rootdir/etc/init.rc

# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#

import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.${ro.zygote}.rc
import /init.trace.rc
import /init.sec_debug.rc
import /init.carrier.rc
import /init.rilcommon.rc
import /init.container.rc
# Include CM's extra init file
import /init.cm.rc


on early-init
    # Set init and its forked children's oom_adj.
    write /proc/1/oom_score_adj -1000

    # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
    write /sys/fs/selinux/checkreqprot 0

    # Set the security context for the init process.
    # This should occur before anything else (e.g. ueventd) is started.
    setcon u:r:init:s0

    # Set the security context of /adb_keys if present.
    restorecon /adb_keys

    start ueventd

    # create mountpoints
    mkdir /mnt 0775 root system

on init
    sysclktz 0

    loglevel 3

    # SEC_SELINUX
    # for audit message
    chown system system /proc/avc_msg
    chmod 0660 /proc/avc_msg

    # Backward compatibility
    symlink /system/etc /etc
    symlink /sys/kernel/debug /d
# permission for CHARGING
   chown system radio /sys/class/power_supply/battery/batt_discharging_check
   chown system radio /sys/class/power_supply/battery/batt_discharging_check_adc
   chown system radio /sys/class/power_supply/battery/batt_discharging_ntc
   chown system radio /sys/class/power_supply/battery/batt_discharging_ntc_adc
   chown system radio /sys/class/power_supply/battery/batt_self_discharging_control

    chown system radio /sys/class/sec/switch/otg_test
    chown system radio /sys/class/sec/switch/uart_en


    # Right now vendor lives on the same filesystem as system,
    # but someday that may change.
    symlink /system/vendor /vendor

    # Create cgroup mount point for cpu accounting
    mkdir /acct
    mount cgroup none /acct cpuacct
    mkdir /acct/uid

    # Create cgroup mount point for memory
    mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
    mkdir /sys/fs/cgroup/memory 0750 root system
    mount cgroup none /sys/fs/cgroup/memory memory
    write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
    chown root system /sys/fs/cgroup/memory/tasks
    chmod 0660 /sys/fs/cgroup/memory/tasks
    mkdir /sys/fs/cgroup/memory/sw 0750 root system
    write /sys/fs/cgroup/memory/sw/memory.swappiness 100
    write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
    chown root system /sys/fs/cgroup/memory/sw/tasks
    chmod 0660 /sys/fs/cgroup/memory/sw/tasks
    chmod 0220 /sys/fs/cgroup/memory/cgroup.event_control

    mkdir /system
    mkdir /data 0771 system system
    mkdir /cache 0770 system cache
    mkdir /config 0500 root root
    mkdir /efs 0771 system radio

    # See storage config details at http://source.android.com/tech/storage/
    mkdir /mnt/shell 0700 shell shell
    mkdir /mnt/media_rw 0700 media_rw media_rw
    mkdir /storage 0751 root sdcard_r

    # Directory for putting things only root should see.
    mkdir /mnt/secure 0700 root root

    symlink /dev/block/platform/7824900.sdhci/by-name/persistent /dev/block/persistent

    # Directory for staging bindmounts
    mkdir /mnt/secure/staging 0700 root root

    # Directory-target for where the secure container
    # imagefile directory will be bind-mounted
    mkdir /mnt/secure/asec  0700 root root

    # Secure container public mount points.
    mkdir /mnt/asec  0700 root system
    mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000

    # Filesystem image public mount points.
    mkdir /mnt/obb 0700 root system
    mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000

    # memory control cgroup
    mkdir /dev/memcg 0700 root system
    mount cgroup none /dev/memcg memory

    write /proc/sys/kernel/panic_on_oops 1
    write /proc/sys/kernel/hung_task_timeout_secs 0
    write /proc/cpu/alignment 4
    write /proc/sys/kernel/sched_latency_ns 10000000
    write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
    write /proc/sys/kernel/sched_compat_yield 1
    write /proc/sys/kernel/sched_child_runs_first 0
    write /proc/sys/kernel/randomize_va_space 2
    write /proc/sys/kernel/kptr_restrict 2
    write /proc/sys/vm/mmap_min_addr 32768
    write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
    write /proc/sys/net/unix/max_dgram_qlen 300
    write /proc/sys/kernel/sched_rt_runtime_us 950000
    write /proc/sys/kernel/sched_rt_period_us 1000000

    # reflect fwmark from incoming packets onto generated replies
    write /proc/sys/net/ipv4/fwmark_reflect 1
    write /proc/sys/net/ipv6/fwmark_reflect 1

    # set fwmark on accepted sockets
    write /proc/sys/net/ipv4/tcp_fwmark_accept 1

    # Create cgroup mount points for process groups
    mkdir /dev/cpuctl
    mount cgroup none /dev/cpuctl cpu
    chown system system /dev/cpuctl
    chown system system /dev/cpuctl/tasks
    chmod 0660 /dev/cpuctl/tasks
    write /dev/cpuctl/cpu.shares 1024
    write /dev/cpuctl/cpu.rt_runtime_us 950000
    write /dev/cpuctl/cpu.rt_period_us 1000000  

    mkdir /dev/cpuctl/apps
    chown system system /dev/cpuctl/apps/tasks
    chmod 0666 /dev/cpuctl/apps/tasks
    write /dev/cpuctl/apps/cpu.shares 1024
    write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
    write /dev/cpuctl/apps/cpu.rt_period_us 1000000

    mkdir /dev/cpuctl/apps/bg_non_interactive
    chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
    chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
    # 5.0 %
    write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
    
