# Copyright (C) 2012 The Android Open Source Project## IMPORTANT: Do not cre

1. # Copyright (C) 2012 The Android Open Source Project
2. #
3. # IMPORTANT: Do not create world writable files or directories.
4. # This is a common source of Android security bugs.
5. #
6.  
7. import /init.environ.rc
8. import /init.environ.dji.rc
9. #import /vendor/etc/init/init.eagle2.rc
10.  
11. on early-init
12. # Set init and its forked children's oom_adj.
13. write /proc/1/oom_score_adj 0
14.  
15. # limit the devkmsg to 20Hz, interval is 5s
16. write /proc/sys/kernel/devkmsg_ratelimit_burst 100
17.  
18. # Disable sysrq from keyboard
19. write /proc/sys/kernel/sysrq 0
20.  
21. # Set the security context of /adb_keys if present.
22. restorecon /adb_keys
23.  
24. # Set the security context of /postinstall if present.
25. restorecon /postinstall
26.  
27. # Mount cgroup mount point for cpu accounting
28. mount cgroup none /acct nodev noexec nosuid cpuacct
29. mkdir /acct/uid
30.  
31. # root memory control cgroup, used by lmkd
32. mkdir /dev/memcg 0700 root system
33. mount cgroup none /dev/memcg nodev noexec nosuid memory
34. # app mem cgroups, used by activity manager, lmkd and zygote
35. mkdir /dev/memcg/apps/ 0755 system system
36. # cgroup for system_server and surfaceflinger
37. mkdir /dev/memcg/system 0550 system system
38.  
39. start ueventd
40.  
41. on init
42. sysclktz 0
43.  
44. # Load IMG GPU driver, dc_example is used to connect
45. # a dummy display controller for nullws
46. chmod 0644 /system/lib/modules/pvrsrvkm.ko
47. #insmod /system/lib/modules/pvrsrvkm.ko
48.  
49. # Mix device-specific information into the entropy pool
50. copy /proc/cmdline /dev/urandom
51. copy /default.prop /dev/urandom
52.  
53. # Backward compatibility.
54. symlink /sys/kernel/debug /d
55.  
56.  
57. # Create energy-aware scheduler tuning nodes
58. mkdir /dev/stune
59. mount cgroup none /dev/stune nodev noexec nosuid schedtune
60. mkdir /dev/stune/foreground
61. mkdir /dev/stune/background
62. mkdir /dev/stune/top-app
63. mkdir /dev/stune/rt
64. chown system system /dev/stune
65. chown system system /dev/stune/foreground
66. chown system system /dev/stune/background
67. chown system system /dev/stune/top-app
68. chown system system /dev/stune/rt
69. chown system system /dev/stune/tasks
70. chown system system /dev/stune/foreground/tasks
71. chown system system /dev/stune/background/tasks
72. chown system system /dev/stune/top-app/tasks
73. chown system system /dev/stune/rt/tasks
74. chmod 0664 /dev/stune/tasks
75. chmod 0664 /dev/stune/foreground/tasks
76. chmod 0664 /dev/stune/background/tasks
77. chmod 0664 /dev/stune/top-app/tasks
78. chmod 0664 /dev/stune/rt/tasks
79.  
80. restorecon_recursive /mnt
81.  
82. mount configfs none /config nodev noexec nosuid
83. chmod 0770 /config/sdcardfs
84. chown system package_info /config/sdcardfs
85.  
86. mkdir /mnt/secure 0700 root root
87. mkdir /mnt/secure/asec 0700 root root
88. mkdir /mnt/asec 0755 root system
89. mkdir /mnt/obb 0755 root system
90. mkdir /mnt/media_rw 0750 root media_rw
91. mkdir /mnt/user 0755 root root
92. mkdir /mnt/user/0 0755 root root
93. mkdir /mnt/expand 0771 system system
94. mkdir /mnt/appfuse 0711 root root
95.  
96. # Storage views to support runtime permissions
97. mkdir /mnt/runtime 0700 root root
98. mkdir /mnt/runtime/default 0755 root root
99. mkdir /mnt/runtime/default/self 0755 root root
100. mkdir /mnt/runtime/read 0755 root root
101. mkdir /mnt/runtime/read/self 0755 root root
102. mkdir /mnt/runtime/write 0755 root root
103. mkdir /mnt/runtime/write/self 0755 root root
104.  
