289 restorecon /data
290 restorecon_recursive /data/media
291
292 # Avoid predictable entropy pool. Carry over entropy from previous boot.
293 copy /data/system/entropy.dat /dev/urandom
294
295 # Create dump dir and collect dumps.
296 # Do this before we mount cache so eventually we can use cache for
297 # storing dumps on platforms which do not have a dedicated dump partition.
298 mkdir /data/dontpanic 0750 root log
299
300 # Collect apanic data, free resources and re-arm trigger
301 copy /proc/apanic_console /data/dontpanic/apanic_console
302 chown root log /data/dontpanic/apanic_console
303 chmod 0640 /data/dontpanic/apanic_console
304
305 copy /proc/apanic_threads /data/dontpanic/apanic_threads
306 chown root log /data/dontpanic/apanic_threads
307 chmod 0640 /data/dontpanic/apanic_threads
308
309 write /proc/apanic_console 1
310
311 # create basic filesystem structure
312 mkdir /data/misc 01771 system misc
313 mkdir /data/misc/adb 02750 system shell
314 # SEC_SELINUX
315 mkdir /data/misc/audit 02775 audit system
316 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
317 mkdir /data/misc/bluetooth 0770 system system
318 mkdir /data/misc/keystore 0700 keystore keystore
319 mkdir /data/misc/keychain 0771 system system
320 mkdir /data/misc/net 0750 root shell
321 mkdir /data/misc/radio 0771 system radio
322 mkdir /data/misc/sms 0770 system radio
323 mkdir /data/misc/zoneinfo 0775 system system
324 mkdir /data/misc/vpn 0770 system vpn
325 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
326 mkdir /data/misc/systemkeys 0700 system system
327 mkdir /data/misc/wifi 0770 wifi system
328 mkdir /data/misc/wifi/sockets 0770 wifi wifi
329 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
330 mkdir /data/misc/wifi_share_profile 0771 wifi system
331 mkdir /data/misc/wifi_hostapd 0771 wifi system
332 mkdir /data/misc/ethernet 0770 system system
333 mkdir /data/misc/dhcp 0770 dhcp dhcp
334 mkdir /data/misc/user 0771 root root
335 # give system access to wpa_supplicant.conf for backup and restore
336 chmod 0660 /data/misc/wifi/wpa_supplicant.conf
337 chown system wifi /data/misc/wifi/wpa_supplicant.conf
338 mkdir /data/local 0751 root root
339 mkdir /data/misc/media 0700 media media
340
341 # icd
342 check_icd
343 chown system system /dev/icd
344 chmod 0644 /dev/icd
345 chown system system /dev/icdr
346 chmod 0644 /dev/icdr
347 chown system system /dev/tzic
348
349 mkdir /data/misc/radio/hatp 0755 radio system
350 # vpnclient
351 mkdir /data/misc/vpnclientd 0770 system system
352
353 # h2k permission
354 mkdir /efs/cpk 0771 radio system
355 chmod 0644 /efs/redata.bin
356 chmod 0644 /efs/cpk/redata.bin
357 chown radio radio /efs/h2k.dat
358 chown radio radio /efs/cpk/h2k.dat
359 chmod 0644 /efs/h2k.dat
360 chmod 0644 /efs/cpk/h2k.dat
361 chown system system /efs/drm/h2k
362
363 # For security reasons, /data/local/tmp should always be empty.
364 # Do not place files or directories in /data/local/tmp
365 mkdir /data/local/tmp 0771 shell shell
366 mkdir /data/data 0771 system system
367 mkdir /data/app-private 0771 system system
368 mkdir /data/app-asec 0700 root root
369 mkdir /data/app-lib 0771 system system
370 mkdir /data/app 0771 system system
371 mkdir /data/property 0700 root root
372
373 # SA, System SW, SAMSUNG
374 # create log directory
375 mkdir /data/log 0775 system log
376 chown system log /data/log
377 mkdir /data/anr 0775 system system
378 chown system system /data/anr
379 chmod 0775 /data/log
380 chmod 0775 /data/anr
381 restorecon /data/log
382 restorecon /data/anr
383
384 # create dalvik-cache, so as to enforce our permissions
385 mkdir /data/dalvik-cache 0771 root root
386 mkdir /data/dalvik-cache/profiles 0711 system system
387
388 # create resource-cache and double-check the perms
389 mkdir /data/resource-cache 0771 system system
390 chown system system /data/resource-cache
391 chmod 0771 /data/resource-cache
392
393 # create the lost+found directories, so as to enforce our permissions
394 mkdir /data/lost+found 0770 root root
395
396 # create directory for DRM plug-ins - give drm the read/write access to
397 # the following directory.