    # Create cgroup mount points for process groups
    mkdir /dev/cpuctl
    mount cgroup none /dev/cpuctl cpu
    chown system system /dev/cpuctl
    chown system system /dev/cpuctl/tasks
    chmod 0666 /dev/cpuctl/tasks
    write /dev/cpuctl/cpu.shares 1024
    write /dev/cpuctl/cpu.rt_runtime_us 800000
    write /dev/cpuctl/cpu.rt_period_us 1000000

    mkdir /dev/cpuctl/bg_non_interactive
    chown system system /dev/cpuctl/bg_non_interactive/tasks
    chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
    # 5.0 %
    write /dev/cpuctl/bg_non_interactive/cpu.shares 52
    write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
    write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000

    # qtaguid will limit access to specific data based on group memberships.
    #   net_bw_acct grants impersonation of socket owners.
    #   net_bw_stats grants access to other apps' detailed tagged-socket stats.
    chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
    chown root net_bw_stats /proc/net/xt_qtaguid/stats

    # Allow everybody to read the xt_qtaguid resource tracking misc dev.
    # This is needed by any process that uses socket tagging.
    chmod 0644 /dev/xt_qtaguid

    # Create location for fs_mgr to store abbreviated output from filesystem
    # checker programs.
    mkdir /dev/fscklogs 0770 root system

    # pstore/ramoops previous console log
    mount pstore pstore /sys/fs/pstore
    chown system log /sys/fs/pstore/console-ramoops
    chmod 0440 /sys/fs/pstore/console-ramoops

# Healthd can trigger a full boot from charger mode by signaling this
# property when the power button is held.
on property:sys.boot_from_charger_mode=1
    class_stop charger
    trigger late-init

# Load properties from /system/ + /factory after fs mount.
on load_all_props_action
    load_all_props

# Indicate to fw loaders that the relevant mounts are up.
on firmware_mounts_complete
    rm /dev/.booting

# Mount filesystems and start core system services.
on late-init
    trigger early-fs
    trigger fs
    trigger post-fs
    trigger post-fs-data

    # Load properties from /system/ + /factory after fs mount. Place
    # this in another action so that the load will be scheduled after the prior
    # issued fs triggers have completed.
    trigger load_all_props_action

    # Remove a file to wake up anything waiting for firmware.
    trigger firmware_mounts_complete

    trigger early-boot
    trigger boot


on post-fs
    # once everything is setup, no need to modify /
    mount rootfs rootfs / ro remount
    # mount shared so changes propagate into child namespaces
    mount rootfs rootfs / shared rec

    # We chown/chmod /cache again so because mount is run as root + defaults
    chown system cache /cache
    chmod 0770 /cache
    # We restorecon /cache in case the cache partition has been reset.
    restorecon_recursive /cache

    # This may have been created by the recovery system with odd permissions
    chown system cache /cache/recovery
    chmod 0770 /cache/recovery

    #change permissions on vmallocinfo so we can grab it from bugreports
    chown root log /proc/vmallocinfo
    chmod 0440 /proc/vmallocinfo

    chown root log /proc/slabinfo
    chmod 0440 /proc/slabinfo

    #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
    chown root system /proc/kmsg
    chmod 0440 /proc/kmsg
    chown root system /proc/sysrq-trigger
    chmod 0220 /proc/sysrq-trigger
    chown system log /proc/last_kmsg
    chmod 0440 /proc/last_kmsg

    # make the selinux kernel policy world-readable
    chmod 0444 /sys/fs/selinux/policy

    # create the lost+found directories, so as to enforce our permissions
    mkdir /cache/lost+found 0770 root root

on post-fs-data
    # sec_efs_file
    mkdir /efs/sec_efs 0775 radio system

    # We chown/chmod /data again so because mount is run as root + defaults
    chown system system /data
    chmod 0771 /data
    # We restorecon /data in case the userdata partition has been reset.
    restorecon /data
    restorecon_recursive /data/media

    # Avoid predictable entropy pool. Carry over entropy from previous boot.
    copy /data/system/entropy.dat /dev/urandom

    # Create dump dir and collect dumps.
    # Do this before we mount cache so eventually we can use cache for
    # storing dumps on platforms which do not have a dedicated dump partition.
    mkdir /data/dontpanic 0750 root log

    # Collect apanic data, free resources and re-arm trigger
    copy /proc/apanic_console /data/dontpanic/apanic_console
    chown root log /data/dontpanic/apanic_console
    chmod 0640 /data/dontpanic/apanic_console

    copy /proc/apanic_threads /data/dontpanic/apanic_threads
    chown root log /data/dontpanic/apanic_threads
    chmod 0640 /data/dontpanic/apanic_threads