105. mkdir /blackbox
106. mkdir /factory_data
107. mkdir /cali
108. mkdir /cache
109. mkdir /tmp
110. mount tmpfs tmpfs /tmp size=32M
111. restorecon_recursive /factory_data
112. restorecon_recursive /cali
113.  
114.  
115. # Symlink to keep legacy apps working in multi-user world
116. symlink /storage/self/primary /sdcard
117. symlink /storage/self/primary /mnt/sdcard
118. symlink /mnt/user/0/primary /mnt/runtime/default/self/primary
119.  
120. write /proc/sys/kernel/panic_on_oops 1
121. write /proc/cpu/alignment 4
122.  
123. # scheduler tunables
124. # Disable auto-scaling of scheduler tunables with hotplug. The tunables
125. # will vary across devices in unpredictable ways if allowed to scale with
126. # cpu cores.
127. write /proc/sys/kernel/sched_tunable_scaling 0
128. write /proc/sys/kernel/sched_latency_ns 10000000
129. write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
130. write /proc/sys/kernel/sched_child_runs_first 0
131.  
132. write /proc/sys/kernel/randomize_va_space 2
133. write /proc/sys/vm/mmap_min_addr 32768
134. write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
135. write /proc/sys/net/unix/max_dgram_qlen 600
136. write /proc/sys/kernel/sched_rt_runtime_us 950000
137. write /proc/sys/kernel/sched_rt_period_us 1000000
138.  
139. # Assign reasonable ceiling values for socket rcv/snd buffers.
140. # These should almost always be overridden by the target per the
141. # the corresponding technology maximums.
142. write /proc/sys/net/core/rmem_max 262144
143. write /proc/sys/net/core/wmem_max 262144
144.  
145. # reflect fwmark from incoming packets onto generated replies
146. write /proc/sys/net/ipv4/fwmark_reflect 1
147. write /proc/sys/net/ipv6/fwmark_reflect 1
148.  
149. # set fwmark on accepted sockets
150. write /proc/sys/net/ipv4/tcp_fwmark_accept 1
151.  
152. # disable icmp redirects
153. write /proc/sys/net/ipv4/conf/all/accept_redirects 0
154. write /proc/sys/net/ipv6/conf/all/accept_redirects 0
155.  
156. # /proc/net/fib_trie leaks interface IP addresses
157. chmod 0400 /proc/net/fib_trie
158.  
159. # Create cgroup mount points for process groups
160. mkdir /dev/cpuctl
161. mount cgroup none /dev/cpuctl nodev noexec nosuid cpu
162. chown system system /dev/cpuctl
163. chown system system /dev/cpuctl/tasks
164. chmod 0666 /dev/cpuctl/tasks
165. write /dev/cpuctl/cpu.rt_period_us 1000000
166. write /dev/cpuctl/cpu.rt_runtime_us 950000
167.  
168. # sets up initial cpusets for ActivityManager
169. mkdir /dev/cpuset
170. mount cpuset none /dev/cpuset nodev noexec nosuid
171.  
172. # this ensures that the cpusets are present and usable, but the device's
173. # init.rc must actually set the correct cpus
174. mkdir /dev/cpuset/foreground
175. copy /dev/cpuset/cpus /dev/cpuset/foreground/cpus
176. copy /dev/cpuset/mems /dev/cpuset/foreground/mems
177. mkdir /dev/cpuset/background
178. copy /dev/cpuset/cpus /dev/cpuset/background/cpus
179. copy /dev/cpuset/mems /dev/cpuset/background/mems
180.  
181. # system-background is for system tasks that should only run on
182. # little cores, not on bigs
183. # to be used only by init, so don't change system-bg permissions
184. mkdir /dev/cpuset/system-background
185. copy /dev/cpuset/cpus /dev/cpuset/system-background/cpus
186. copy /dev/cpuset/mems /dev/cpuset/system-background/mems
187.  
188. # restricted is for system tasks that are being throttled
189. # due to screen off.
190. mkdir /dev/cpuset/restricted
191. copy /dev/cpuset/cpus /dev/cpuset/restricted/cpus
192. copy /dev/cpuset/mems /dev/cpuset/restricted/mems
193.  
194. mkdir /dev/cpuset/top-app
195. copy /dev/cpuset/cpus /dev/cpuset/top-app/cpus
196. copy /dev/cpuset/mems /dev/cpuset/top-app/mems
197.  