398 mkdir /data/drm 0770 drm drm
399
400 # create directory for MediaDrm plug-ins - give drm the read/write access to
401 # the following directory.
402 mkdir /data/mediadrm 0770 mediadrm mediadrm
403
404# DRK permission
405 mkdir /efs/prov 0770 radio system
406 mkdir /efs/prov_data 0770 radio system
407 chown radio system /efs/prov_data/dev_root
408 chmod 0770 /efs/prov_data/dev_root
409 chown radio system /efs/prov_data/dev_root/dev_root.dat
410 chmod 0640 /efs/prov_data/dev_root/dev_root.dat
411 chown radio system /efs/prov/libdevkm.lock
412 chmod 0660 /efs/prov/libdevkm.lock
413 rm /efs/prov/prov.b00
414 rm /efs/prov/prov.b01
415 rm /efs/prov/prov.b02
416 rm /efs/prov/prov.b03
417 rm /efs/prov/prov.mdt
418# CS socket
419 mkdir /dev/socket/cs_socket 0770 system system
420
421# [ SEC_MM_DRM
422 # Added drm folder to copy drm plugins
423 mkdir /system/lib/drm 0775
424 chown root root /system/lib/drm
425 chmod 0775 /system/lib/drm
426
427 restorecon -R /efs
428 restorecon -R /carrier
429 restorecon_recursive /data/misc/keystore
430 restorecon_recursive /data/property
431 restorecon_recursive /data/security
432# ]
433
434 # symlink to bugreport storage location
435 symlink /data/data/com.android.shell/files/bugreports /data/bugreports
436
437 # Separate location for storing security policy files on data
438 mkdir /data/security 0711 system system
439
440 # Reload policy from /data/security if present.
441 setprop selinux.reload_policy 1
442
443 # SA, System SW, SAMSUNG create log directory
444 mkdir /data/log 0775 system log
445 chown system log /data/log
446 mkdir /data/anr 0775 system system
447 chown system system /data/anr
448 chmod 0775 /data/log
449 chmod 0775 /data/anr
450 restorecon /data/log
451 restorecon /data/anr
452
453 # Set SELinux security contexts on upgrade or policy update.
454 restorecon_recursive /data
455 restorecon /data/data
456 restorecon /data/user
457 restorecon /data/user/0
458
459 # If there is no fs-post-data action in the init.<device>.rc file, you
460 # must uncomment this line, otherwise encrypted filesystems
461 # won't work.
462 # Set indication (checked by vold) that we have finished this action
463 #setprop vold.post_fs_data_done 1
464
465on boot
466 # basic network init
467 ifup lo
468 hostname localhost
469 domainname localdomain
470
471 # set RLIMIT_NICE to allow priorities from 19 to -20
472 setrlimit 13 40 40
473
474 # Memory management. Basic kernel parameters, and allow the high
475 # level system server to be able to adjust the kernel OOM driver
476 # parameters to match how it is managing things.