    write /proc/apanic_console 1

    # create basic filesystem structure
    mkdir /data/misc 01771 system misc
    mkdir /data/misc/adb 02750 system shell
	# SEC_SELINUX
    mkdir /data/misc/audit 02775 audit system
    mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
    mkdir /data/misc/bluetooth 0770 system system
    mkdir /data/misc/keystore 0700 keystore keystore
    mkdir /data/misc/keychain 0771 system system
    mkdir /data/misc/net 0750 root shell
    mkdir /data/misc/radio 0771 system radio
    mkdir /data/misc/sms 0770 system radio
    mkdir /data/misc/zoneinfo 0775 system system
    mkdir /data/misc/vpn 0770 system vpn
    mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
    mkdir /data/misc/systemkeys 0700 system system
    mkdir /data/misc/wifi 0770 wifi system
    mkdir /data/misc/wifi/sockets 0770 wifi wifi
    mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
    mkdir /data/misc/wifi_share_profile 0771 wifi system
    mkdir /data/misc/wifi_sns_patch 0770 wifi system
    mkdir /data/misc/wifi_hostapd 0771 wifi system
    mkdir /data/misc/ethernet 0770 system system
    mkdir /data/misc/dhcp 0770 dhcp dhcp
    mkdir /data/misc/user 0771 root root
    # give system access to wpa_supplicant.conf for backup and restore
    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
    chown system wifi /data/misc/wifi/wpa_supplicant.conf
    mkdir /data/local 0751 root root
    mkdir /data/misc/media 0700 media media
    
    mkdir /data/misc/radio/hatp 0755 radio system

    # icd
    check_icd
    chown system system /dev/icd
    chmod 0644 /dev/icd
    chown system system /dev/icdr
    chmod 0644 /dev/icdr
    chown system system /dev/tzic
    restorecon /dev/icd
    restorecon /dev/icdr

    mkdir /data/misc/radio/hatp 0755 radio system
    # vpnclient
    mkdir /data/misc/vpnclientd 0770 system system

    # h2k permission
    mkdir /efs/cpk 0771 radio system
    chmod 0644 /efs/redata.bin
    chmod 0644 /efs/cpk/redata.bin
    chown radio radio /efs/h2k.dat
    chown radio radio /efs/cpk/h2k.dat
    chmod 0644 /efs/h2k.dat
    chmod 0644 /efs/cpk/h2k.dat
    chown system system /efs/drm/h2k

    # For security reasons, /data/local/tmp should always be empty.
    # Do not place files or directories in /data/local/tmp
    mkdir /data/local/tmp 0771 shell shell
    mkdir /data/data 0771 system system
    mkdir /data/app-private 0771 system system
    mkdir /data/app-asec 0700 root root
    mkdir /data/app-lib 0771 system system
    mkdir /data/app 0771 system system
    mkdir /data/property 0700 root root

    # SA, System SW, SAMSUNG
    # create log directory
    mkdir /data/log 0775 system log
    chown system log /data/log
    mkdir /data/anr 0775 system system
    chown system system /data/anr
    chmod 0775 /data/log
    chmod 0775 /data/anr
    restorecon /data/log
    restorecon /data/anr

# Mobicore
    mkdir /data/app/mcRegistry 0775 system system
    mkdir /efs/TEE  0770 radio system

    chmod 700 /dev/mobicore
    chmod 666 /dev/mobicore-user
    chown system system /dev/mobicore
    chown radio system /dev/mobicore-user
    export MC_AUTH_TOKEN_PATH /efs

    # create dalvik-cache, so as to enforce our permissions
    mkdir /data/dalvik-cache 0771 root root
    mkdir /data/dalvik-cache/profiles 0711 system system

    # create resource-cache and double-check the perms
    mkdir /data/resource-cache 0771 system system
    chown system system /data/resource-cache
    chmod 0771 /data/resource-cache

    # create the lost+found directories, so as to enforce our permissions
    mkdir /data/lost+found 0770 root root

    # create directory for DRM plug-ins - give drm the read/write access to
    # the following directory.
    mkdir /data/drm 0770 drm drm

    # create directory for MediaDrm plug-ins - give drm the read/write access to
    # the following directory.
    mkdir /data/mediadrm 0770 mediadrm mediadrm

    mkdir /data/adb 0700 root root

    #create uibc dir
    mkdir /dev/socket/uibc 0777 media system
    chown media system /dev/socket/uibc
    chmod 0775 /dev/socket/uibc

# DRK permission
    mkdir /efs/prov 0770 radio system
    mkdir /efs/prov_data 0770 radio system
    chown radio system /efs/prov_data/dev_root
    chmod 0770 /efs/prov_data/dev_root
    chown radio system /efs/prov_data/dev_root/dev_root.dat
    chmod 0640 /efs/prov_data/dev_root/dev_root.dat
    chown radio system /efs/prov/libdevkm.lock
    chmod 0660 /efs/prov/libdevkm.lock
    rm /efs/prov/prov.b00
    rm /efs/prov/prov.b01
    rm /efs/prov/prov.b02
    rm /efs/prov/prov.b03
    rm /efs/prov/prov.mdt
# CS socket
    mkdir /dev/socket/cs_socket 0770 system system
    
# [ SEC_MM_DRM
    # OMA DB directory creation
    mkdir /data/system/databases 0775
    chown system system /data/system/databases
    chmod 0775 /data/system/databases

    # DRM directory creation
    mkdir /system/etc/security/.drm 0775
    chown root root /system/etc/security/.drm
    chmod 0775 /system/etc/security/.drm

    # Added for Playready DRM Support
    mkdir /data/data/.drm 0775
    chown drm system /data/data/.drm
    chmod 0775 /data/data/.drm
    mkdir /data/data/.drm/.playready 0775
    chown drm system /data/data/.drm/.playready
    chmod 0775 /data/data/.drm/.playready