198. # change permissions for all cpusets we'll touch at runtime
199. chown system system /dev/cpuset
200. chown system system /dev/cpuset/foreground
201. chown system system /dev/cpuset/background
202. chown system system /dev/cpuset/system-background
203. chown system system /dev/cpuset/top-app
204. chown system system /dev/cpuset/restricted
205. chown system system /dev/cpuset/tasks
206. chown system system /dev/cpuset/foreground/tasks
207. chown system system /dev/cpuset/background/tasks
208. chown system system /dev/cpuset/system-background/tasks
209. chown system system /dev/cpuset/top-app/tasks
210. chown system system /dev/cpuset/restricted/tasks
211.  
212. # set system-background to 0775 so SurfaceFlinger can touch it
213. chmod 0775 /dev/cpuset/system-background
214.  
215. chmod 0664 /dev/cpuset/foreground/tasks
216. chmod 0664 /dev/cpuset/background/tasks
217. chmod 0664 /dev/cpuset/system-background/tasks
218. chmod 0664 /dev/cpuset/top-app/tasks
219. chmod 0664 /dev/cpuset/restricted/tasks
220. chmod 0664 /dev/cpuset/tasks
221.  
222.  
223. # qtaguid will limit access to specific data based on group memberships.
224. # net_bw_acct grants impersonation of socket owners.
225. # net_bw_stats grants access to other apps' detailed tagged-socket stats.
226. chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
227. chown root net_bw_stats /proc/net/xt_qtaguid/stats
228.  
229. # Allow everybody to read the xt_qtaguid resource tracking misc dev.
230. # This is needed by any process that uses socket tagging.
231. chmod 0644 /dev/xt_qtaguid
232.  
233. mkdir /dev/cg2_bpf
234. mount cgroup2 cg2_bpf /dev/cg2_bpf nodev noexec nosuid
235. chown root root /dev/cg2_bpf
236. chmod 0600 /dev/cg2_bpf
237. mount bpf bpf /sys/fs/bpf nodev noexec nosuid
238.  
239. # Create location for fs_mgr to store abbreviated output from filesystem
240. # checker programs.
241. mkdir /dev/fscklogs 0770 root system
242.  
243. # pstore/ramoops previous console log
244. mount pstore pstore /sys/fs/pstore nodev noexec nosuid
245. chown system log /sys/fs/pstore/console-ramoops
246. chmod 0440 /sys/fs/pstore/console-ramoops
247. chown system log /sys/fs/pstore/console-ramoops-0
248. chmod 0440 /sys/fs/pstore/console-ramoops-0
249. chown system log /sys/fs/pstore/pmsg-ramoops-0
250. chmod 0440 /sys/fs/pstore/pmsg-ramoops-0
251.  
252. # enable armv8_deprecated instruction hooks
253. write /proc/sys/abi/swp 1
254.  
255. # Linux's execveat() syscall may construct paths containing /dev/fd
256. # expecting it to point to /proc/self/fd
257. symlink /proc/self/fd /dev/fd
258.  
259. export DOWNLOAD_CACHE /data/cache
260.  
261. # set RLIMIT_NICE to allow priorities from 19 to -20
262. setrlimit nice 40 40
263.  
264. # Allow up to 32K FDs per process
265. setrlimit nofile 32768 32768
266.  
267. # This allows the ledtrig-transient properties to be created here so
268. # that they can be chown'd to system:system later on boot
269. write /sys/class/leds/vibrator/trigger "transient"
270.  
271. start pvinsmod
272.  
273. # Healthd can trigger a full boot from charger mode by signaling this
274. # property when the power button is held.
275. on property:sys.boot_from_charger_mode=1
276. class_stop charger
277. trigger late-init
278.  
279. on load_persist_props_action
280. load_persist_props
281. start logd
282. start logd-reinit
283.  
284. # Indicate to fw loaders that the relevant mounts are up.
285. on firmware_mounts_complete
286. rm /dev/.booting
287.  
288. # Mount filesystems and start core system services.
289. on late-init
290. trigger early-fs
291.  
292. # Mount fstab in init.{$device}.rc by mount_all command. Optional parameter
293. # '--early' can be specified to skip entries with 'latemount'.
294. # /system and /vendor must be mounted by the end of the fs stage,
295. # while /data is optional.
296. start start_tee_supplicant
297. trigger fs
298. trigger post-fs
299. restorecon_recursive /vendor
300.  
301. # Mount fstab in init.{$device}.rc by mount_all with '--late' parameter
302. # to only mount entries with 'latemount'. This is needed if '--early' is
303. # specified in the previous mount_all command on the fs stage.