477 write /proc/sys/vm/overcommit_memory 1
478 write /proc/sys/vm/min_free_order_shift 4
479 chown root system /sys/module/lowmemorykiller/parameters/adj
480 chmod 0220 /sys/module/lowmemorykiller/parameters/adj
481 chown root system /sys/module/lowmemorykiller/parameters/minfree
482 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
483
484 # Tweak background writeout
485 write /proc/sys/vm/dirty_expire_centisecs 200
486 write /proc/sys/vm/dirty_background_ratio 5
487
488# SEC DVFS sysfs node
489 chown radio system /sys/power/cpufreq_max_limit
490 chown radio system /sys/power/cpufreq_min_limit
491 chown radio system /sys/power/cpufreq_table
492 chmod 664 /sys/power/cpufreq_max_limit
493 chmod 664 /sys/power/cpufreq_min_limit
494 chmod 664 /sys/power/cpufreq_table
495
496 chown radio system /sys/devices/system/cpu/kernel_max
497 chmod 664 /sys/devices/system/cpu/kernel_max
498
499 chown radio system /sys/class/kgsl/kgsl-3d0/max_pwrlevel
500 chmod 664 /sys/class/kgsl/kgsl-3d0/max_pwrlevel
501 chown radio system /sys/class/kgsl/kgsl-3d0/min_pwrlevel
502 chmod 664 /sys/class/kgsl/kgsl-3d0/min_pwrlevel
503 chown radio system /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
504 chmod 664 /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
505
506# Permissions for SSRM
507 chmod 0664 /sys/devices/platform/sec-thermistor/temperature
508 chmod 0664 /sys/class/power_supply/battery/siop_level
509 chmod 0664 /sys/class/power_supply/battery/test_charge_current
510 chown radio system /sys/devices/platform/sec-thermistor/temperature
511 chown radio system /sys/class/power_supply/battery/siop_level
512 chown radio system /sys/class/power_supply/battery/test_charge_current
513
514 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
515 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
516 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
517 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
518 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
519 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
520 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
521 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
522 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
523 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
524 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
525 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
526 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
527 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
528 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
529 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
530 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
531 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
532 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
533 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
534 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
535 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
536 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
537
538 # Assume SMP uses shared cpufreq policy for all CPUs
539 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
540 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
541
542 chown system system /sys/class/timed_output/vibrator/enable
543 chown system system /sys/class/leds/keyboard-backlight/brightness
544 chown system system /sys/class/leds/lcd-backlight/brightness
545 chown system system /sys/class/leds/button-backlight/brightness
546 chown system system /sys/class/leds/jogball-backlight/brightness
547 chown system system /sys/class/leds/red/brightness
548 chown system system /sys/class/leds/green/brightness
549 chown system system /sys/class/leds/blue/brightness
550 chown system system /sys/class/leds/red/device/grpfreq
551 chown system system /sys/class/leds/red/device/grppwm
552 chown system system /sys/class/leds/red/device/blink
553 chown system system /sys/class/timed_output/vibrator/enable
554 chown system system /sys/module/sco/parameters/disable_esco
555 chown system system /sys/kernel/ipv4/tcp_wmem_min
556 chown system system /sys/kernel/ipv4/tcp_wmem_def
557 chown system system /sys/kernel/ipv4/tcp_wmem_max
558 chown system system /sys/kernel/ipv4/tcp_rmem_min
559 chown system system /sys/kernel/ipv4/tcp_rmem_def
560 chown system system /sys/kernel/ipv4/tcp_rmem_max
561 chown root radio /proc/cmdline
562
563# Auto Brightness
564 chown system system /sys/class/backlight/panel/auto_brightness
565 chmod 0660 /sys/class/backlight/panel/auto_brightness
566
567# LCD mdnie and panel work
568 chown system system /sys/class/mdnie/mdnie/lcdtype
569 chown system system /sys/class/mdnie/mdnie/lcd_power
570 chown system media_rw /sys/class/mdnie/mdnie/scenario
571 chmod 0660 /sys/class/mdnie/mdnie/scenario
572
573 chown system system /sys/class/mdnie/mdnie/tuning
574 chown system media_rw /sys/class/mdnie/mdnie/outdoor
575 chown system system /sys/class/mdnie/mdnie/mdnie_temp
576 chown system media_rw /sys/class/mdnie/mdnie/mode
577 chown system system /sys/class/mdnie/mdnie/negative
578 chown system media_rw /sys/class/mdnie/mdnie/playspeed
579 chown system media_rw /sys/class/mdnie/mdnie/accessibility
580 chown system system /sys/class/mdnie/mdnie/cabc
581 chown system system /sys/class/mdnie/mdnie/bypass
582 chown system media_rw /sys/class/mdnie/mdnie/sensorRGB
583 chmod 0660 /sys/class/mdnie/mdnie/sensorRGB
584
585 chown system system /sys/class/lcd/panel/panel/auto_brightness
586 chown system system /sys/class/lcd/panel/window_type
587 chown radio system /sys/class/lcd/panel/power_reduce
588 chown radio system /sys/class/lcd/panel/siop_enable
589 chown radio system /sys/class/lcd/panel/temperature
590 chown radio system /sys/class/lcd/panel/tuning
591 chown radio system /sys/class/lcd/panel/lux
592
593# Adjust YUV to RGB Conversion(CSC_Conversion)
594 chown system media_rw /sys/class/graphics/fb0/csc_cfg
595 chmod 0660 /sys/class/graphics/fb0/csc_cfg
596
597# permission for Input Device(TSP).
