API tools faq
paste
Advertisement
playfulgod

Untitled

playfulgod
Jan 15th, 2013
59
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.00 KB | None | 0 0
raw download clone embed print report
  1. # Copyright (C) 2012 The Android Open Source Project
  2. #
  3. # IMPORTANT: Do not create world writable files or directories.
  4. # This is a common source of Android security bugs.
  5. #
  6.  
  7. import /init.${ro.hardware}.rc
  8. import /init.usb.rc
  9. import /init.trace.rc
  10.  
  11. on early-init
  12. # Set init and its forked children's oom_adj.
  13. write /proc/1/oom_adj -16
  14.  
  15. start ueventd
  16.  
  17. # create mountpoints
  18. mkdir /mnt 0775 root system
  19.  
  20. on init
  21.  
  22. sysclktz 0
  23.  
  24. loglevel 3
  25.  
  26. # setup the global environment
  27. export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
  28. export LD_LIBRARY_PATH /vendor/lib:/system/lib
  29. export ANDROID_BOOTLOGO 1
  30. export ANDROID_ROOT /system
  31. export ANDROID_ASSETS /system/app
  32. export ANDROID_DATA /data
  33. export ASEC_MOUNTPOINT /mnt/asec
  34. export LOOP_MOUNTPOINT /mnt/obb
  35. export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/framework2.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar
  36.  
  37. # Backward compatibility
  38. symlink /system/etc /etc
  39. symlink /sys/kernel/debug /d
  40.  
  41. # Right now vendor lives on the same filesystem as system,
  42. # but someday that may change.
  43. symlink /system/vendor /vendor
  44.  
  45. # Create cgroup mount point for cpu accounting
  46. mkdir /acct
  47. mount cgroup none /acct cpuacct
  48. mkdir /acct/uid
  49.  
  50. mkdir /system
  51. mkdir /data 0771 system system
  52. mkdir /cache 0771 system cache
  53. mkdir /config 0500 root root
  54.  
  55. # Directory for putting things only root should see.
  56. mkdir /mnt/secure 0700 root root
  57.  
  58. # Directory for staging bindmounts
  59. mkdir /mnt/secure/staging 0700 root root
  60.  
  61. # Directory-target for where the secure container
  62. # imagefile directory will be bind-mounted
  63. mkdir /mnt/secure/asec 0700 root root
  64.  
  65. # Secure container public mount points.
  66. mkdir /mnt/asec 0700 root system
  67. mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
  68.  
  69. # Filesystem image public mount points.
  70. mkdir /mnt/obb 0700 root system
  71. mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
  72.  
  73. write /proc/sys/kernel/panic_on_oops 1
  74. write /proc/sys/kernel/hung_task_timeout_secs 0
  75. write /proc/cpu/alignment 4
  76. write /proc/sys/kernel/sched_latency_ns 10000000
  77. write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
  78. write /proc/sys/kernel/sched_compat_yield 1
  79. write /proc/sys/kernel/sched_child_runs_first 0
  80. write /proc/sys/kernel/randomize_va_space 2
  81. write /proc/sys/kernel/kptr_restrict 2
  82. write /proc/sys/kernel/dmesg_restrict 1
  83. write /proc/sys/vm/mmap_min_addr 32768
  84. write /proc/sys/kernel/sched_rt_runtime_us 950000
  85. write /proc/sys/kernel/sched_rt_period_us 1000000
  86.  
  87. # Create cgroup mount points for process groups
  88. mkdir /dev/cpuctl
  89. mount cgroup none /dev/cpuctl cpu
  90. chown system system /dev/cpuctl
  91. chown system system /dev/cpuctl/tasks
  92. chmod 0660 /dev/cpuctl/tasks
  93. write /dev/cpuctl/cpu.shares 1024
  94. write /dev/cpuctl/cpu.rt_runtime_us 950000
  95. write /dev/cpuctl/cpu.rt_period_us 1000000
  96.  
