1157 lines
40 KiB
Plaintext
Executable File
1157 lines
40 KiB
Plaintext
Executable File
# Copyright (c) 2013, The Linux Foundation. All rights reserved.
|
|
# Not a Contribution.
|
|
#
|
|
# Copyright (C) 2012 The Android Open Source Project
|
|
#
|
|
# IMPORTANT: Do not create world writable files or directories.
|
|
# This is a common source of Android security bugs.
|
|
#
|
|
|
|
import /init.environ.rc
|
|
import /init.usb.rc
|
|
import /init.${ro.hardware}.rc
|
|
import /init.trace.rc
|
|
import /init.carrier.rc
|
|
import /init.container.rc
|
|
|
|
on early-init
|
|
# Set init and its forked children's oom_adj.
|
|
write /proc/1/oom_adj -16
|
|
|
|
# Set the security context for the init process.
|
|
# This should occur before anything else (e.g. ueventd) is started.
|
|
setcon u:r:init:s0
|
|
|
|
start ueventd
|
|
|
|
# Configure SEAndroid booleans and enforcing mode
|
|
setsebool debugfs 1
|
|
|
|
# create mountpoints
|
|
mkdir /mnt 0775 root system
|
|
|
|
on init
|
|
|
|
sysclktz 0
|
|
|
|
loglevel 3
|
|
|
|
# Vibetonz
|
|
export VIBE_PIPE_PATH /dev/pipes
|
|
mkdir /dev/pipes 0771 vibe vibe
|
|
restorecon /dev/pipes
|
|
# for audit message
|
|
chown system system /proc/avc_msg
|
|
chmod 0660 /proc/avc_msg
|
|
|
|
# Backward compatibility
|
|
symlink /system/etc /etc
|
|
symlink /sys/kernel/debug /d
|
|
|
|
# Right now vendor lives on the same filesystem as system,
|
|
# but someday that may change.
|
|
symlink /system/vendor /vendor
|
|
|
|
# Create cgroup mount point for cpu accounting
|
|
mkdir /acct
|
|
mount cgroup none /acct cpuacct
|
|
mkdir /acct/uid
|
|
|
|
# Create cgroup mount point for memory
|
|
mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
|
|
mkdir /sys/fs/cgroup/memory 0750 root system
|
|
mount cgroup none /sys/fs/cgroup/memory memory
|
|
write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
|
|
chown root system /sys/fs/cgroup/memory/tasks
|
|
chmod 0660 /sys/fs/cgroup/memory/tasks
|
|
mkdir /sys/fs/cgroup/memory/sw 0750 root system
|
|
write /sys/fs/cgroup/memory/sw/memory.swappiness 100
|
|
write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
|
|
chown root system /sys/fs/cgroup/memory/sw/tasks
|
|
chmod 0660 /sys/fs/cgroup/memory/sw/tasks
|
|
|
|
mkdir /system
|
|
mkdir /data 0771 system system
|
|
mkdir /cache 0770 system cache
|
|
mkdir /config 0500 root root
|
|
mkdir /efs 0771 system radio
|
|
|
|
# See storage config details at http://source.android.com/tech/storage/
|
|
mkdir /mnt/shell 0750 shell shell
|
|
mkdir /mnt/media_rw 0700 media_rw media_rw
|
|
mkdir /storage 0751 root sdcard_r
|
|
|
|
# Directory for putting things only root should see.
|
|
mkdir /mnt/secure 0700 root root
|
|
# Create private mountpoint so we can MS_MOVE from staging
|
|
mount tmpfs tmpfs /mnt/secure mode=0700,uid=0,gid=0
|
|
|
|
# Directory for staging bindmounts
|
|
mkdir /mnt/secure/staging 0700 root root
|
|
restorecon -R /mnt/secure/staging
|
|
|
|
# Directory-target for where the secure container
|
|
# imagefile directory will be bind-mounted
|
|
mkdir /mnt/secure/asec 0700 root root
|
|
mount tmpfs tmpfs /mnt/secure/asec mode=0700,uid=0,gid=0
|
|
restorecon -R /mnt/secure/asec
|
|
|
|
# Secure container public mount points.
|
|
mkdir /mnt/asec 0700 root system
|
|
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
|
|
restorecon -R /mnt/asec
|
|
|
|
# Filesystem image public mount points.
|