598 chown system radio /sys/class/sec/tsp/cmd
599 chmod 0660 /sys/class/sec/tsp/input/enabled
600 chown system system /sys/class/sec/tsp/input/enabled
601
602# permission for Input Device(TKEY).
603 chmod 0660 /sys/class/sec/sec_touchkey/input/enabled
604 chown system system /sys/class/sec/sec_touchkey/input/enabled
605
606# permission for TKEY LED EN
607 chmod 0660 /sys/class/sec/sec_touchkey/brightness
608 chown system system /sys/class/sec/sec_touchkey/brightness
609
610# Permissions for gpio_keys
611 chown system radio /sys/class/sec/sec_key/wakeup_keys
612 write /sys/class/sec/sec_key/wakeup_keys 116,172
613
614 # Permissions for System Server and daemons.
615 chown radio system /sys/android_power/state
616 chown radio system /sys/android_power/request_state
617 chown radio system /sys/android_power/acquire_full_wake_lock
618 chown radio system /sys/android_power/acquire_partial_wake_lock
619 chown radio system /sys/android_power/release_wake_lock
620 chown system system /sys/power/autosleep
621 chown system system /sys/power/state
622 chown system system /sys/power/wakeup_count
623 chown radio system /sys/power/wake_lock
624 chown radio system /sys/power/wake_unlock
625 chmod 0660 /sys/power/state
626 chmod 0660 /sys/power/wake_lock
627 chmod 0660 /sys/power/wake_unlock
628 chown system system /sys/module/msm_thermal/core_control/enabled
629
630 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
631 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
632 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
633 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
634 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
635 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
636 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
637 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
638 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
639 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
640 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
641 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
642 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
643 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
644 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
645 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
646 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
647 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
648 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
649 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
650 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
651 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
652 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
653
654 # Assume SMP uses shared cpufreq policy for all CPUs
655 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
656 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
657
658 chown system system /sys/class/timed_output/vibrator/enable
659 chown system system /sys/class/leds/keyboard-backlight/brightness
660 chown system system /sys/class/leds/lcd-backlight/brightness
661 chown system system /sys/class/leds/torch-light/brightness
662 chown system system /sys/class/leds/button-backlight/brightness
663 chown system system /sys/class/leds/jogball-backlight/brightness
664 chown system system /sys/class/leds/red/brightness
665 chown system system /sys/class/leds/green/brightness
666 chown system system /sys/class/leds/blue/brightness
667 chown system system /sys/class/leds/red/device/grpfreq
668 chown system system /sys/class/leds/red/device/grppwm
669 chown system system /sys/class/leds/red/device/blink
670 chown system system /sys/class/timed_output/vibrator/enable
671 chown system system /sys/module/sco/parameters/disable_esco
672 chown system system /sys/kernel/ipv4/tcp_wmem_min
673 chown system system /sys/kernel/ipv4/tcp_wmem_def
674 chown system system /sys/kernel/ipv4/tcp_wmem_max
675 chown system system /sys/kernel/ipv4/tcp_rmem_min
676 chown system system /sys/kernel/ipv4/tcp_rmem_def
677 chown system system /sys/kernel/ipv4/tcp_rmem_max
678 chown root radio /proc/cmdline
679# NFC_SLSI
680 chmod 0660 /dev/sec-nfc
681 chown nfc nfc /dev/sec-nfc
682 mkdir /data/nfc 0700 nfc nfc
683 mkdir /data/nfc/param 0700 nfc nfc
684
685# Permissions for Camera
686 chown root system /sys/class/camera/rear/rear_camantibanding
687 chown system system /sys/class/camera/rear/rear_camfw
688 chown system system /sys/class/camera/rear/rear_checkfw_user
689 chown system system /sys/class/camera/rear/rear_checkfw_factory
690 chown system system /sys/class/camera/rear/rear_camfw_full
691 chown system system /sys/class/camera/rear/rear_camfw_load
692 chown system system /sys/class/camera/rear/rear_camtype
693 chown system radio /sys/class/camera/rear/rear_corever