    # Added drm folder to copy drm plugins
    mkdir /system/lib/drm 0775
    chown root root /system/lib/drm
    chmod 0775 /system/lib/drm

    restorecon -R /efs
    restorecon -R /carrier
    restorecon_recursive /data/misc/keystore
    restorecon_recursive /data/property
    restorecon_recursive /data/security
# ]

	# MTP device permission
	chmod 0660 /dev/usb_mtp_gadget
	chown system mtp /dev/usb_mtp_gadget
    mkdir /dev/socket/mtp 0770 system mtp

    # symlink to bugreport storage location
    symlink /data/data/com.android.shell/files/bugreports /data/bugreports

    # Separate location for storing security policy files on data
    mkdir /data/security 0711 system system

    # Reload policy from /data/security if present.
    setprop selinux.reload_policy 1

    # SA, System SW, SAMSUNG create log directory
    mkdir /data/log 0775 system log
    chown system log /data/log
    mkdir /data/anr 0775 system system
    chown system system /data/anr
    chmod 0775 /data/log
    chmod 0775 /data/anr
    restorecon /data/log
    restorecon /data/anr

    # Set SELinux security contexts on upgrade or policy update.
    restorecon_recursive /data
    restorecon /data/data
    restorecon /data/user
    restorecon /data/user/0

    # If there is no fs-post-data action in the init.<device>.rc file, you
    # must uncomment this line, otherwise encrypted filesystems
    # won't work.
    # Set indication (checked by vold) that we have finished this action
    #setprop vold.post_fs_data_done 1

# Downloadable Filter
    mkdir /data/DownFilters       0775 system system
    mkdir /data/DownFilters/Lib   0775 system system
    mkdir /data/DownFilters/Lib64 0775 system system

    #SideSync
    chown system system /dev/android_ssusbcon
    chmod 0660 /dev/android_ssusbcon

on boot

# Mobicore
    mkdir /data/app/mcRegistry 0775 system system

    # basic network init
    ifup lo
    hostname localhost
    domainname localdomain

    # set RLIMIT_NICE to allow priorities from 19 to -20
    setrlimit 13 40 40

    # Memory management.  Basic kernel parameters, and allow the high
    # level system server to be able to adjust the kernel OOM driver
    # parameters to match how it is managing things.
    write /proc/sys/vm/overcommit_memory 1
    write /proc/sys/vm/min_free_order_shift 4
    chown root system /sys/module/lowmemorykiller/parameters/adj
    chmod 0220 /sys/module/lowmemorykiller/parameters/adj
    chown root system /sys/module/lowmemorykiller/parameters/minfree
    chmod 0220 /sys/module/lowmemorykiller/parameters/minfree

    # Tweak background writeout
    write /proc/sys/vm/dirty_expire_centisecs 200
    write /proc/sys/vm/dirty_background_ratio  5

    # permission for Input Device(TSP).
    chown system radio /sys/class/sec/tsp/cmd
    chmod 0660 /sys/class/sec/tsp/input/enabled
    chown system system /sys/class/sec/tsp/input/enabled

    # permission for Input Device(TKEY).
    chmod 0660 /sys/class/sec/sec_touchkey/input/enabled
    chown system system /sys/class/sec/sec_touchkey/input/enabled
    chown system system /sys/class/sec/sec_touchkey/brightness

    # Permissions for System Server and daemons.
    chown radio system /sys/android_power/state
    chown radio system /sys/android_power/request_state
    chown radio system /sys/android_power/acquire_full_wake_lock
    chown radio system /sys/android_power/acquire_partial_wake_lock
    chown radio system /sys/android_power/release_wake_lock
    chown system system /sys/power/autosleep
    chown system system /sys/power/state
    chown system system /sys/power/wakeup_count
    chown radio system /sys/power/wake_lock
    chown radio system /sys/power/wake_unlock
    chmod 0660 /sys/power/state
    chmod 0660 /sys/power/wake_lock
    chmod 0660 /sys/power/wake_unlock
    chown system system /sys/module/msm_thermal/core_control/enabled

# SEC DVFS sysfs node
    chown radio system /sys/power/cpufreq_max_limit
    chown radio system /sys/power/cpufreq_min_limit
    chown radio system /sys/power/cpufreq_table
    chmod 664 /sys/power/cpufreq_max_limit
    chmod 664 /sys/power/cpufreq_min_limit
    chmod 664 /sys/power/cpufreq_table

    chown radio system /sys/devices/system/cpu/kernel_max
    chmod 664 /sys/devices/system/cpu/kernel_max

    chown radio system /sys/class/kgsl/kgsl-3d0/max_pwrlevel
    chmod 664  /sys/class/kgsl/kgsl-3d0/max_pwrlevel
    chown radio system /sys/class/kgsl/kgsl-3d0/min_pwrlevel
    chmod 664  /sys/class/kgsl/kgsl-3d0/min_pwrlevel
    chown radio system /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
    chmod 664  /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies

# Permissions for SSRM
    chmod 0664 /sys/devices/platform/sec-thermistor/temperature
    chmod 0664 /sys/class/power_supply/battery/siop_level
    chmod 0664 /sys/class/power_supply/battery/test_charge_current
    chown radio system /sys/devices/platform/sec-thermistor/temperature
    chown radio system /sys/class/power_supply/battery/siop_level
    chown radio system /sys/class/power_supply/battery/test_charge_current