|
mkdir /mnt/obb 0700 root system
|
|
mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
|
|
restorecon -R /mnt/obb
|
|
|
|
write /proc/sys/kernel/panic_on_oops 1
|
|
write /proc/sys/kernel/hung_task_timeout_secs 0
|
|
write /proc/cpu/alignment 4
|
|
write /proc/sys/kernel/sched_latency_ns 10000000
|
|
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
|
|
write /proc/sys/kernel/sched_compat_yield 1
|
|
write /proc/sys/kernel/sched_child_runs_first 0
|
|
write /proc/sys/kernel/randomize_va_space 2
|
|
write /proc/sys/kernel/kptr_restrict 2
|
|
write /proc/sys/kernel/dmesg_restrict 1
|
|
write /proc/sys/vm/mmap_min_addr 32768
|
|
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
|
|
write /proc/sys/kernel/sched_rt_runtime_us 950000
|
|
write /proc/sys/kernel/sched_rt_period_us 1000000
|
|
|
|
# Create cgroup mount points for process groups
|
|
mkdir /dev/cpuctl
|
|
mount cgroup none /dev/cpuctl cpu
|
|
chown system system /dev/cpuctl
|
|
chown system system /dev/cpuctl/tasks
|
|
chmod 0660 /dev/cpuctl/tasks
|
|
write /dev/cpuctl/cpu.shares 1024
|
|
write /dev/cpuctl/cpu.rt_runtime_us 950000
|
|
write /dev/cpuctl/cpu.rt_period_us 1000000
|
|
|
|
mkdir /dev/cpuctl/apps
|
|
chown system system /dev/cpuctl/apps/tasks
|
|
chmod 0666 /dev/cpuctl/apps/tasks
|
|
write /dev/cpuctl/apps/cpu.shares 1024
|
|
write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
|
|
write /dev/cpuctl/apps/cpu.rt_period_us 1000000
|
|
|
|
mkdir /dev/cpuctl/apps/bg_non_interactive
|
|
chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
|
|
chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
|
|
# 5.0 %
|
|
write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
|
|
write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
|
|
write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
|
|
|
|
# qtaguid will limit access to specific data based on group memberships.
|
|
# net_bw_acct grants impersonation of socket owners.
|
|
# net_bw_stats grants access to other apps' detailed tagged-socket stats.
|
|
chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
|
|
chown root net_bw_stats /proc/net/xt_qtaguid/stats
|
|
|
|
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
|
|
# This is needed by any process that uses socket tagging.
|
|
chmod 0644 /dev/xt_qtaguid
|
|
|
|
# Create location for fs_mgr to store abbreviated output from filesystem
|
|
# checker programs.
|
|
mkdir /dev/fscklogs 0770 root system
|
|
|
|
# To sync between sdcard & installd
|
|
setprop installd.sdcard_manipulate_done 0
|
|
|
|
on post-fs
|
|
# once everything is setup, no need to modify /
|
|
mount rootfs rootfs / ro remount
|
|
# mount shared so changes propagate into child namespaces
|
|
mount rootfs rootfs / shared rec
|
|
mount tmpfs tmpfs /mnt/secure private rec
|
|
mount tmpfs tmpfs /mnt/secure/asec shared rec
|
|
|
|
# We chown/chmod /cache again so because mount is run as root + defaults
|
|
chown system cache /cache
|
|
chmod 0770 /cache
|
|
# We restorecon /cache in case the cache partition has been reset.
|
|
restorecon /cache
|
|
|
|
# This may have been created by the recovery system with odd permissions
|
|
chown system cache /cache/recovery
|
|
chmod 0770 /cache/recovery
|
|
# This may have been created by the recovery system with the wrong context.
|
|
restorecon /cache/recovery
|
|
|
|