  97. mkdir /dev/cpuctl/apps
  98. chown system system /dev/cpuctl/apps/tasks
  99. chmod 0666 /dev/cpuctl/apps/tasks
  100. write /dev/cpuctl/apps/cpu.shares 1024
  101. write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
  102. write /dev/cpuctl/apps/cpu.rt_period_us 1000000
  103.  
  104. mkdir /dev/cpuctl/apps/bg_non_interactive
  105. chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
  106. chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
  107. # 5.0 %
  108. write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
  109. write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
  110. write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
  111.  
  112. # Allow everybody to read the xt_qtaguid resource tracking misc dev.
  113. # This is needed by any process that uses socket tagging.
  114. chmod 0644 /dev/xt_qtaguid
  115.  
  116. on fs
  117. # mount mtd partitions
  118. # Mount /system rw first to give the filesystem a chance to save a checkpoint
  119. mount yaffs2 mtd@system /system
  120. mount yaffs2 mtd@system /system ro remount
  121. mount yaffs2 mtd@userdata /data nosuid nodev
  122. mount yaffs2 mtd@cache /cache nosuid nodev
  123.  
  124. on post-fs
  125. # once everything is setup, no need to modify /
  126. mount rootfs rootfs / ro remount
  127.  
  128. # We chown/chmod /cache again so because mount is run as root + defaults
  129. chown system cache /cache
  130. chmod 0771 /cache
  131.  
  132. # This may have been created by the recovery system with odd permissions
  133. chown system cache /cache/recovery
  134. chmod 0770 /cache/recovery
  135.  
  136. #change permissions on vmallocinfo so we can grab it from bugreports
  137. chown root log /proc/vmallocinfo
  138. chmod 0440 /proc/vmallocinfo
  139.  
  140. #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
  141. chown root system /proc/kmsg
  142. chmod 0440 /proc/kmsg
  143. chown root system /proc/sysrq-trigger
  144. chmod 0220 /proc/sysrq-trigger
  145.  
  146. # create the lost+found directories, so as to enforce our permissions
  147. mkdir /cache/lost+found 0770 root root
  148.  
  149. on post-fs-data
  150. # We chown/chmod /data again so because mount is run as root + defaults
  151. chown system system /data
  152. chmod 0771 /data
  153.  
  154. # Create dump dir and collect dumps.
  155. # Do this before we mount cache so eventually we can use cache for
  156. # storing dumps on platforms which do not have a dedicated dump partition.
  157. mkdir /data/dontpanic 0750 root log
  158.  
  159. # Collect apanic data, free resources and re-arm trigger
  160. copy /proc/apanic_console /data/dontpanic/apanic_console
  161. chown root log /data/dontpanic/apanic_console
  162. chmod 0640 /data/dontpanic/apanic_console
  163.  
  164. copy /proc/apanic_threads /data/dontpanic/apanic_threads
  165. chown root log /data/dontpanic/apanic_threads
  166. chmod 0640 /data/dontpanic/apanic_threads
  167.  
  168. write /proc/apanic_console 1
  169.  
  170. # create basic filesystem structure
  171. mkdir /data/misc 01771 system misc
  172. mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
  173. mkdir /data/misc/bluetooth 0770 system system
  174. mkdir /data/misc/keystore 0700 keystore keystore
  175. mkdir /data/misc/keychain 0771 system system
  176. mkdir /data/misc/vpn 0770 system vpn
  177. mkdir /data/misc/systemkeys 0700 system system
  178. # give system access to wpa_supplicant.conf for backup and restore
  179. mkdir /data/misc/wifi 0770 wifi wifi
  180. chmod 0660 /data/misc/wifi/wpa_supplicant.conf
  181. mkdir /data/local 0751 root root
  182.  
  183. # For security reasons, /data/local/tmp should always be empty.