304. # With /system mounted and properties form /system + /factory available,
305. # some services can be started.
306. trigger late-fs
307.  
308. # Now we can mount /data. File encryption requires keymaster to decrypt
309. # /data, which in turn can only be loaded when system properties are present.
310. trigger post-fs-data
311.  
312. # Now we can start zygote for devices with file based encryption
313. #trigger zygote-start
314.  
315. # Load persist properties and override properties (if enabled) from /data.
316. trigger load_persist_props_action
317.  
318. # Remove a file to wake up anything waiting for firmware.
319. trigger firmware_mounts_complete
320.  
321. trigger early-boot
322. trigger boot
323.  
324. on early-fs
325. start init_part
326.  
327. on post-fs
328. # Load properties from
329. # /system/build.prop,
330. # /odm/build.prop,
331. # /vendor/build.prop and
332. # /factory/factory.prop
333. load_system_props
334.  
335. # Link /vendor to /system/vendor for devices without a vendor partition.
336. symlink /system/vendor /vendor
337. symlink /system/bin /bin
338. symlink /system/etc /etc
339. symlink /system/xbin/busybox /sbin/busybox
340. symlink /system/bin/unrd /sbin/unrd
341. symlink /system/xbin/mmc_utils /sbin/mmc_utils
342. symlink /system/xbin/dji_update_engine /sbin/dji_update_engine
343.  
344. # start essential services
345. # start data_fsck
346. start logd
347. start servicemanager
348. start hwservicemanager
349. start vndservicemanager
350.  
351. # Once everything is setup, no need to modify /.
352. # The bind+ro combination avoids modifying any other mount flags.
353. mount rootfs rootfs / remount bind ro
354. # Mount shared so changes propagate into child namespaces
355. mount rootfs rootfs / shared rec
356. # Mount default storage into root namespace
357. mount none /mnt/runtime/default /storage bind rec
358. mount none none /storage slave rec
359.  
360. # Make sure /sys/kernel/debug (if present) is labeled properly
361. # Note that tracefs may be mounted under debug, so we need to cross filesystems
362. restorecon --recursive --cross-filesystems /sys/kernel/debug
363.  
364. # We chown/chmod /cache again so because mount is run as root + defaults
365. chown system cache /cache
366. chmod 0770 /cache
367. # We restorecon /cache in case the cache partition has been reset.
368. restorecon_recursive /cache
369.  
370. # Create /cache/recovery in case it's not there. It'll also fix the odd
371. # permissions if created by the recovery system.
372. mkdir /cache/recovery 0770 system cache
373.  
374. # Backup/restore mechanism uses the cache partition
375. mkdir /cache/backup_stage 0700 system system
376. mkdir /cache/backup 0700 system system
377.  
378. #change permissions on vmallocinfo so we can grab it from bugreports
379. chown root log /proc/vmallocinfo
380. chmod 0440 /proc/vmallocinfo
381.  
382. chown root log /proc/slabinfo
383. chmod 0440 /proc/slabinfo
384.  
385. #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
386. chown root system /proc/kmsg
387. chmod 0440 /proc/kmsg
388. chown root system /proc/sysrq-trigger
389. chmod 0220 /proc/sysrq-trigger
390. chown system log /proc/last_kmsg
391. chmod 0440 /proc/last_kmsg
392.  
393. # make the selinux kernel policy world-readable
394. chmod 0444 /sys/fs/selinux/policy
395.  
396. # create the lost+found directories, so as to enforce our permissions
397. mkdir /cache/lost+found 0770 root root
398.  
399. restorecon_recursive /metadata
400. mkdir /metadata/vold
401. chmod 0700 /metadata/vold
402.  
403. # wait /tmp/data_fsck_done 20
404. # mount ext4 /dev/block/by-name/userdata /data rw nosuid wait discard,data=ordered,nodelalloc
405.  
406. on late-fs
407. # Ensure that tracefs has the correct permissions.
408. # This does not work correctly if it is called in post-fs.
409. chmod 0755 /sys/kernel/debug/tracing
410.  
411. # HALs required before storage encryption can get unlocked (FBE/FDE)
412. class_start early_hal
413.  
414. on post-fs-data
415. # We chown/chmod /data again so because mount is run as root + defaults
416. chown system system /data
417. chmod 0771 /data
418. # We restorecon /data in case the userdata partition has been reset.
