API tools faq
paste
Advertisement
goroh_kun

Nexus7 /init.rc

goroh_kun
Jun 28th, 2012
523
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 17.13 KB | None | 0 0
raw download clone embed print report
  1. # Copyright (C) 2012 The Android Open Source Project
  2. #
  3. # IMPORTANT: Do not create world writable files or directories.
  4. # This is a common source of Android security bugs.
  5. #
  6.  
  7. import /init.${ro.hardware}.rc
  8. import /init.usb.rc
  9. import /init.trace.rc
  10.  
  11. on early-init
  12.     # Set init and its forked children's oom_adj.
  13.     write /proc/1/oom_adj -16
  14.  
  15.     start ueventd
  16.  
  17. # create mountpoints
  18.     mkdir /mnt 0775 root system
  19.  
  20. on init
  21.  
  22. sysclktz 0
  23.  
  24. loglevel 3
  25.  
  26. # setup the global environment
  27.     export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
  28.     export LD_LIBRARY_PATH /vendor/lib:/system/lib
  29.     export ANDROID_BOOTLOGO 1
  30.     export ANDROID_ROOT /system
  31.     export ANDROID_ASSETS /system/app
  32.     export ANDROID_DATA /data
  33.     export ASEC_MOUNTPOINT /mnt/asec
  34.     export LOOP_MOUNTPOINT /mnt/obb
  35.     export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar
  36.  
  37. # Backward compatibility
  38.     symlink /system/etc /etc
  39.     symlink /sys/kernel/debug /d
  40.  
  41. # Right now vendor lives on the same filesystem as system,
  42. # but someday that may change.
  43.     symlink /system/vendor /vendor
  44.  
  45. # Create cgroup mount point for cpu accounting
  46.     mkdir /acct
  47.     mount cgroup none /acct cpuacct
  48.     mkdir /acct/uid
  49.  
  50.     mkdir /system
  51.     mkdir /data 0771 system system
  52.     mkdir /cache 0770 system cache
  53.     mkdir /config 0500 root root
  54.  
  55.     # Directory for putting things only root should see.
  56.     mkdir /mnt/secure 0700 root root
  57.  
  58.     # Directory for staging bindmounts
  59.     mkdir /mnt/secure/staging 0700 root root
  60.  
  61.     # Directory-target for where the secure container
  62.     # imagefile directory will be bind-mounted
  63.     mkdir /mnt/secure/asec  0700 root root
  64.  
  65.     # Secure container public mount points.
  66.     mkdir /mnt/asec  0700 root system
  67.     mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
  68.  
  69.     # Filesystem image public mount points.
  70.     mkdir /mnt/obb 0700 root system
  71.     mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
  72.  
  73.     write /proc/sys/kernel/panic_on_oops 1
  74.     write /proc/sys/kernel/hung_task_timeout_secs 0
  75.     write /proc/cpu/alignment 4
  76.     write /proc/sys/kernel/sched_latency_ns 10000000
  77.     write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
  78.     write /proc/sys/kernel/sched_compat_yield 1
  79.     write /proc/sys/kernel/sched_child_runs_first 0
  80.     write /proc/sys/kernel/randomize_va_space 2
  81.     write /proc/sys/kernel/kptr_restrict 2
  82.     write /proc/sys/kernel/dmesg_restrict 1
  83.     write /proc/sys/vm/mmap_min_addr 32768
  84.     write /proc/sys/kernel/sched_rt_runtime_us 950000
  85.     write /proc/sys/kernel/sched_rt_period_us 1000000
  86.  
  87. # Create cgroup mount points for process groups
  88.     mkdir /dev/cpuctl
  89.     mount cgroup none /dev/cpuctl cpu
  90.     chown system system /dev/cpuctl
  91.     chown system system /dev/cpuctl/tasks
  92.     chmod 0660 /dev/cpuctl/tasks
  93.     write /dev/cpuctl/cpu.shares 1024
  94.     write /dev/cpuctl/cpu.rt_runtime_us 950000
  95.     write /dev/cpuctl/cpu.rt_period_us 1000000
  96.  