    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
    chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
    chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
    chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
    chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq

    # Assume SMP uses shared cpufreq policy for all CPUs
    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq

    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/class/leds/keyboard-backlight/brightness
    chown system system /sys/class/leds/lcd-backlight/brightness
    chown system system /sys/class/leds/button-backlight/brightness
    chown system system /sys/class/leds/jogball-backlight/brightness
    chown system system /sys/class/leds/red/brightness
    chown system system /sys/class/leds/green/brightness
    chown system system /sys/class/leds/blue/brightness
    chown system system /sys/class/leds/red/device/grpfreq
    chown system system /sys/class/leds/red/device/grppwm
    chown system system /sys/class/leds/red/device/blink
    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/module/sco/parameters/disable_esco
    chown system system /sys/kernel/ipv4/tcp_wmem_min
    chown system system /sys/kernel/ipv4/tcp_wmem_def
    chown system system /sys/kernel/ipv4/tcp_wmem_max
    chown system system /sys/kernel/ipv4/tcp_rmem_min
    chown system system /sys/kernel/ipv4/tcp_rmem_def
    chown system system /sys/kernel/ipv4/tcp_rmem_max
    chown root radio /proc/cmdline

# Assign TCP buffer thresholds to be ceiling value of technology maximums
# Increased technology maximums should be reflected here.
    write /proc/sys/net/core/rmem_max  1048576
    write /proc/sys/net/core/wmem_max  2097152


# Auto Brightness
	chown system system  /sys/class/backlight/panel/auto_brightness
	chmod 0660 /sys/class/backlight/panel/auto_brightness

# LCD mdnie and panel work
	chown system system  /sys/class/mdnie/mdnie/lcdtype
	chown system system  /sys/class/mdnie/mdnie/lcd_power
	chown system media_rw /sys/class/mdnie/mdnie/scenario
	chmod 0660 /sys/class/mdnie/mdnie/scenario

	chown system system /sys/class/mdnie/mdnie/tuning
	chown system media_rw /sys/class/mdnie/mdnie/outdoor
	chown system system  /sys/class/mdnie/mdnie/mdnie_temp
	chown system media_rw /sys/class/mdnie/mdnie/mode
	chown system system /sys/class/mdnie/mdnie/negative
	chown system media_rw /sys/class/mdnie/mdnie/playspeed
	chown system media_rw /sys/class/mdnie/mdnie/accessibility
	chown system system  /sys/class/mdnie/mdnie/cabc
	chown system system  /sys/class/mdnie/mdnie/bypass
	chown system media_rw /sys/class/mdnie/mdnie/sensorRGB
	chmod 0660 /sys/class/mdnie/mdnie/sensorRGB

	chown system system /sys/class/lcd/panel/panel/auto_brightness
	chown system system /sys/class/lcd/panel/window_type
	chown radio system /sys/class/lcd/panel/power_reduce
	chown radio system /sys/class/lcd/panel/siop_enable
	chown radio system /sys/class/lcd/panel/temperature
	chown radio system /sys/class/lcd/panel/tuning
	chown radio system /sys/class/lcd/panel/lux

    chown radio system /sys/class/lcd/panel/partial_disp
    chmod 0660 /sys/class/lcd/panel/partial_disp

# Adjust YUV to RGB Conversion(CSC_Conversion)
    chown system media_rw /sys/class/graphics/fb0/csc_cfg
    chmod 0660 /sys/class/graphics/fb0/csc_cfg
	
# permission for Input Device(TSP).
    chown system radio /sys/class/sec/tsp/cmd
    chmod 0660 /sys/class/sec/tsp/input/enabled
    chown system system /sys/class/sec/tsp/input/enabled

# permission for Input Device(TKEY).
    chmod 0660 /sys/class/sec/sec_touchkey/input/enabled
    chown system system /sys/class/sec/sec_touchkey/input/enabled

# permission for TKEY LED EN
    chmod 0660 /sys/class/sec/sec_touchkey/brightness
    chown system system /sys/class/sec/sec_touchkey/brightness

# Permissions for gpio_keys
    chown system radio /sys/class/sec/sec_key/wakeup_keys
    write /sys/class/sec/sec_key/wakeup_keys 116,172

    # Permissions for System Server and daemons.
    chown radio system /sys/android_power/state
    chown radio system /sys/android_power/request_state
    chown radio system /sys/android_power/acquire_full_wake_lock
    chown radio system /sys/android_power/acquire_partial_wake_lock
    chown radio system /sys/android_power/release_wake_lock
    chown system system /sys/power/autosleep
    chown system system /sys/power/state
    chown system system /sys/power/wakeup_count
    chown radio system /sys/power/wake_lock
    chown radio system /sys/power/wake_unlock
    chmod 0660 /sys/power/state
    chmod 0660 /sys/power/wake_lock
    chmod 0660 /sys/power/wake_unlock
    chown system system /sys/module/msm_thermal/core_control/enabled

    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
    chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
    chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
    chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
    chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy

    # Assume SMP uses shared cpufreq policy for all CPUs
    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq

    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/class/leds/keyboard-backlight/brightness
    chown system system /sys/class/leds/lcd-backlight/brightness
    chown system system /sys/class/leds/torch-light/brightness
    chown system system /sys/class/leds/button-backlight/brightness
    chown system system /sys/class/leds/jogball-backlight/brightness
    chown system system /sys/class/leds/red/brightness
    chown system system /sys/class/leds/green/brightness
    chown system system /sys/class/leds/blue/brightness
    chown system system /sys/class/leds/red/device/grpfreq
    chown system system /sys/class/leds/red/device/grppwm
    chown system system /sys/class/leds/red/device/blink
    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/module/sco/parameters/disable_esco
    chown system system /sys/kernel/ipv4/tcp_wmem_min
    chown system system /sys/kernel/ipv4/tcp_wmem_def
    chown system system /sys/kernel/ipv4/tcp_wmem_max
    chown system system /sys/kernel/ipv4/tcp_rmem_min
    chown system system /sys/kernel/ipv4/tcp_rmem_def
    chown system system /sys/kernel/ipv4/tcp_rmem_max
    chown root radio /proc/cmdline
    
###############################################################################
# System LSI
# Comment : add permission to device driver
# NFC : Permissions for NFC
    chmod 0660 /dev/sec-nfc
# NFC : change owner
    chown nfc nfc /dev/sec-nfc
# NFC : create data/nfc for nv storage
    mkdir /data/nfc 0700 nfc nfc
    mkdir /data/nfc/param 0700 nfc nfc

    chmod 0660 /dev/pn547
# NFC : change owner
    chown nfc nfc /dev/pn547
# NFC : create data/nfc for nv storage
    mkdir /data/nfc 0700 nfc nfc
    mkdir /data/nfc/param 0700 nfc nfc
###############################################################################

  # Permissions for Camera
    chown system system /sys/class/camera/rear/isp_core
    chown system system /sys/class/camera/rear/rear_camfw_full
    chown system system /sys/class/camera/rear/rear_camfw
    chown system system /sys/class/camera/rear/rear_camtype
    chown system radio /sys/class/camera/flash/rear_flash
    chown system system /sys/class/camera/front/front_camfw
    chown system system /sys/class/camera/front/front_camtype
    chown system system /sys/class/camera/front/front_camfw_full
    chown system system /sys/class/camera/front/front_camfw_load
    chown system system /sys/class/camera/rear/rear_checkfw_user
    chown system system /sys/class/camera/rear/rear_checkfw_factory

#OTG Test
    chown system radio /sys/class/host_notify/usb_otg/booster
    chmod 0660 /sys/class/host_notify/usb_otg/booster

# Accelerometer_sensor
    chown system radio /sys/class/sensors/accelerometer_sensor/raw_data
    chown system radio /sys/class/sensors/accelerometer_sensor/calibration
    chown system radio /sys/class/sensors/accelerometer_sensor/reactive_alert
    chown system radio /sys/class/sensors/accelerometer_sensor/vendor
    chown system radio /sys/class/sensors/accelerometer_sensor/name
    chown system radio /sys/class/sensors/accelerometer_sensor/selftest
    chown system radio /sys/class/sensors/accelerometer_sensor/lowpassfilter
# Proximity_sensor
    chown system radio /sys/class/sensors/proximity_sensor/state
    chown system radio /sys/class/sensors/proximity_sensor/raw_data
    chown system radio /sys/class/sensors/proximity_sensor/prox_avg
    chown system radio /sys/class/sensors/proximity_sensor/prox_cal
    chown system radio /sys/class/sensors/proximity_sensor/vendor
    chown system radio /sys/class/sensors/proximity_sensor/name
    chown system radio /sys/class/sensors/proximity_sensor/thresh_high
    chown system radio /sys/class/sensors/proximity_sensor/thresh_low
    chown system radio /sys/class/sensors/proximity_sensor/prox_offset_pass
    chown system radio /sys/class/sensors/proximity_sensor/prox_trim
# Light_sensor
    chown system radio /sys/class/sensors/light_sensor/lux
    chown system radio /sys/class/sensors/light_sensor/raw_data
    chown system radio /sys/class/sensors/light_sensor/vendor
    chown system radio /sys/class/sensors/light_sensor/name
# Gyro_sensor
    chown system radio /sys/class/sensors/gyro_sensor/power_on
    chown system radio /sys/class/sensors/gyro_sensor/power_off
    chown system radio /sys/class/sensors/gyro_sensor/temperature
    chown system radio /sys/class/sensors/gyro_sensor/selftest
    chown system radio /sys/class/sensors/gyro_sensor/vendor
    chown system radio /sys/class/sensors/gyro_sensor/name
# Magnetic_sensor
    chown system radio /sys/class/sensors/magnetic_sensor/selftest
    chown system radio /sys/class/sensors/magnetic_sensor/raw_data
    chown system radio /sys/class/sensors/magnetic_sensor/adc
    chown system radio /sys/class/sensors/magnetic_sensor/vendor
    chown system radio /sys/class/sensors/magnetic_sensor/name
    chown system radio /sys/class/sensors/magnetic_sensor/status
# MetaEvent
    chown system radio /sys/class/sensors/sensor_dev/flush