419. restorecon /data
420.  
421. # Make sure we have the device encryption key.
422. start vold
423. installkey /data
424.  
425. # Avoid predictable entropy pool. Carry over entropy from previous boot.
426. copy /data/system/entropy.dat /dev/urandom
427.  
428. # create basic filesystem structure
429. mkdir /data/misc 01771 system misc
430. #mkdir /data/misc/recovery 0770 system log
431. #copy /data/misc/recovery/ro.build.fingerprint /data/misc/recovery/ro.build.fingerprint.1
432. #chmod 0440 /data/misc/recovery/ro.build.fingerprint.1
433. #chown system log /data/misc/recovery/ro.build.fingerprint.1
434. #write /data/misc/recovery/ro.build.fingerprint ${ro.build.fingerprint}
435. #chmod 0440 /data/misc/recovery/ro.build.fingerprint
436. #chown system log /data/misc/recovery/ro.build.fingerprint
437. #mkdir /data/misc/recovery/proc 0770 system log
438. #copy /data/misc/recovery/proc/version /data/misc/recovery/proc/version.1
439. #chmod 0440 /data/misc/recovery/proc/version.1
440. #chown system log /data/misc/recovery/proc/version.1
441. #copy /proc/version /data/misc/recovery/proc/version
442. #chmod 0440 /data/misc/recovery/proc/version
443. #chown system log /data/misc/recovery/proc/version
444. #mkdir /data/misc/bluedroid 02770 bluetooth bluetooth
445. # Fix the access permissions and group ownership for 'bt_config.conf'
446. #chmod 0660 /data/misc/bluedroid/bt_config.conf
447. #chown bluetooth bluetooth /data/misc/bluedroid/bt_config.conf
448. #mkdir /data/misc/bluetooth 0770 bluetooth bluetooth
449. #mkdir /data/misc/bluetooth/logs 0770 bluetooth bluetooth
450. #mkdir /data/misc/keystore 0700 keystore keystore
451. #mkdir /data/misc/gatekeeper 0700 system system
452. #mkdir /data/misc/keychain 0771 system system
453. #mkdir /data/misc/net 0750 root shell
454. #mkdir /data/misc/radio 0770 system radio
455. #mkdir /data/misc/sms 0770 system radio
456. #mkdir /data/misc/carrierid 0770 system radio
457. #mkdir /data/misc/apns 0770 system radio
458. #mkdir /data/misc/zoneinfo 0775 system system
459. #mkdir /data/misc/network_watchlist 0774 system system
460. #mkdir /data/misc/textclassifier 0771 system system
461. #mkdir /data/misc/vpn 0770 system vpn
462. #mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
463. #mkdir /data/misc/systemkeys 0700 system system
464. #mkdir /data/misc/wifi 0770 wifi wifi
465. #mkdir /data/misc/wifi/sockets 0770 wifi wifi
466. #mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
467. #mkdir /data/misc/ethernet 0770 system system
468. #mkdir /data/misc/dhcp 0770 dhcp dhcp
469. #mkdir /data/misc/user 0771 root root
470. #mkdir /data/misc/perfprofd 0775 root root
471. ## give system access to wpa_supplicant.conf for backup and restore
472. #chmod 0660 /data/misc/wifi/wpa_supplicant.conf
473. #mkdir /data/local 0751 root root
474. #mkdir /data/misc/media 0700 media media
475. #mkdir /data/misc/audioserver 0700 audioserver audioserver
476. #mkdir /data/misc/cameraserver 0700 cameraserver cameraserver
477. #mkdir /data/misc/vold 0700 root root
478. #mkdir /data/misc/boottrace 0771 system shell
479. #mkdir /data/misc/update_engine 0700 root root
480. #mkdir /data/misc/update_engine_log 02750 root log
481. #mkdir /data/misc/trace 0700 root root
482. ## create location to store surface and window trace files
483. #mkdir /data/misc/wmtrace 0700 system system
484. ## profile file layout
485. #mkdir /data/misc/profiles 0771 system system
486. #mkdir /data/misc/profiles/cur 0771 system system
487. #mkdir /data/misc/profiles/ref 0771 system system
488. #mkdir /data/misc/profman 0770 system shell
489. #mkdir /data/misc/gcov 0770 root root
490.  
491. #mkdir /data/vendor 0771 root root
492. #mkdir /data/vendor_ce 0771 root root
493. #mkdir /data/vendor_de 0771 root root
494. #mkdir /data/vendor/hardware 0771 root root
495.  