694 chown system radio /sys/class/camera/rear/rear_companionfw_full
695 chown system radio /sys/class/camera/rear/rear_calcheck
696 chown system radio /sys/class/camera/rear/rear_fwcheck
697 chown system system /sys/class/camera/rear/isp_core
698 chown system radio /sys/class/camera/flash/rear_flash
699 chown system radio /sys/class/camera/flash/front_flash
700 chown system system /sys/class/camera/front/front_camfw
701 chown system system /sys/class/camera/front/front_camtype
702 chown system system /sys/class/camera/front/front_camfw_full
703 chown system system /sys/class/camera/front/front_camfw_load
704
705#OTG Test
706 chown system radio /sys/class/host_notify/usb_otg/booster
707 chmod 0660 /sys/class/host_notify/usb_otg/booster
708 chown system radio /sys/class/usb_notify/usb_control/disable
709 chmod 0660 /sys/class/usb_notify/usb_control/disable
710# Accelerometer_sensor
711 chown system radio /sys/class/sensors/accelerometer_sensor/raw_data
712 chown system radio /sys/class/sensors/accelerometer_sensor/calibration
713 chown system radio /sys/class/sensors/accelerometer_sensor/reactive_alert
714 chown system radio /sys/class/sensors/accelerometer_sensor/vendor
715 chown system radio /sys/class/sensors/accelerometer_sensor/name
716 chown system radio /sys/class/sensors/accelerometer_sensor/selftest
717 chown system radio /sys/class/sensors/accelerometer_sensor/lowpassfilter
718# Proximity_sensor
719 chown system radio /sys/class/sensors/proximity_sensor/state
720 chown system radio /sys/class/sensors/proximity_sensor/raw_data
721 chown system radio /sys/class/sensors/proximity_sensor/prox_avg
722 chown system radio /sys/class/sensors/proximity_sensor/prox_cal
723 chown system radio /sys/class/sensors/proximity_sensor/vendor
724 chown system radio /sys/class/sensors/proximity_sensor/name
725 chown system radio /sys/class/sensors/proximity_sensor/thresh_high
726 chown system radio /sys/class/sensors/proximity_sensor/thresh_low
727 chown system radio /sys/class/sensors/proximity_sensor/prox_offset_pass
728 chown system radio /sys/class/sensors/proximity_sensor/prox_trim
729# Light_sensor
730 chown system radio /sys/class/sensors/light_sensor/lux
731 chown system radio /sys/class/sensors/light_sensor/raw_data
732 chown system radio /sys/class/sensors/light_sensor/vendor
733 chown system radio /sys/class/sensors/light_sensor/name
734# Gyro_sensor
735 chown system radio /sys/class/sensors/gyro_sensor/power_on
736 chown system radio /sys/class/sensors/gyro_sensor/power_off
737 chown system radio /sys/class/sensors/gyro_sensor/temperature
738 chown system radio /sys/class/sensors/gyro_sensor/selftest
739 chown system radio /sys/class/sensors/gyro_sensor/vendor
740 chown system radio /sys/class/sensors/gyro_sensor/name
741# Magnetic_sensor
742 chown system radio /sys/class/sensors/magnetic_sensor/selftest
743 chown system radio /sys/class/sensors/magnetic_sensor/raw_data
744 chown system radio /sys/class/sensors/magnetic_sensor/adc
745 chown system radio /sys/class/sensors/magnetic_sensor/vendor
746 chown system radio /sys/class/sensors/magnetic_sensor/name
747 chown system radio /sys/class/sensors/magnetic_sensor/status
748# MetaEvent
749 chown system radio /sys/class/sensors/sensor_dev/flush
750
751# Permissions for Charging
752 mkdir /efs/Battery 0775 radio system
753 chown system radio /sys/class/power_supply/battery/batt_reset_soc
754 chown system radio /sys/class/power_supply/battery/update
755 chown system radio /sys/class/power_supply/battery/factory_mode
756 chown system radio /sys/class/power_supply/battery/batt_slate_mode
757 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/call
758 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/video
759 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/music
760 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/browser
761 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/hotspot
762 chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/camera
763 chown system radio /sys/class/power_supply/battery/talk_wcdma
764 chown system radio /sys/class/power_supply/battery/talk_gsm
765 chown system radio /sys/class/power_supply/battery/call
766 chown system radio /sys/class/power_supply/battery/data_call
767 chown system radio /sys/class/power_supply/battery/gps
768 chown system radio /sys/class/power_supply/battery/wifi
769 chown system radio /sys/class/power_supply/battery/lte
770 chown system radio /sys/class/power_supply/battery/wc_enable
771 chown system radio /sys/class/power_supply/battery/lcd
772 chown system radio /sys/class/power_supply/ps/status
773 chmod 0664 /sys/class/power_supply/ps/status
774 chown system radio /sys/class/power_supply/battery/batt_temp_table
775
776 # Define default initial receive window size in segments.