#change permissions on vmallocinfo so we can grab it from bugreports
|
|
chown root log /proc/vmallocinfo
|
|
chmod 0440 /proc/vmallocinfo
|
|
|
|
chown root log /proc/slabinfo
|
|
chmod 0440 /proc/slabinfo
|
|
|
|
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
|
|
chown root system /proc/kmsg
|
|
chmod 0440 /proc/kmsg
|
|
chown root system /proc/sysrq-trigger
|
|
chmod 0220 /proc/sysrq-trigger
|
|
chown system log /proc/last_kmsg
|
|
chmod 0440 /proc/last_kmsg
|
|
|
|
# create the lost+found directories, so as to enforce our permissions
|
|
mkdir /cache/lost+found 0770 root root
|
|
restorecon /cache/lost+found
|
|
|
|
on post-fs-data
|
|
# Reload SE Android Policy
|
|
setprop selinux.reload_policy 1
|
|
|
|
# We chown/chmod /data again so because mount is run as root + defaults
|
|
chown system system /data
|
|
chmod 0771 /data
|
|
# We restorecon /data in case the userdata partition has been reset.
|
|
restorecon /data
|
|
|
|
# Avoid predictable entropy pool. Carry over entropy from previous boot.
|
|
copy /data/system/entropy.dat /dev/urandom
|
|
|
|
# Create dump dir and collect dumps.
|
|
# Do this before we mount cache so eventually we can use cache for
|
|
# storing dumps on platforms which do not have a dedicated dump partition.
|
|
mkdir /data/dontpanic 0750 root log
|
|
|
|
# Collect apanic data, free resources and re-arm trigger
|
|
copy /proc/apanic_console /data/dontpanic/apanic_console
|
|
chown root log /data/dontpanic/apanic_console
|
|
chmod 0640 /data/dontpanic/apanic_console
|
|
|
|
copy /proc/apanic_threads /data/dontpanic/apanic_threads
|
|
chown root log /data/dontpanic/apanic_threads
|
|
chmod 0640 /data/dontpanic/apanic_threads
|
|
|
|
write /proc/apanic_console 1
|
|
|
|
# create basic filesystem structure
|
|
mkdir /data/misc 01771 system misc
|
|
mkdir /data/misc/audit 02775 audit system
|
|
mkdir /data/misc/adb 02750 system shell
|
|
mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
|
|
mkdir /data/misc/bluetooth 0770 system system
|
|
mkdir /data/misc/keystore 0700 keystore keystore
|
|
mkdir /data/misc/keychain 0771 system system
|
|
mkdir /data/misc/radio 0771 system radio
|
|
mkdir /data/misc/sms 0770 system radio
|
|
mkdir /data/misc/zoneinfo 0775 system system
|
|
mkdir /data/misc/vpn 0770 system vpn
|
|
mkdir /data/misc/systemkeys 0700 system system
|
|
# give system access to wpa_supplicant.conf for backup and restore
|
|
mkdir /data/misc/wifi 0770 wifi wifi
|
|
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
|
|
mkdir /data/local 0751 root root
|
|
mkdir /data/misc/media 0700 media media
|
|
|
|
# icd
|
|
check_icd
|
|
chown system system /dev/icd
|
|
chmod 0644 /dev/icd
|
|
chown system system /dev/icdr
|
|
chmod 0644 /dev/icdr
|
|
chown system system /dev/tzic
|
|
|
|
#SideSync
|
|
chown system system /dev/android_ssusbcon
|
|
chmod 0660 /dev/android_ssusbcon
|
|
|
|
# For security reasons, /data/local/tmp should always be empty.
|
|
# Do not place files or directories in /data/local/tmp
|
|
mkdir /data/local/tmp 0771 shell shell
|
|
mkdir /data/data 0771 system system
|
|
mkdir /data/app-private 0771 system system
|
|
mkdir /data/app-asec 0700 root root
|
|
mkdir /data/app-lib 0771 system system
|
|
mkdir /data/app 0771 system system
|
|
mkdir /data/property 0700 root root
|
|
mkdir /data/ssh 0750 root shell
|
|
mkdir /data/ssh/empty 0700 root root
|
|
mkdir /data/system 0775 system system
|