496. ## For security reasons, /data/local/tmp should always be empty.
497. ## Do not place files or directories in /data/local/tmp
498. #mkdir /data/local/tmp 0771 shell shell
499. #mkdir /data/local/traces 0777 shell shell
500. #mkdir /data/data 0771 system system
501. #mkdir /data/app-private 0771 system system
502. #mkdir /data/app-ephemeral 0771 system system
503. #mkdir /data/app-asec 0700 root root
504. #mkdir /data/app-lib 0771 system system
505. #mkdir /data/app 0771 system system
506. mkdir /data/property 0700 root root
507. mkdir /data/tombstones 0771 system system
508. mkdir /data/vendor/tombstones 0771 root root
509. #mkdir /data/vendor/tombstones/wifi 0771 wifi wifi
510.  
511. ## create dalvik-cache, so as to enforce our permissions
512. #mkdir /data/dalvik-cache 0771 root root
513. ## create the A/B OTA directory, so as to enforce our permissions
514. mkdir /data/ota 0771 root root
515.  
516. ## create the OTA package directory. It will be accessed by GmsCore (cache
517. ## group), update_engine and update_verifier.
518. #mkdir /data/ota_package 0770 system cache
519.  
520. ## create resource-cache and double-check the perms
521. #mkdir /data/resource-cache 0771 system system
522. #chown system system /data/resource-cache
523. #chmod 0771 /data/resource-cache
524.  
525. # create the lost+found directories, so as to enforce our permissions
526. mkdir /data/lost+found 0770 root root
527.  
528. ## create directory for DRM plug-ins - give drm the read/write access to
529. ## the following directory.
530. #mkdir /data/drm 0770 drm drm
531.  
532. ## create directory for MediaDrm plug-ins - give drm the read/write access to
533. ## the following directory.
534. #mkdir /data/mediadrm 0770 mediadrm mediadrm
535.  
536. mkdir /data/anr 0775 system system
537.  
538. ## NFC: create data/nfc for nv storage
539. #mkdir /data/nfc 0770 nfc nfc
540. #mkdir /data/nfc/param 0770 nfc nfc
541.  
542. ## Create all remaining /data root dirs so that they are made through init
543. ## and get proper encryption policy installed
544. #mkdir /data/backup 0700 system system
545. #mkdir /data/ss 0700 system system
546.  
547. #mkdir /data/system 0775 system system
548. #mkdir /data/system/heapdump 0700 system system
549. #mkdir /data/system/users 0775 system system
550.  
551. #mkdir /data/system_de 0770 system system
552. #mkdir /data/system_ce 0770 system system
553.  
554. #mkdir /data/misc_de 01771 system misc
555. #mkdir /data/misc_ce 01771 system misc
556.  
557. #mkdir /data/user 0711 system system
558. #mkdir /data/user_de 0711 system system
559. #symlink /data/data /data/user/0
560.  
561. #mkdir /data/media 0770 media_rw media_rw
562. #mkdir /data/media/obb 0770 media_rw media_rw
563.  
564. #mkdir /data/cache 0770 system cache
565. #mkdir /data/cache/recovery 0770 system cache
566. #mkdir /data/cache/backup_stage 0700 system system
567. #mkdir /data/cache/backup 0700 system system
568.  
569. init_user0
570.  
571. # Set SELinux security contexts on upgrade or policy update.
572. restorecon --recursive --skip-ce /data
573.  
574. # If there is no post-fs-data action in the init.<device>.rc file, you
575. # must uncomment this line, otherwise encrypted filesystems
576. # won't work.
577. # Set indication (checked by vold) that we have finished this action
578. #setprop vold.post_fs_data_done 1
579. start console
580.  
581. on boot
582. # basic network init
583. ifup lo
584. hostname localhost
585. domainname localdomain
586.  
587. # IPsec SA default expiration length
588. write /proc/sys/net/core/xfrm_acq_expires 3600
589.  
590. # Memory management. Basic kernel parameters, and allow the high
591. # level system server to be able to adjust the kernel OOM driver
592. # parameters to match how it is managing things.
593. write /proc/sys/vm/overcommit_memory 1
594. write /proc/sys/vm/min_free_order_shift 4
595. chown root system /sys/module/lowmemorykiller/parameters/adj
596. chmod 0664 /sys/module/lowmemorykiller/parameters/adj
597. chown root system /sys/module/lowmemorykiller/parameters/minfree
598. chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
599.  