  97.     mkdir /dev/cpuctl/apps
  98.     chown system system /dev/cpuctl/apps/tasks
  99.     chmod 0666 /dev/cpuctl/apps/tasks
  100.     write /dev/cpuctl/apps/cpu.shares 1024
  101.     write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
  102.     write /dev/cpuctl/apps/cpu.rt_period_us 1000000
  103.  
  104.     mkdir /dev/cpuctl/apps/bg_non_interactive
  105.     chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
  106.     chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
  107.     # 5.0 %
  108.     write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
  109.     write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
  110.     write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
  111.  
  112. # Allow everybody to read the xt_qtaguid resource tracking misc dev.
  113. # This is needed by any process that uses socket tagging.
  114.     chmod 0644 /dev/xt_qtaguid
  115.  
  116. on fs
  117. # mount mtd partitions
  118.     # Mount /system rw first to give the filesystem a chance to save a checkpoint
  119.     mount yaffs2 mtd@system /system
  120.     mount yaffs2 mtd@system /system ro remount
  121.     mount yaffs2 mtd@userdata /data nosuid nodev
  122.     mount yaffs2 mtd@cache /cache nosuid nodev
  123.  
  124. on post-fs
  125.     # once everything is setup, no need to modify /
  126.     mount rootfs rootfs / ro remount
  127.  
  128.     # We chown/chmod /cache again so because mount is run as root + defaults
  129.     chown system cache /cache
  130.     chmod 0770 /cache
  131.  
  132.     # This may have been created by the recovery system with odd permissions
  133.     chown system cache /cache/recovery
  134.     chmod 0770 /cache/recovery
  135.  
  136.     #change permissions on vmallocinfo so we can grab it from bugreports
  137.     chown root log /proc/vmallocinfo
  138.     chmod 0440 /proc/vmallocinfo
  139.  
  140.     #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
  141.     chown root system /proc/kmsg
  142.     chmod 0440 /proc/kmsg
  143.     chown root system /proc/sysrq-trigger
  144.     chmod 0220 /proc/sysrq-trigger
  145.  
  146.     # create the lost+found directories, so as to enforce our permissions
  147.     mkdir /cache/lost+found 0770 root root
  148.  
  149. on post-fs-data
  150.     # We chown/chmod /data again so because mount is run as root + defaults
  151.     chown system system /data
  152.     chmod 0771 /data
  153.  
  154.     # Create dump dir and collect dumps.
  155.     # Do this before we mount cache so eventually we can use cache for
  156.     # storing dumps on platforms which do not have a dedicated dump partition.
  157.     mkdir /data/dontpanic 0750 root log
  158.  
  159.     # Collect apanic data, free resources and re-arm trigger
  160.     copy /proc/apanic_console /data/dontpanic/apanic_console
  161.     chown root log /data/dontpanic/apanic_console
  162.     chmod 0640 /data/dontpanic/apanic_console
  163.  
  164.     copy /proc/apanic_threads /data/dontpanic/apanic_threads
  165.     chown root log /data/dontpanic/apanic_threads
  166.     chmod 0640 /data/dontpanic/apanic_threads
  167.  
  168.     write /proc/apanic_console 1
  169.  
  170.     # create basic filesystem structure
  171.     mkdir /data/misc 01771 system misc
  172.     mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
  173.     mkdir /data/misc/bluetooth 0770 system system
  174.     mkdir /data/misc/keystore 0700 keystore keystore
  175.     mkdir /data/misc/keychain 0771 system system
  176.     mkdir /data/misc/vpn 0770 system vpn
  177.     mkdir /data/misc/systemkeys 0700 system system
  178.     # give system access to wpa_supplicant.conf for backup and restore
  179.     mkdir /data/misc/wifi 0770 wifi wifi
  180.     chmod 0660 /data/misc/wifi/wpa_supplicant.conf
  181.     mkdir /data/local 0751 root root
  182.  