|
mkdir /data/system/container 0700 system system
|
|
restorecon -R /data/system
|
|
|
|
# SA, System SW, SAMSUNG create log directory
|
|
mkdir /data/log 0775 system log
|
|
chown system log /data/log
|
|
mkdir /data/anr 0775 system system
|
|
chown system system /data/anr
|
|
chmod 0775 /data/log
|
|
chmod 0775 /data/anr
|
|
restorecon /data/log
|
|
restorecon /data/anr
|
|
|
|
# create dalvik-cache, so as to enforce our permissions
|
|
mkdir /data/dalvik-cache 0771 system system
|
|
|
|
# create resource-cache and double-check the perms
|
|
mkdir /data/resource-cache 0771 system system
|
|
chown system system /data/resource-cache
|
|
chmod 0771 /data/resource-cache
|
|
|
|
# create the lost+found directories, so as to enforce our permissions
|
|
mkdir /data/lost+found 0770 root root
|
|
restorecon /data/lost+found
|
|
|
|
# create directory for DRM plug-ins - give drm the read/write access to
|
|
# the following directory.
|
|
mkdir /data/drm 0770 drm drm
|
|
|
|
# create directory for MediaDrm plug-ins - give drm the read/write access to
|
|
# the following directory.
|
|
mkdir /data/mediadrm 0770 mediadrm mediadrm
|
|
|
|
# DRK permission
|
|
mkdir /efs/prov_data 700 system system
|
|
mkdir /efs/prov 0770 radio system
|
|
chown radio system /efs/prov/libdevkm.lock
|
|
chmod 0660 /efs/prov/libdevkm.lock
|
|
|
|
#drm permission
|
|
mkdir /efs/drm 0774 drm system
|
|
|
|
#h2k permission
|
|
chmod 0644 /efs/redata.bin
|
|
chown radio radio /efs/h2k.dat
|
|
chmod 0644 /efs/h2k.dat
|
|
chown system system /efs/drm/h2k
|
|
|
|
# [ SEC_MM_DRM
|
|
# sdrm
|
|
mkdir /efs/drm 0774 drm system
|
|
mkdir /efs/drm/sdrm 0774 drm system
|
|
mkdir /efs/drm/sdrm/data_agent 0774 drm system
|
|
mkdir /efs/drm/playready 0775 drm system
|
|
restorecon /efs/drm
|
|
restorecon /efs/drm/sdrm
|
|
restorecon /efs/drm/data_agent
|
|
|
|
# DRM directory creation
|
|
mkdir /system/etc/security/.drm 0775
|
|
chown root root /system/etc/security/.drm
|
|
chmod 0775 /system/etc/security/.drm
|
|
|
|
# Added for Playready DRM Support
|
|
mkdir /data/data/.drm 0775
|
|
chown drm system /data/data/.drm
|
|
chmod 0775 /data/data/.drm
|
|
mkdir /data/data/.drm/.playready 0775
|
|
chown drm system /data/data/.drm/.playready
|
|
chmod 0775 /data/data/.drm/.playready
|
|
|
|
# Added drm folder to copy drm plugins
|
|
mkdir /system/lib/drm 0775
|
|
chown root root /system/lib/drm
|
|
chmod 0775 /system/lib/drm
|
|
|
|
# DivX DRM
|
|
mkdir /efs/.files 0775
|
|
mkdir /efs/.files/.dx1 0775
|
|
mkdir /efs/.files/.dm33 0775
|
|
mkdir /efs/.files/.mp301 0775
|
|
chown media system /efs/.files/.dx1
|
|
chown media system /efs/.files/.dm33
|
|
chown media system /efs/.files/.mp301
|
|
chmod 0775 /efs/.files/.dx1
|
|
chmod 0775 /efs/.files/.dm33
|
|
chmod 0775 /efs/.files/.mp301
|
|
|
|
restorecon -R /efs
|
|
# ]
|
|
|
|
# MTP device permission
|
|
chmod 0660 /dev/usb_mtp_gadget
|
|
chown system mtp /dev/usb_mtp_gadget
|
|
mkdir /dev/socket/mtp 0770 system mtp
|
|
|
|
# symlink to bugreport storage location
|
|
symlink /data/data/com.android.shell/files/bugreports /data/bugreports
|
|
|
|
# Separate location for storing security policy files on data
|
|
mkdir /data/security 0700 system system
|
|
mkdir /data/security/spota 0700 system system
|
|
mkdir /data/security/booleans 0711 system system
|
|
mkdir /data/security/good 0700 system system
|
|