# Permissions for Charging
	mkdir /efs/Battery 0775 radio system
    chown system radio /sys/class/power_supply/battery/batt_reset_soc
    chown system radio /sys/class/power_supply/battery/update
    chown system radio /sys/class/power_supply/battery/factory_mode
    chown system radio /sys/class/power_supply/battery/batt_slate_mode
    chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/call
    chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/video
    chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/music
    chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/browser
    chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/hotspot
    chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/camera
    chown system radio /sys/class/power_supply/battery/talk_wcdma
    chown system radio /sys/class/power_supply/battery/talk_gsm
    chown system radio /sys/class/power_supply/battery/call
    chown system radio /sys/class/power_supply/battery/data_call
    chown system radio /sys/class/power_supply/battery/gps
    chown system radio /sys/class/power_supply/battery/wifi
    chown system radio /sys/class/power_supply/battery/lte
    chown system radio /sys/class/power_supply/battery/wc_enable
    chown system radio /sys/class/power_supply/battery/lcd
    chown system radio /sys/class/power_supply/ps/status
    chmod 0664 /sys/class/power_supply/ps/status
    chown system radio /sys/class/power_supply/battery/batt_temp_table

    # Define default initial receive window size in segments.
    setprop net.tcp.default_init_rwnd 60

    write /sys/block/mmcblk0/queue/scheduler noop
    copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table

    class_start core

# Permission for fast dormancy for RIL
    chown system radio /sys/devices/virtual/sec/bamdmux/waketime

# Permission for a RPMB checking thru IMEI
    chown system radio /sys/kernel/debug/tzdbg/log

# MTP permission
    chmod 0660 /dev/usb_mtp_gadget
    chown system mtp /dev/usb_mtp_gadget
    mkdir /dev/socket/mtp 0770 system mtp

on nonencrypted
    class_start main
    class_start late_start

on property:vold.decrypt=trigger_default_encryption
    start defaultcrypto

on property:vold.decrypt=trigger_encryption
    start surfaceflinger
    start encrypt

on property:sys.init_log_level=*
    loglevel ${sys.init_log_level}

on charger
    mount ext4 /dev/block/bootdevice/by-name/system /system wait ro
    copy /system/etc/battery_charging_temp.data /sys/class/power_supply/battery/batt_temp_table

    wait /dev/block/bootdevice/by-name/efs
    check_fs /dev/block/bootdevice/by-name/efs ext4
    mount ext4 /dev/block/bootdevice/by-name/efs /efs nosuid nodev noatime noauto_da_alloc,discard,journal_async_commit,errors=panic
    chown system radio /efs
    chmod 0771 /efs
    mkdir /efs/Battery 0775 radio system

    class_start charger


on property:vold.decrypt=trigger_reset_main
    class_reset main

on property:vold.decrypt=trigger_load_persist_props
    load_persist_props

on property:vold.decrypt=trigger_post_fs_data
    trigger post-fs-data

on property:vold.decrypt=trigger_restart_min_framework
    class_start main

on property:vold.decrypt=trigger_restart_framework
    class_start main
    class_start late_start
	start keystore

on property:vold.decrypt=trigger_shutdown_framework
    class_reset late_start
    class_reset main

on property:sys.powerctl=*
    powerctl ${sys.powerctl}

# system server cannot write to /proc/sys files,
# and chown/chmod does not work for /proc/sys/ entries.
# So proxy writes through init.
on property:sys.sysctl.extra_free_kbytes=*
    write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}

# "tcp_default_init_rwnd" Is too long!
on property:sys.sysctl.tcp_def_init_rwnd=*
    write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}


## Daemon processes to be run by init.
##

service ueventd /sbin/ueventd
    class core
    critical
    seclabel u:r:ueventd:s0

service logd /system/bin/logd
    class core
    socket logd stream 0666 logd logd
    socket logdr seqpacket 0666 logd logd
    socket logdw dgram 0222 logd logd
    seclabel u:r:logd:s0

service healthd /sbin/healthd
    class core
    critical
    seclabel u:r:healthd:s0

service lpm  /system/bin/logwrapper /system/bin/lpm
    class charger
    critical
#start SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID
# Reload SE Android Policy for MDM
on property:persist.security.mdm.policy=1
    setprop selinux.reload_policy 1
#end SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID

service console /system/bin/sh
    class core
    console
    disabled
    user shell
    group shell log
    seclabel u:r:shell:s0

## WTL_EDM_START
## EDM AuditLog
service edmaudit /system/bin/edmaudit
    class main
    user root

## WTL_EDM_END
service auditd /system/bin/auditd -k
    seclabel u:r:logd:s0
    class main
# SEC_LINUX DRS Service
service drsd /system/bin/drsd
    class main
    socket drsd stream 600 system system


service prepare_param /system/bin/prepare_param.sh /dev/block/platform/7824900.sdhci/by-name/param
    class core
    user root
    group root
    seclabel u:r:prepare_param:s0
    oneshot

# icd
service icd /system/bin/icd
    class main
    user system
    group system log
    onrestart check_icd
    oneshot

on property:ro.debuggable=1
    start console

# SEC_SELINUX
on property:selinux.reload_policy=1
    chown system system /sys/fs/selinux/enforce
    chown -R system system /sys/fs/selinux/booleans
    chown system system /sys/fs/selinux/commit_pending_bools

# SEC_SELINUX to support spota
on property:selinux.sec.restorecon=1
    restorecon_recursive /data/security/spota

# SEC_SELINUX
on property:init.svc.bootanim=stopped
    start auditd

# adbd is controlled via property triggers in init.<platform>.usb.rc
service adbd /sbin/adbd --root_seclabel=u:r:su:s0
    class core
    socket adbd stream 660 system system
    disabled
    seclabel u:r:adbd:s0