  183.     # For security reasons, /data/local/tmp should always be empty.
  184.     # Do not place files or directories in /data/local/tmp
  185.     mkdir /data/local/tmp 0771 shell shell
  186.     mkdir /data/data 0771 system system
  187.     mkdir /data/app-private 0771 system system
  188.     mkdir /data/app-asec 0700 root root
  189.     mkdir /data/app 0771 system system
  190.     mkdir /data/property 0700 root root
  191.     mkdir /data/ssh 0750 root shell
  192.     mkdir /data/ssh/empty 0700 root root
  193.  
  194.     # create dalvik-cache, so as to enforce our permissions
  195.     mkdir /data/dalvik-cache 0771 system system
  196.  
  197.     # create resource-cache and double-check the perms
  198.     mkdir /data/resource-cache 0771 system system
  199.     chown system system /data/resource-cache
  200.     chmod 0771 /data/resource-cache
  201.  
  202.     # create the lost+found directories, so as to enforce our permissions
  203.     mkdir /data/lost+found 0770 root root
  204.  
  205.     # create directory for DRM plug-ins - give drm the read/write access to
  206.     # the following directory.
  207.     mkdir /data/drm 0770 drm drm
  208.  
  209.     # If there is no fs-post-data action in the init.<device>.rc file, you
  210.     # must uncomment this line, otherwise encrypted filesystems
  211.     # won't work.
  212.     # Set indication (checked by vold) that we have finished this action
  213.     #setprop vold.post_fs_data_done 1
  214.  
  215. on boot
  216. # basic network init
  217.     ifup lo
  218.     hostname localhost
  219.     domainname localdomain
  220.  
  221. # set RLIMIT_NICE to allow priorities from 19 to -20
  222.     setrlimit 13 40 40
  223.  
  224. # Memory management.  Basic kernel parameters, and allow the high
  225. # level system server to be able to adjust the kernel OOM driver
  226. # parameters to match how it is managing things.
  227.     write /proc/sys/vm/overcommit_memory 1
  228.     write /proc/sys/vm/min_free_order_shift 4
  229.     chown root system /sys/module/lowmemorykiller/parameters/adj
  230.     chmod 0664 /sys/module/lowmemorykiller/parameters/adj
  231.     chown root system /sys/module/lowmemorykiller/parameters/minfree
  232.     chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
  233.  
  234.     # Tweak background writeout
  235.     write /proc/sys/vm/dirty_expire_centisecs 200
  236.     write /proc/sys/vm/dirty_background_ratio  5
  237.  
  238.     # Permissions for System Server and daemons.
  239.     chown radio system /sys/android_power/state
  240.     chown radio system /sys/android_power/request_state
  241.     chown radio system /sys/android_power/acquire_full_wake_lock
  242.     chown radio system /sys/android_power/acquire_partial_wake_lock
  243.     chown radio system /sys/android_power/release_wake_lock
  244.     chown system system /sys/power/state
  245.     chown system system /sys/power/wakeup_count
  246.     chown radio system /sys/power/wake_lock
  247.     chown radio system /sys/power/wake_unlock
  248.     chmod 0660 /sys/power/state
  249.     chmod 0660 /sys/power/wake_lock
  250.     chmod 0660 /sys/power/wake_unlock
  251.  
  252.     chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
  253.     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
  254.     chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
  255.     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
  256.     chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
  257.     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
  258.     chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
  259.     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
  260.     chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
  261.     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
  262.     chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
  263.     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
  264.     chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
  265.     chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
  266.     chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
  267.  
  268.     # Assume SMP uses shared cpufreq policy for all CPUs
  269.     chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
  270.     chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
  271.  