mkdir /data/security/stig 0700 system system
|
|
mkdir /data/security/booleans 0711 system system
|
|
mkdir /data/security/mycontainer 0700 system system
|
|
|
|
# If there is no fs-post-data action in the init.<device>.rc file, you
|
|
# must uncomment this line, otherwise encrypted filesystems
|
|
# won't work.
|
|
# Set indication (checked by vold) that we have finished this action
|
|
#setprop vold.post_fs_data_done 1
|
|
|
|
# Permissions for Camera
|
|
chown system radio /sys/class/camera/rear/rear_camfw
|
|
chown system radio /sys/class/camera/rear/rear_camtype
|
|
chown system media_rw /sys/class/camera/rear/rear_checkApp
|
|
chown system radio /sys/class/camera/flash/rear_flash
|
|
chmod 664 /sys/class/camera/flash/rear_flash
|
|
#D2 Assistive Light - Start
|
|
chown system radio /sys/class/camera/rear/rear_flash
|
|
chmod 664 /sys/class/camera/rear/rear_flash
|
|
#D2 Assistive Light - End
|
|
chown system radio /sys/class/camera/front/front_camfw
|
|
chown system radio /sys/class/camera/front/front_camtype
|
|
|
|
# Permissions for svc led
|
|
chown system system /sys/class/sec/led/led_r
|
|
chown system system /sys/class/sec/led/led_g
|
|
chown system system /sys/class/sec/led/led_b
|
|
chown system system /sys/class/sec/led/led_pattern
|
|
chown system system /sys/class/sec/led/led_blink
|
|
chown system system /sys/class/sec/led/led_lowpower
|
|
|
|
on boot
|
|
|
|
# reset_reason
|
|
chown system system /proc/reset_reason
|
|
chmod 0600 /proc/reset_reason
|
|
|
|
# Mobicore
|
|
mkdir /data/app/mcRegistry 0775 system system
|
|
|
|
# Vibetonz
|
|
chmod 0660 /dev/tspdrv
|
|
chown vibe vibe /dev/tspdrv
|
|
|
|
# volume up/down key
|
|
chown radio system /sys/class/sec/sec_key/wakeup_keys
|
|
|
|
# basic network init
|
|
ifup lo
|
|
hostname localhost
|
|
domainname localdomain
|
|
|
|
# set RLIMIT_NICE to allow priorities from 19 to -20
|
|
setrlimit 13 40 40
|
|
|
|
# Memory management. Basic kernel parameters, and allow the high
|
|
# level system server to be able to adjust the kernel OOM driver
|
|
# parameters to match how it is managing things.
|
|
write /proc/sys/vm/overcommit_memory 1
|
|
write /proc/sys/vm/min_free_order_shift 4
|
|
chown root system /sys/module/lowmemorykiller/parameters/adj
|
|
chmod 0664 /sys/module/lowmemorykiller/parameters/adj
|
|
chown root system /sys/module/lowmemorykiller/parameters/minfree
|
|
chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
|
|
|
|
# Tweak background writeout
|
|
write /proc/sys/vm/dirty_expire_centisecs 200
|
|
write /proc/sys/vm/dirty_background_ratio 5
|
|
|
|
# Permissions for System Server and daemons.
|
|
chown radio system /sys/android_power/state
|
|
chown radio system /sys/android_power/request_state
|
|
chown radio system /sys/android_power/acquire_full_wake_lock
|
|
chown radio system /sys/android_power/acquire_partial_wake_lock
|
|
chown radio system /sys/android_power/release_wake_lock
|
|
chown system system /sys/power/autosleep
|
|
chown system system /sys/power/state
|
|
chown system system /sys/power/wakeup_count
|
|
chown radio system /sys/power/wake_lock
|
|
chown radio system /sys/power/wake_unlock
|
|
chmod 0660 /sys/power/state
|
|
chmod 0660 /sys/power/wake_lock
|
|
chmod 0660 /sys/power/wake_unlock
|
|
|
|
# SEC DVFS sysfs node
|
|
chown radio system /sys/power/cpufreq_max_limit
|
|
chown radio system /sys/power/cpufreq_min_limit
|
|