# adbd on at boot in emulator
on property:ro.kernel.qemu=1
    start adbd

service lmkd /system/bin/lmkd
    class core
    critical
    socket lmkd seqpacket 0660 system system

service scs /system/bin/scs
    class main
    user system
    group system
    oneshot

service servicemanager /system/bin/servicemanager
    class core
    user system
    group system
    critical
    onrestart restart healthd
    onrestart restart zygote
    onrestart restart media
    onrestart restart surfaceflinger
    onrestart restart drm
    onrestart restart sensorhubservice
    onrestart restart keystore

service vold /system/bin/vold
    class core
    socket vold stream 0660 root mount
## Samsung ODE >>>
    socket dir_enc_report stream 0660 root mount
## Samsung ODE <<<
    ioprio be 2

## Frigatebird
    socket frigate stream 0660 system system

service epmd /system/bin/epmd
    class main
    socket epm stream 0660 system system
    socket ppm stream 0660 system system
    ioprio be 2

service netd /system/bin/netd
    class main
    socket netd stream 0660 root system
    socket dnsproxyd stream 0660 root inet
    socket mdns stream 0660 root system
    socket fwmarkd stream 0660 root inet

service debuggerd /system/bin/debuggerd
    class main

# icd
service icd /system/bin/icd
    class main
    user system
    group system log
    onrestart check_icd
    oneshot

service surfaceflinger /system/bin/surfaceflinger
    class core
    user system
    group graphics drmrpc
    onrestart restart zygote

service drm /system/bin/drmserver
    class main
    user drm
# [ SEC_MM_DRM
# fix
    group drm system inet drmrpc radio
# org
#    group drm system inet drmrpc
# ]

service media /system/bin/mediaserver
    class main
    user media
    group system audio camera inet net_bt net_bt_admin net_raw net_bw_acct drmrpc mediadrm qcom_diag radio media_rw 
    ioprio rt 4

# One shot invocation to deal with encrypted volume.
service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
    disabled
    oneshot
    # vold will set vold.decrypt to trigger_restart_framework (default
    # encryption) or trigger_restart_min_framework (other encryption)

# One shot invocation to encrypt unencrypted volumes
service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
    disabled
    oneshot
    # vold will set vold.decrypt to trigger_restart_framework (default
    # encryption)

service bootanim /system/bin/bootanimation
    class core
    user graphics
    group graphics audio
    disabled
    oneshot

service installd /system/bin/installd
    class main
    socket installd stream 600 system system

service flash_recovery /system/bin/install-recovery.sh
    class main
    seclabel u:r:install_recovery:s0
    oneshot
    disabled

# update recovery if enabled
on property:persist.sys.recovery_update=true
    start flash_recovery

service racoon /system/bin/racoon
    class main
    socket racoon stream 600 system system
    # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
    group vpn net_admin inet
    disabled
    oneshot

service mtpd /system/bin/mtpd
    class main
    socket mtpd stream 600 system system
    user vpn
    group vpn net_admin inet net_raw
    disabled
    oneshot

service keystore /system/bin/keystore /data/misc/keystore
    class main
    user keystore
    group keystore drmrpc system
    disabled

service dumpstate /system/bin/dumpstate -s
    class main
    socket dumpstate stream 0660 shell log
    disabled
    oneshot

service mdnsd /system/bin/mdnsd
    class main
    user mdnsr
    group inet net_raw
    socket mdnsd stream 0660 mdnsr inet
    disabled
    oneshot

service pre-recovery /system/bin/uncrypt
    class main
    disabled
    oneshot

service SIDESYNC_service /system/bin/ss_conn_daemon
    class main
    socket ss_conn_daemon stream 0666 system system
    user system
    group inet net_raw

# otp
service otp /system/bin/otp_server
  user system
  group system 
  disabled

on property:persist.security.tlc.otp=1  
  start otp
  setprop persist.security.tlc.otp 0

# ccm
  service ccm /system/bin/tlc_server
  user system
  group system 
  disabled

on property:persist.security.tlc.ccm=1  
  start ccm
  setprop persist.security.tlc.ccm 0

# tui
  service tui /system/bin/tlc_server TUI
  user system
  group system
  disabled

on property:persist.security.tlc.tui=1
  start tui
  setprop persist.security.tlc.tui 0

# CS DAEMON
service cs_service /system/bin/cs
    class main
    user system
    group system
    disabled

# insthk
service insthk /system/bin/insthk
    class main
    user root
    disabled
    oneshot

on property:sys.qseecomd.enable=true
    start cs_service
    start keystore
    start insthk

service mcStarter /system/bin/tbaseLoader tbase
    class core
    user root
    group root
    disabled
    oneshot

service run-mobicore /system/bin/mcDriverDaemon
    class core
    user system
    group system
    disabled

on property:sys.qseecomd.enable=true
    start mcStarter

on property:sys.mobicore.loaded=true
    start run-mobicore

on property:sys.boot_completed=1
    write /sys/block/mmcblk0/queue/scheduler cfq

# icd
on property:init.svc.media=restarting
    check_icd
    start icd

# Activate Background Compaction
on property:sys.sysctl.compact_memory=1
    write /proc/sys/vm/compact_memory 1
    setprop sys.sysctl.compact_memory=0