  272.     chown system system /sys/class/timed_output/vibrator/enable
  273.     chown system system /sys/class/leds/keyboard-backlight/brightness
  274.     chown system system /sys/class/leds/lcd-backlight/brightness
  275.     chown system system /sys/class/leds/button-backlight/brightness
  276.     chown system system /sys/class/leds/jogball-backlight/brightness
  277.     chown system system /sys/class/leds/red/brightness
  278.     chown system system /sys/class/leds/green/brightness
  279.     chown system system /sys/class/leds/blue/brightness
  280.     chown system system /sys/class/leds/red/device/grpfreq
  281.     chown system system /sys/class/leds/red/device/grppwm
  282.     chown system system /sys/class/leds/red/device/blink
  283.     chown system system /sys/class/leds/red/brightness
  284.     chown system system /sys/class/leds/green/brightness
  285.     chown system system /sys/class/leds/blue/brightness
  286.     chown system system /sys/class/leds/red/device/grpfreq
  287.     chown system system /sys/class/leds/red/device/grppwm
  288.     chown system system /sys/class/leds/red/device/blink
  289.     chown system system /sys/class/timed_output/vibrator/enable
  290.     chown system system /sys/module/sco/parameters/disable_esco
  291.     chown system system /sys/kernel/ipv4/tcp_wmem_min
  292.     chown system system /sys/kernel/ipv4/tcp_wmem_def
  293.     chown system system /sys/kernel/ipv4/tcp_wmem_max
  294.     chown system system /sys/kernel/ipv4/tcp_rmem_min
  295.     chown system system /sys/kernel/ipv4/tcp_rmem_def
  296.     chown system system /sys/kernel/ipv4/tcp_rmem_max
  297.     chown root radio /proc/cmdline
  298.  
  299. # Define TCP buffer sizes for various networks
  300. #   ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
  301.     setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
  302.     setprop net.tcp.buffersize.wifi    524288,1048576,2097152,262144,524288,1048576
  303.     setprop net.tcp.buffersize.lte     524288,1048576,2097152,262144,524288,1048576
  304.     setprop net.tcp.buffersize.umts    4094,87380,110208,4096,16384,110208
  305.     setprop net.tcp.buffersize.hspa    4094,87380,262144,4096,16384,262144
  306.     setprop net.tcp.buffersize.edge    4093,26280,35040,4096,16384,35040
  307.     setprop net.tcp.buffersize.gprs    4092,8760,11680,4096,8760,11680
  308.  
  309. # Set this property so surfaceflinger is not started by system_init
  310.     setprop system_init.startsurfaceflinger 0
  311.  
  312.     class_start core
  313.     class_start main
  314.  
  315. on nonencrypted
  316.     class_start late_start
  317.  
  318. on charger
  319.     class_start charger
  320.  
  321. on property:vold.decrypt=trigger_reset_main
  322.     class_reset main
  323.  
  324. on property:vold.decrypt=trigger_load_persist_props
  325.     load_persist_props
  326.  
  327. on property:vold.decrypt=trigger_post_fs_data
  328.     trigger post-fs-data
  329.  
  330. on property:vold.decrypt=trigger_restart_min_framework
  331.     class_start main
  332.  
  333. on property:vold.decrypt=trigger_restart_framework
  334.     class_start main
  335.     class_start late_start
  336.  
  337. on property:vold.decrypt=trigger_shutdown_framework
  338.     class_reset late_start
  339.     class_reset main
  340.  
  341. ## Daemon processes to be run by init.
  342. ##
  343. service ueventd /sbin/ueventd
  344.     class core
  345.     critical
  346.  
  347. service console /system/bin/sh
  348.     class core
  349.     console
  350.     disabled
  351.     user shell
  352.     group log
  353.  
  354. on property:ro.debuggable=1
  355.     start console
  356.  
  357. # adbd is controlled via property triggers in init.<platform>.usb.rc
  358. service adbd /sbin/adbd
  359.     class core
  360.     disabled
  361.  
  362. # adbd on at boot in emulator
  363. on property:ro.kernel.qemu=1
  364.     start adbd
  365.  