chown radio system /sys/power/cpufreq_table
|
|
chown radio system /sys/class/kgsl/kgsl-3d0/max_pwrlevel
|
|
chown radio system /sys/class/kgsl/kgsl-3d0/min_pwrlevel
|
|
chown radio system /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
|
|
chown radio system /sys/class/kgsl/kgsl-3d0/fps
|
|
chown radio system /sys/class/kgsl/kgsl-3d0/max_fps
|
|
chmod 664 /sys/power/cpufreq_max_limit
|
|
chmod 664 /sys/power/cpufreq_min_limit
|
|
chmod 664 /sys/power/cpufreq_table
|
|
chmod 664 /sys/class/kgsl/kgsl-3d0/max_pwrlevel
|
|
chmod 664 /sys/class/kgsl/kgsl-3d0/min_pwrlevel
|
|
chmod 664 /sys/class/kgsl/kgsl-3d0/gpu_available_frequencies
|
|
|
|
chown radio system /sys/devices/system/cpu/kernel_max
|
|
chmod 664 /sys/devices/system/cpu/kernel_max
|
|
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
|
|
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
|
|
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
|
|
|
|
# Assume SMP uses shared cpufreq policy for all CPUs
|
|
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
|
|
chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
|
|
|
|
# MDNIE
|
|
chown system system /sys/class/mdnie/mdnie/lcdtype
|
|
chown system system /sys/class/mdnie/mdnie/lcd_power
|
|
chown system media_rw /sys/class/mdnie/mdnie/scenario
|
|
chown system system /sys/class/mdnie/mdnie/tuning
|
|
chown system media_rw /sys/class/mdnie/mdnie/outdoor
|
|
chown system system /sys/class/mdnie/mdnie/mdnie_temp
|
|
chown system system /sys/class/mdnie/mdnie/mode
|
|
chown system system /sys/class/mdnie/mdnie/negative
|
|
chown system media_rw /sys/class/mdnie/mdnie/playspeed
|
|
chown system system /sys/class/lcd/panel/window_type
|
|
chown radio system /sys/class/lcd/panel/power_reduce
|
|
chown system media_rw /sys/class/mdnie/mdnie/accessibility
|
|
chown system system /sys/class/mdnie/mdnie/cabc
|
|
chown radio system /sys/class/lcd/panel/siop_enable
|
|
chown radio system /sys/class/lcd/panel/temperature
|
|
|
|
# Adjust YUV to RGB Conversion
|
|
chown system media_rw /sys/class/graphics/fb0/csc_cfg
|
|
chmod 0660 /sys/class/graphics/fb0/csc_cfg
|
|
|
|
# Dynamic FPS
|
|
chown radio system /sys/class/lcd/panel/fps_change
|
|
chmod 0664 /sys/class/lcd/panel/fps_change
|
|
|
|
# Auto Brightness
|
|
chown system system /sys/class/backlight/panel/auto_brightness
|
|
chmod 0660 /sys/class/backlight/panel/auto_brightness
|
|
|
|
# Permission for Touchscreen, Touchkey.
|
|
chown radio system /sys/class/sec/sec_touchkey/touch_sensitivity
|
|
chown radio system /sys/class/sec/sec_touchkey/touchkey_firm_update
|
|
chown system radio /sys/class/sec/tsp/cmd
|
|
chown system radio /sys/class/sec/sec_touchkey/glove_mode
|
|
chown system radio /sys/class/sec/sec_touchkey/flip_mode
|
|
|
|
chown system system /sys/class/timed_output/vibrator/enable
|
|
chown system system /sys/class/leds/keyboard-backlight/brightness
|
|
chown system system /sys/class/leds/lcd-backlight/brightness
|
|
chown system system /sys/class/leds/button-backlight/brightness
|
|
chown system system /sys/class/leds/jogball-backlight/brightness
|
|
chown system system /sys/class/leds/red/brightness
|
|
chown system system /sys/class/leds/green/brightness
|
|
chown system system /sys/class/leds/blue/brightness
|
|
chown system system /sys/class/leds/red/device/grpfreq
|
|
chown system system /sys/class/leds/red/device/grppwm
|
|