  184. # Do not place files or directories in /data/local/tmp
  185. mkdir /data/local/tmp 0771 shell shell
  186. mkdir /data/data 0771 system system
  187. mkdir /data/app-private 0771 system system
  188. mkdir /data/app-asec 0700 root root
  189. mkdir /data/app 0771 system system
  190. mkdir /data/property 0700 root root
  191. mkdir /data/ssh 0750 root shell
  192. mkdir /data/ssh/empty 0700 root root
  193. mkdir /data/radio 0770 radio radio
  194.  
  195. # create dalvik-cache and double-check the perms, so as to enforce our permissions
  196. mkdir /data/dalvik-cache 0771 system system
  197. chown system system /data/dalvik-cache
  198. chmod 0771 /data/dalvik-cache
  199.  
  200. # create resource-cache and double-check the perms
  201. mkdir /data/resource-cache 0771 system system
  202. chown system system /data/resource-cache
  203. chmod 0771 /data/resource-cache
  204.  
  205. # create the lost+found directories, so as to enforce our permissions
  206. mkdir /data/lost+found 0770 root root
  207.  
  208. # create directory for DRM plug-ins - give drm the read/write access to
  209. # the following directory.
  210. mkdir /data/drm 0770 drm drm
  211.  
  212. # If there is no fs-post-data action in the init.<device>.rc file, you
  213. # must uncomment this line, otherwise encrypted filesystems
  214. # won't work.
  215. # Set indication (checked by vold) that we have finished this action
  216. #setprop vold.post_fs_data_done 1
  217.  
  218. # Include extra init file
  219. import /init.cm.rc
  220.  
  221. on boot
  222. # basic network init
  223. ifup lo
  224. hostname localhost
  225. domainname localdomain
  226.  
  227. # set RLIMIT_NICE to allow priorities from 19 to -20
  228. setrlimit 13 40 40
  229.  
  230. # Memory management. Basic kernel parameters, and allow the high
  231. # level system server to be able to adjust the kernel OOM driver
  232. # parameters to match how it is managing things.
  233. write /proc/sys/vm/overcommit_memory 1
  234. write /proc/sys/vm/min_free_order_shift 4
  235. chown root system /sys/module/lowmemorykiller/parameters/adj
  236. chmod 0664 /sys/module/lowmemorykiller/parameters/adj
  237. chown root system /sys/module/lowmemorykiller/parameters/minfree
  238. chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
  239.  
  240. # Tweak background writeout
  241. write /proc/sys/vm/dirty_expire_centisecs 200
  242. write /proc/sys/vm/dirty_background_ratio 5
  243.  
  244. # Permissions for System Server and daemons.
  245. chown radio system /sys/android_power/state
  246. chown radio system /sys/android_power/request_state
  247. chown radio system /sys/android_power/acquire_full_wake_lock
  248. chown radio system /sys/android_power/acquire_partial_wake_lock
  249. chown radio system /sys/android_power/release_wake_lock
  250. chown system system /sys/power/state
  251. chown system system /sys/power/wakeup_count
  252. chown radio system /sys/power/wake_lock
  253. chown radio system /sys/power/wake_unlock
  254. chmod 0660 /sys/power/state
  255. chmod 0660 /sys/power/wake_lock
  256. chmod 0660 /sys/power/wake_unlock
  257.  
  258. chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
  259. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
  260. chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
  261. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
  262. chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
  263. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
  264. chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
  265. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
  266. chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
  267. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
  268. chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
  269. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
  270. chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
  271. chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
  272. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
  273.  
  274. # Assume SMP uses shared cpufreq policy for all CPUs
  275. chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
  276. chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
  277. chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
  278. chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
  279. chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
  280. chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
  281.  