777 setprop net.tcp.default_init_rwnd 60
778
779 write /sys/block/mmcblk0/queue/scheduler noop
780 copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table
781
782 class_start core
783
784# Permission for fast dormancy for RIL
785 chown system radio /sys/devices/virtual/sec/bamdmux/waketime
786
787# Permission for a RPMB checking thru IMEI
788 chown system radio /sys/kernel/debug/tzdbg/log
789
790# MTP permission
791 chmod 0660 /dev/usb_mtp_gadget
792 chown system mtp /dev/usb_mtp_gadget
793 mkdir /dev/socket/mtp 0770 system mtp
794
795on nonencrypted
796 class_start main
797 class_start late_start
798
799on property:vold.decrypt=trigger_default_encryption
800 start defaultcrypto
801
802on property:vold.decrypt=trigger_encryption
803 start surfaceflinger
804 start encrypt
805
806on property:sys.init_log_level=*
807 loglevel ${sys.init_log_level}
808
809on charger
810 mount ext4 /dev/block/bootdevice/by-name/system /system wait ro
811 copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table
812
813 wait /dev/block/bootdevice/by-name/efs
814 check_fs /dev/block/bootdevice/by-name/efs ext4
815 mount ext4 /dev/block/bootdevice/by-name/efs /efs nosuid nodev noatime noauto_da_alloc,discard,journal_async_commit,errors=panic
816 chown system radio /efs
817 chmod 0771 /efs
818 mkdir /efs/Battery 0775 radio system
819
820 class_start charger
821
822
823on property:vold.decrypt=trigger_reset_main
824 class_reset main
825
826on property:vold.decrypt=trigger_load_persist_props
827 load_persist_props
828
829on property:vold.decrypt=trigger_post_fs_data
830 trigger post-fs-data
831
832on property:vold.decrypt=trigger_restart_min_framework
833 class_start main
834
835on property:vold.decrypt=trigger_restart_framework
836 class_start main
837 class_start late_start
838 start keystore
839
840on property:vold.decrypt=trigger_shutdown_framework
841 class_reset late_start
842 class_reset main
843
844on property:sys.powerctl=*
845 powerctl ${sys.powerctl}
846
847# system server cannot write to /proc/sys files,
848# and chown/chmod does not work for /proc/sys/ entries.
849# So proxy writes through init.
850on property:sys.sysctl.extra_free_kbytes=*
851 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
852
853# "tcp_default_init_rwnd" Is too long!
854on property:sys.sysctl.tcp_def_init_rwnd=*
855 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
856
857
858## Daemon processes to be run by init.