600. # Tweak background writeout
601. write /proc/sys/vm/dirty_expire_centisecs 500
602. write /proc/sys/vm/dirty_writeback_centisecs 500
603. write /proc/sys/vm/dirty_background_ratio 5
604.  
605. # Permissions for System Server and daemons.
606. chown radio system /sys/android_power/state
607. chown radio system /sys/android_power/request_state
608. chown radio system /sys/android_power/acquire_full_wake_lock
609. chown radio system /sys/android_power/acquire_partial_wake_lock
610. chown radio system /sys/android_power/release_wake_lock
611. chown system system /sys/power/autosleep
612. chown system system /sys/power/state
613. chown system system /sys/power/wakeup_count
614. chown radio wakelock /sys/power/wake_lock
615. chown radio wakelock /sys/power/wake_unlock
616. chmod 0660 /sys/power/state
617. chmod 0660 /sys/power/wake_lock
618. chmod 0660 /sys/power/wake_unlock
619.  
620. chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
621. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
622. chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
623. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
624. chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
625. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
626. chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
627. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
628. chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
629. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
630. chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
631. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
632. chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
633. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
634. chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
635. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
636. chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
637. chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
638. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
639. chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
640. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
641. chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
642. chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
643.  
644. # Assume SMP uses shared cpufreq policy for all CPUs
645. chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
646. chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
647.  
648. chown system system /sys/module/sco/parameters/disable_esco
649. chown system system /sys/kernel/ipv4/tcp_wmem_min
650. chown system system /sys/kernel/ipv4/tcp_wmem_def
651. chown system system /sys/kernel/ipv4/tcp_wmem_max
652. chown system system /sys/kernel/ipv4/tcp_rmem_min
653. chown system system /sys/kernel/ipv4/tcp_rmem_def
654. chown system system /sys/kernel/ipv4/tcp_rmem_max
655. chown root radio /proc/cmdline
656.  
657. # Define default initial receive window size in segments.
658. setprop net.tcp.default_init_rwnd 60
659.  
660. # Start standard binderized HAL daemons
661. class_start hal
662.  
663. class_start core
664.  
665. start netd
666.  
667. start start_dji_system
668.  
669. on nonencrypted
670. class_start main
671. class_start late_start
672.  
673. on property:dji.start_usb=1
674. trigger init_usb
675.  
676. on property:sys.init_log_level=*
677. loglevel ${sys.init_log_level}
678.  
679. on charger
680. class_start charger
681.  
682. on property:vold.decrypt=trigger_reset_main
683. class_reset main
684.  
685. on property:vold.decrypt=trigger_load_persist_props
686. load_persist_props
687. start logd
688. start logd-reinit
689.  
690. on property:vold.decrypt=trigger_post_fs_data
691. trigger post-fs-data
692. trigger zygote-start
693.  
694. on property:vold.decrypt=trigger_restart_min_framework
695. # A/B update verifier that marks a successful boot.
696. exec_start update_verifier
697. class_start main
698.  
699. on property:vold.decrypt=trigger_restart_framework
700. stop surfaceflinger
701. start surfaceflinger
702. # A/B update verifier that marks a successful boot.
703. exec_start update_verifier
704. class_start main
705. class_start late_start
706.  
707. on property:vold.decrypt=trigger_shutdown_framework
708. class_reset late_start
709. class_reset main
710.  
711. on property:sys.sysctl.extra_free_kbytes=*
712. write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
713.  
714. # "tcp_default_init_rwnd" Is too long!
715. on property:sys.sysctl.tcp_def_init_rwnd=*
716. write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
717.  
718. on property:security.perf_harden=0
719. write /proc/sys/kernel/perf_event_paranoid 1
720.  
721. on property:dji.dsp_service=1
722. start dji_dsp
723.  
724. on property:dji.dsp_service=0
725. stop dji_dsp
726.  
727. on property:dji.ml_service=1
728. start dji_ml
729.  
730. on property:dji.ml_service=0
731. stop dji_ml
732.  
733. on property:dji.nn_service=1
734. start dji_nn_server
735.  
736. on property:dji.nn_service=0
737. stop dji_nn_server
738.  
739. on property:dji.lte_service=1
740. start dji_lte
741.  
742. on property:dji.lte_service=0
743. stop dji_lte
744.  
745. on property:dji.sdrs_agent_service=1
746. start dji_sdrs_agent
747.  