  282. chown system system /sys/class/timed_output/vibrator/enable
  283. chown system system /sys/class/leds/keyboard-backlight/brightness
  284. chown system system /sys/class/leds/lcd-backlight/brightness
  285. chown system system /sys/class/leds/button-backlight/brightness
  286. chown system system /sys/class/leds/jogball-backlight/brightness
  287. chown system system /sys/class/leds/red/brightness
  288. chown system system /sys/class/leds/green/brightness
  289. chown system system /sys/class/leds/blue/brightness
  290. chown system system /sys/class/leds/red/device/grpfreq
  291. chown system system /sys/class/leds/red/device/grppwm
  292. chown system system /sys/class/leds/red/device/blink
  293. chown system system /sys/class/leds/red/brightness
  294. chown system system /sys/class/leds/green/brightness
  295. chown system system /sys/class/leds/blue/brightness
  296. chown system system /sys/class/leds/red/device/grpfreq
  297. chown system system /sys/class/leds/red/device/grppwm
  298. chown system system /sys/class/leds/red/device/blink
  299. chown system system /sys/class/timed_output/vibrator/enable
  300. chown system system /sys/module/sco/parameters/disable_esco
  301. chown system system /sys/kernel/ipv4/tcp_wmem_min
  302. chown system system /sys/kernel/ipv4/tcp_wmem_def
  303. chown system system /sys/kernel/ipv4/tcp_wmem_max
  304. chown system system /sys/kernel/ipv4/tcp_rmem_min
  305. chown system system /sys/kernel/ipv4/tcp_rmem_def
  306. chown system system /sys/kernel/ipv4/tcp_rmem_max
  307. chown root radio /proc/cmdline
  308.  
  309. # Define TCP buffer sizes for various networks
  310. # ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
  311. setprop net.tcp.buffersize.default 4096,87380,704512,4096,16384,110208
  312. setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576
  313. setprop net.tcp.buffersize.lte 4096,87380,1220608,4096,16384,563200
  314. setprop net.tcp.buffersize.umts 4096,87380,563200,4096,16384,110208
  315. setprop net.tcp.buffersize.hspa 4096,87380,704512,4096,16384,110208
  316. setprop net.tcp.buffersize.hsupa 4096,87380,704512,4096,16384,262144
  317. setprop net.tcp.buffersize.hsdpa 4096,87380,704512,4096,16384,262144
  318. setprop net.tcp.buffersize.hspap 4096,87380,1220608,4096,16384,393216
  319. setprop net.tcp.buffersize.edge 4096,26280,35040,4096,16384,35040
  320. setprop net.tcp.buffersize.gprs 4096,8760,11680,4096,8760,11680
  321. setprop net.tcp.buffersize.evdo 4096,87380,563200,4096,16384,262144
  322. setprop net.tcp.buffersize.evdo_b 4096,87380,704512,4096,16384,262144
  323.  
  324. # Set this property so surfaceflinger is not started by system_init
  325. setprop system_init.startsurfaceflinger 0
  326.  
  327. # Run sysinit
  328. exec /system/bin/sysinit
  329.  
  330. class_start core
  331. class_start main
  332.  
  333. on nonencrypted
  334. class_start late_start
  335.  
  336. on charger
  337. class_start charger
  338.  
  339. on property:vold.decrypt=trigger_reset_main
  340. class_reset main
  341.  
  342. on property:vold.decrypt=trigger_load_persist_props
  343. load_persist_props
  344.  
  345. on property:vold.decrypt=trigger_post_fs_data
  346. trigger post-fs-data
  347.  
  348. on property:vold.decrypt=trigger_restart_min_framework
  349. class_start main
  350.  
  351. on property:vold.decrypt=trigger_restart_framework
  352. class_start main
  353. class_start late_start
  354.  
  355. on property:vold.decrypt=trigger_shutdown_framework
  356. class_reset late_start
  357. class_reset main
  358.  
  359. ## Daemon processes to be run by init.
  360. ##
  361. service ueventd /sbin/ueventd
  362. class core
  363. critical
  364.  
  365. service console /system/bin/sh
  366. class core
  367. console
  368. disabled
  369. user shell
  370. group log
  371.  
  372. on property:ro.debuggable=1
  373. start console
  374.  