859##
860
861service ueventd /sbin/ueventd
862 class core
863 critical
864 seclabel u:r:ueventd:s0
865
866service logd /system/bin/logd
867 class core
868 socket logd stream 0666 logd logd
869 socket logdr seqpacket 0666 logd logd
870 socket logdw dgram 0222 logd logd
871 seclabel u:r:logd:s0
872
873service healthd /sbin/healthd
874 class core
875 critical
876 seclabel u:r:healthd:s0
877
878service lpm /system/bin/lpm
879 class charger
880 critical
881#start SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID
882# Reload SE Android Policy for MDM
883on property:persist.security.mdm.policy=1
884 setprop selinux.reload_policy 1
885#end SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID
886
887service console /system/bin/sh
888 class core
889 console
890 disabled
891 user shell
892 group shell log
893 seclabel u:r:shell:s0
894
895## WTL_EDM_START
896## EDM AuditLog
897service edmaudit /system/bin/edmaudit
898 class main
899 user root
900
901## WTL_EDM_END
902service auditd /system/bin/auditd -k
903 seclabel u:r:logd:s0
904 class main
905# SEC_LINUX DRS Service
906service drsd /system/bin/drsd
907 class main
908 socket drsd stream 600 system system
909
910
911service prepare_param /system/bin/prepare_param.sh /dev/block/platform/7824900.sdhci/by-name/param
912 class core
913 user root
914 group root
915 seclabel u:r:prepare_param:s0
916 oneshot
917
918# icd
919service icd /system/bin/icd
920 class main
921 user system
922 group system log
923 onrestart check_icd
924 oneshot
925
926on property:ro.debuggable=1
927 start console
928
929# SEC_SELINUX
930on property:selinux.reload_policy=1
931 chown system system /sys/fs/selinux/enforce
932 chown -R system system /sys/fs/selinux/booleans
933 chown system system /sys/fs/selinux/commit_pending_bools
934
935# SEC_SELINUX to support spota
936on property:selinux.sec.restorecon=1
937 restorecon_recursive /data/security/spota
938
939# SEC_SELINUX
940on property:init.svc.bootanim=stopped
941 start auditd
942
943# adbd is controlled via property triggers in init.<platform>.usb.rc
944service adbd /sbin/adbd --root_seclabel=u:r:su:s0
945 class core
946 socket adbd stream 660 system system
947 disabled
948 seclabel u:r:adbd:s0
949
950# adbd on at boot in emulator
951on property:ro.kernel.qemu=1
952 start adbd
953
954service lmkd /system/bin/lmkd
955 class core
956 critical
957 socket lmkd seqpacket 0660 system system
958
959service scs /system/bin/scs
960 class main
961 user system
962 group system
963 oneshot
964
965service servicemanager /system/bin/servicemanager
966 class core
967 user system
968 group system
969 critical
970 onrestart restart healthd
971 onrestart restart zygote
972 onrestart restart media
973 onrestart restart surfaceflinger
974 onrestart restart drm
975 onrestart restart sensorhubservice
976 onrestart restart keystore
977
978service vold /system/bin/vold
979 class core
980 socket vold stream 0660 root mount
981## Samsung ODE >>>
982 socket dir_enc_report stream 0660 root mount
983## Samsung ODE <<<
984 ioprio be 2
985
986## Frigatebird
987 socket frigate stream 0660 system system
988
989service epmd /system/bin/epmd
990 class main
991 socket epm stream 0660 system system
992 socket ppm stream 0660 system system
993 ioprio be 2
994
995service netd /system/bin/netd
996 class main
997 socket netd stream 0660 root system
998 socket dnsproxyd stream 0660 root inet
999 socket mdns stream 0660 root system
1000 socket fwmarkd stream 0660 root inet
1001
1002service debuggerd /system/bin/debuggerd
1003 class main
1004
1005service ril-daemon /system/bin/rild
1006 class main
1007 socket rild stream 660 root radio
1008 socket rild-debug stream 660 radio system
1009 user root
1010 group radio cache inet misc audio sdcard_rw qcom_diag log
1011
1012service surfaceflinger /system/bin/surfaceflinger
1013 class core
1014 user system
1015 group graphics drmrpc
1016 onrestart restart zygote
1017
1018service DR-daemon /system/bin/ddexe
1019 class main
1020 user root
1021 group system radio inet net_raw
1022
1023service SMD-daemon /system/bin/smdexe
1024 class main
1025 user root
1026 group system radio inet net_raw
1027
1028service BCS-daemon /system/bin/connfwexe
1029 class main
1030 user root
1031 group system radio inet net_raw
1032
1033service drm /system/bin/drmserver
1034 class main
1035 user drm
1036# [ SEC_MM_DRM
1037# fix
1038 group drm system inet drmrpc radio
1039# org
1040# group drm system inet drmrpc
1041# ]
1042
1043service media /system/bin/mediaserver
1044 class main
1045 user media
1046 group system audio camera inet net_bt net_bt_admin net_raw net_bw_acct drmrpc mediadrm qcom_diag radio media_rw
1047 ioprio rt 4
1048
1049# One shot invocation to deal with encrypted volume.