  366. service servicemanager /system/bin/servicemanager
  367.     class core
  368.     user system
  369.     group system
  370.     critical
  371.     onrestart restart zygote
  372.     onrestart restart media
  373.     onrestart restart surfaceflinger
  374.     onrestart restart drm
  375.  
  376. service vold /system/bin/vold
  377.     class core
  378.     socket vold stream 0660 root mount
  379.     ioprio be 2
  380.  
  381. service netd /system/bin/netd
  382.     class main
  383.     socket netd stream 0660 root system
  384.     socket dnsproxyd stream 0660 root inet
  385.     socket mdns stream 0660 root system
  386.  
  387. service debuggerd /system/bin/debuggerd
  388.     class main
  389.  
  390. service ril-daemon /system/bin/rild
  391.     class main
  392.     socket rild stream 660 root radio
  393.     socket rild-debug stream 660 radio system
  394.     user root
  395.     group radio cache inet misc audio sdcard_rw log
  396.  
  397. service surfaceflinger /system/bin/surfaceflinger
  398.     class main
  399.     user system
  400.     group graphics
  401.     onrestart restart zygote
  402.  
  403. service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
  404.     class main
  405.     socket zygote stream 660 root system
  406.     onrestart write /sys/android_power/request_state wake
  407.     onrestart write /sys/power/state on
  408.     onrestart restart media
  409.     onrestart restart netd
  410.  
  411. service drm /system/bin/drmserver
  412.     class main
  413.     user drm
  414.     group drm system inet drmrpc sdcard_r
  415.  
  416. service media /system/bin/mediaserver
  417.     class main
  418.     user media
  419.     group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc
  420.     ioprio rt 4
  421.  
  422. service bootanim /system/bin/bootanimation
  423.     class main
  424.     user graphics
  425.     group graphics
  426.     disabled
  427.     oneshot
  428.  
  429. service dbus /system/bin/dbus-daemon --system --nofork
  430.     class main
  431.     socket dbus stream 660 bluetooth bluetooth
  432.     user bluetooth
  433.     group bluetooth net_bt_admin
  434.  
  435. service bluetoothd /system/bin/bluetoothd -n
  436.     class main
  437.     socket bluetooth stream 660 bluetooth bluetooth
  438.     socket dbus_bluetooth stream 660 bluetooth bluetooth
  439.     # init.rc does not yet support applying capabilities, so run as root and
  440.     # let bluetoothd drop uid to bluetooth with the right linux capabilities
  441.     group bluetooth net_bt_admin misc
  442.     disabled
  443.  
  444. service installd /system/bin/installd
  445.     class main
  446.     socket installd stream 600 system system
  447.  
  448. service flash_recovery /system/etc/install-recovery.sh
  449.     class main
  450.     oneshot
  451.  
  452. service racoon /system/bin/racoon
  453.     class main
  454.     socket racoon stream 600 system system
  455.     # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
  456.     group vpn net_admin inet
  457.     disabled
  458.     oneshot
  459.  
  460. service mtpd /system/bin/mtpd
  461.     class main
  462.     socket mtpd stream 600 system system
  463.     user vpn
  464.     group vpn net_admin inet net_raw
  465.     disabled
  466.     oneshot
  467.  
  468. service keystore /system/bin/keystore /data/misc/keystore
  469.     class main
  470.     user keystore
  471.     group keystore drmrpc
  472.     socket keystore stream 666
  473.  
  474. service dumpstate /system/bin/dumpstate -s
  475.     class main
  476.     socket dumpstate stream 0660 shell log
  477.     disabled
  478.     oneshot
  479.  
  480. service sshd /system/bin/start-ssh
  481.     class main
  482.     disabled
  483.  
  484. service mdnsd /system/bin/mdnsd
  485.     class main
  486.     user mdnsr
  487.     group inet net_raw
  488.     socket mdnsd stream 0660 mdnsr inet
  489.     disabled
  490.     oneshot
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!