  375. # adbd is controlled via property triggers in init.<platform>.usb.rc
  376. service adbd /sbin/adbd
  377. class core
  378. disabled
  379.  
  380. # adbd on at boot in emulator
  381. on property:ro.kernel.qemu=1
  382. start adbd
  383.  
  384. service servicemanager /system/bin/servicemanager
  385. class core
  386. user system
  387. group system
  388. critical
  389. onrestart restart zygote
  390. onrestart restart media
  391. onrestart restart surfaceflinger
  392. onrestart restart drm
  393.  
  394. service vold /system/bin/vold
  395. class core
  396. socket vold stream 0660 root mount
  397. ioprio be 2
  398.  
  399. service netd /system/bin/netd
  400. class main
  401. socket netd stream 0660 root system
  402. socket dnsproxyd stream 0660 root inet
  403. socket mdns stream 0660 root system
  404.  
  405. service debuggerd /system/bin/debuggerd
  406. class main
  407.  
  408. service ril-daemon /system/bin/rild
  409. class main
  410. socket rild stream 660 root radio
  411. socket rild-debug stream 660 radio system
  412. user root
  413. group radio cache inet misc audio sdcard_r sdcard_rw qcom_oncrpc qcom_diag log
  414.  
  415. service surfaceflinger /system/bin/surfaceflinger
  416. class main
  417. user system
  418. group graphics
  419. onrestart restart zygote
  420.  
  421. service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
  422. class main
  423. socket zygote stream 660 root system
  424. onrestart write /sys/android_power/request_state wake
  425. onrestart write /sys/power/state on
  426. onrestart restart media
  427. onrestart restart netd
  428.  
  429. service drm /system/bin/drmserver
  430. class main
  431. user drm
  432. group drm system inet drmrpc sdcard_r
  433.  
  434. service media /system/bin/mediaserver
  435. class main
  436. user media
  437. group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc
  438. ioprio rt 4
  439.  
  440. service bootanim /system/bin/bootanimation
  441. class main
  442. user graphics
  443. group graphics
  444. disabled
  445. oneshot
  446.  
  447. service dbus /system/bin/dbus-daemon --system --nofork
  448. class main
  449. socket dbus stream 660 bluetooth bluetooth
  450. user bluetooth
  451. group bluetooth net_bt_admin
  452.  
  453. service bluetoothd /system/bin/bluetoothd -n
  454. class main
  455. socket bluetooth stream 660 bluetooth bluetooth
  456. socket dbus_bluetooth stream 660 bluetooth bluetooth
  457. # init.rc does not yet support applying capabilities, so run as root and
  458. # let bluetoothd drop uid to bluetooth with the right linux capabilities
  459. group bluetooth net_bt_admin misc
  460. disabled
  461.  
  462. service installd /system/bin/installd
  463. class main
  464. socket installd stream 600 system system
  465.  
  466. service racoon /system/bin/racoon
  467. class main
  468. socket racoon stream 600 system system
  469. # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
  470. group vpn net_admin inet
  471. disabled
  472. oneshot
  473.  
  474. service mtpd /system/bin/mtpd
  475. class main
  476. socket mtpd stream 600 system system
  477. user vpn
  478. group vpn net_admin inet net_raw
  479. disabled
  480. oneshot
  481.  
  482. service keystore /system/bin/keystore /data/misc/keystore
  483. class main
  484. user keystore
  485. group keystore drmrpc
  486. socket keystore stream 666
  487.  
  488. service dumpstate /system/bin/dumpstate -s
  489. class main
  490. socket dumpstate stream 0660 shell log
  491. disabled
  492. oneshot
  493.  
  494. service sshd /system/bin/start-ssh
  495. class main
  496. disabled
  497.  
  498. service mdnsd /system/bin/mdnsd
  499. class main
  500. user mdnsr
  501. group inet net_raw
  502. socket mdnsd stream 0660 mdnsr inet
  503. disabled
  504. oneshot
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!