748. on property:dji.sdrs_agent_service=0
749. stop dji_sdrs_agent
750.  
751. on property:dji.network_service=1
752. start dji_network
753.  
754. on property:dji.network_service=0
755. stop dji_network
756.  
757. on property:dji.sw_uav_service=1
758. start dji_sw_uav
759.  
760. on property:dji.sw_uav_service=0
761. stop dji_sw_uav
762.  
763. on property:dji.wlm_slave_service=1
764. start dji_wlm_slave
765.  
766. on property:dji.wlm_slave_service=0
767. stop dji_wlm_slave
768.  
769. on property:dji.perception_service=1
770. start dji_perception
771.  
772. on property:dji.perception_service=0
773. stop dji_perception
774.  
775. on property:dji.vtwo_sdk_service=1
776. start dji_vtwo_sdk
777.  
778. on property:dji.vtwo_sdk_service=0
779. stop dji_vtwo_sdk
780.  
781. on property:dji.http_service=1
782. start dji_http_server
783.  
784. on property:dji.http_service=0
785. stop dji_http_server
786.  
787. on mountprop
788. mount_all /vendor/etc/fstab.${ro.hardware} --late
789. setprop mount.factory_data 1
790. setprop mount.cali 1
791. setprop mount.cache 1
792. setprop mount.blackbox 1
793.  
794. ## Daemon processes to be run by init.
795. ##
796. service ueventd /sbin/ueventd
797. class core
798. critical
799. seclabel u:r:ueventd:s0
800. shutdown critical
801.  
802. service console /system/bin/sh
803. class core
804. console
805. disabled
806. user root
807. group root log readproc
808. seclabel u:r:shell:s0
809. setenv HOSTNAME eagle2_wm260_native
810. setenv HOME /data
811.  
812. service netd /system/bin/netd
813. user root
814. socket netd stream 0660 root system
815. socket dnsproxyd stream 0660 root inet
816. socket mdns stream 0660 root system
817. socket fwmarkd stream 0660 root system
818.  
819. service pvinsmod /system/bin/sh /system/bin/pvinsmod.sh
820. user root
821. group root
822. disabled
823. oneshot
824. seclabel u:r:shell:s0
825.  
826. service dji_dsp /system/bin/ss_dsp_manager
827. disabled
828. user root
829. seclabel u:r:shell:s0
830.  
831. service dji_ml /system/bin/dji_ml
832. disabled
833. user root
834.  
835. service dji_nn_server /system/bin/dji_nn_server
836. disabled
837. user root
838.  
839. service dji_perception /system/bin/dji_perception
840. disabled
841. user root
842.  
843. service dji_lte /system/bin/dji_lte
844. disabled
845. user root
846.  
847. service dji_sdrs_agent /system/bin/dji_sdrs_agent -r
848. disabled
849. user root
850.  
851. service dji_network /system/bin/dji_network
852. disabled
853. user root
854. seclabel u:r:shell:s0
855.  
856. service dji_sw_uav /system/bin/dji_sw_uav
857. disabled
858. user root
859. seclabel u:r:shell:s0
860.  
861. service dji_wlm_slave /system/bin/dji_wlm_slave
862. disabled
863. user root
864.  
865. service dji_vtwo_sdk /system/bin/dji_vtwo_sdk
866. disabled
867. user root
868.  
869. service init_part /sbin/init_part 0
870. disabled
871. oneshot
872. user root
873. seclabel u:r:shell:s0
874.  
875. service data_fsck /system/bin/data_fsck.sh
876. disabled
877. oneshot
878. user root
879. seclabel u:r:shell:s0
880.  
881. service start_tee_supplicant /system/bin/tee-supplicant
882. disabled
883. user root
884. seclabel u:r:shell:s0
885.  
886. service coredump_monitor /system/bin/coredump_monitor \
887. -p /blackbox/system/coredump -i 3 -n 3 -s 50
888. disabled
889. user root
890. seclabel u:r:shell:s0
891.  
892. service dji_http_server /system/bin/dji_http_server -D -f /system/etc/http/lighttpd.conf
893. disabled
894. user root
895.  
896. on property:coredump.enable=1
897. start coredump_monitor
898. write /proc/sys/kernel/core_pattern /blackbox/system/coredump/core.%e.%p.%t
899.  
900. on property:coredump.enable=0
901. stop coredump_monitor
902. write /proc/sys/kernel/core_pattern ""