1050service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
1051 disabled
1052 oneshot
1053 # vold will set vold.decrypt to trigger_restart_framework (default
1054 # encryption) or trigger_restart_min_framework (other encryption)
1055
1056# One shot invocation to encrypt unencrypted volumes
1057service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
1058 disabled
1059 oneshot
1060 # vold will set vold.decrypt to trigger_restart_framework (default
1061 # encryption)
1062
1063service bootanim /system/bin/bootanimation
1064 class core
1065 user graphics
1066 group graphics audio
1067 disabled
1068 oneshot
1069
1070service installd /system/bin/installd
1071 class main
1072 socket installd stream 600 system system
1073
1074service flash_recovery /system/bin/install-recovery.sh
1075 class main
1076 seclabel u:r:install_recovery:s0
1077 oneshot
1078 disabled
1079
1080# update recovery if enabled
1081on property:persist.sys.recovery_update=true
1082 start flash_recovery
1083
1084service racoon /system/bin/racoon
1085 class main
1086 socket racoon stream 600 system system
1087 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
1088 group vpn net_admin inet
1089 disabled
1090 oneshot
1091
1092service mtpd /system/bin/mtpd
1093 class main
1094 socket mtpd stream 600 system system
1095 user vpn
1096 group vpn net_admin inet net_raw
1097 disabled
1098 oneshot
1099
1100service keystore /system/bin/keystore /data/misc/keystore
1101 class main
1102 user keystore
1103 group keystore drmrpc system
1104 disabled
1105
1106service dumpstate /system/bin/dumpstate -s
1107 class main
1108 socket dumpstate stream 0660 shell log
1109 disabled
1110 oneshot
1111
1112service mdnsd /system/bin/mdnsd
1113 class main
1114 user mdnsr
1115 group inet net_raw
1116 socket mdnsd stream 0660 mdnsr inet
1117 disabled
1118 oneshot
1119
1120service pre-recovery /system/bin/uncrypt
1121 class main
1122 disabled
1123 oneshot
1124
1125# otp
1126service otp /system/bin/otp_server
1127 user system
1128 group system
1129 disabled
1130
1131on property:persist.security.tlc.otp=1
1132 start otp
1133 setprop persist.security.tlc.otp 0
1134
1135# ccm
1136 service ccm /system/bin/tlc_server
1137 user system
1138 group system
1139 disabled
1140
1141on property:persist.security.tlc.ccm=1
1142 start ccm
1143 setprop persist.security.tlc.ccm 0
1144
1145# tui
1146 service tui /system/bin/tlc_server TUI
1147 user system
1148 group system
1149 disabled
1150
1151on property:persist.security.tlc.tui=1
1152 start tui
1153 setprop persist.security.tlc.tui 0
1154
1155# CS DAEMON
1156service cs_service /system/bin/cs
1157 class main
1158 user system
1159 group system
1160 disabled
1161
1162# insthk
1163service insthk /system/bin/insthk
1164 class main
1165 user root
1166 disabled
1167 oneshot
1168
1169on property:sys.qseecomd.enable=true
1170 start cs_service
1171 start keystore
1172 start insthk
1173
1174service mcStarter /system/bin/tbaseLoader tbase
1175 class core
1176 user root
1177 group root
1178 disabled
1179 oneshot
1180
1181service run-mobicore /system/bin/mcDriverDaemon
1182 class core
1183 user system
1184 group system
1185 disabled
1186
1187on property:sys.qseecomd.enable=true
1188 start mcStarter
1189
1190on property:sys.mobicore.loaded=true
1191 start run-mobicore
1192
1193on property:sys.boot_completed=1
1194 write /sys/block/mmcblk0/queue/scheduler cfq
1195
1196# icd
1197on property:init.svc.media=restarting
1198 check_icd
1199 start icd
1200
1201# Activate Background Compaction
1202on property:sys.sysctl.compact_memory=1
1203 write /proc/sys/vm/compact_memory 1
1204 setprop sys.sysctl.compact_memory=0