chown system system /sys/class/leds/red/device/blink
|
|
chown system system /sys/class/timed_output/vibrator/enable
|
|
chown system system /sys/module/sco/parameters/disable_esco
|
|
chown system system /sys/kernel/ipv4/tcp_wmem_min
|
|
chown system system /sys/kernel/ipv4/tcp_wmem_def
|
|
chown system system /sys/kernel/ipv4/tcp_wmem_max
|
|
chown system system /sys/kernel/ipv4/tcp_rmem_min
|
|
chown system system /sys/kernel/ipv4/tcp_rmem_def
|
|
chown system system /sys/kernel/ipv4/tcp_rmem_max
|
|
chown root radio /proc/cmdline
|
|
|
|
# permission for CHARGING
|
|
chown system radio /sys/class/power_supply/battery/batt_reset_soc
|
|
chown system radio /sys/class/power_supply/battery/update
|
|
chown system radio /sys/class/power_supply/battery/factory_mode
|
|
chown system radio /sys/class/power_supply/battery/batt_slate_mode
|
|
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/call
|
|
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/video
|
|
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/music
|
|
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/browser
|
|
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/hotspot
|
|
chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/camera
|
|
chown system radio /sys/class/power_supply/battery/talk_wcdma
|
|
chown system radio /sys/class/power_supply/battery/talk_gsm
|
|
chown system radio /sys/class/power_supply/battery/call
|
|
chown system radio /sys/class/power_supply/battery/data_call
|
|
chown system radio /sys/class/power_supply/battery/gps
|
|
chown system radio /sys/class/power_supply/battery/wifi
|
|
chown system radio /sys/class/power_supply/battery/lte
|
|
chown system radio /sys/class/power_supply/battery/wc_enable
|
|
chown system radio /sys/class/power_supply/battery/lcd
|
|
chown system radio /sys/class/power_supply/battery/batt_temp_table
|
|
|
|
# Set these so we can remotely update SELinux policy
|
|
chown system system /sys/fs/selinux/load
|
|
chown system system /sys/fs/selinux/enforce
|
|
|
|
# Permissions for SSRM
|
|
chmod 0664 /sys/devices/platform/sec-thermistor/temperature
|
|
chmod 0664 /sys/class/power_supply/battery/siop_level
|
|
chmod 0664 /sys/class/power_supply/battery/test_charge_current
|
|
chown radio system /sys/devices/platform/sec-thermistor/temperature
|
|
chown radio system /sys/class/power_supply/battery/siop_level
|
|
chown radio system /sys/class/power_supply/battery/test_charge_current
|
|
|
|
#OTG Test
|
|
chown system radio /sys/class/host_notify/usb_otg/booster
|
|
chmod 0660 /sys/class/host_notify/usb_otg/booster
|
|
|
|
#FM Radio
|
|
chown system audio /dev/fmradio
|
|
chmod 660 /dev/fmradio
|
|
|
|
#Essential node for usbservice
|
|
mkdir /dev/bus/ 755 root root
|
|
mkdir /dev/bus/usb 755 root root
|
|
|
|
# <Sensors & NFC>
|
|
# Accelerometer_sensor
|
|
chown system radio /sys/class/sensors/accelerometer_sensor/raw_data
|
|
chown system radio /sys/class/sensors/accelerometer_sensor/calibration
|
|
chown system radio /sys/class/sensors/accelerometer_sensor/reactive_alert
|
|
chown system radio /sys/class/sensors/accelerometer_sensor/vendor
|
|
chown system radio /sys/class/sensors/accelerometer_sensor/name
|
|
# Grip_sensor
|
|
chown system radio /sys/class/sensors/grip_sensor/onoff
|
|
chown system radio /sys/class/sensors/grip_sensor/calibration
|
|
chown system radio /sys/class/sensors/grip_sensor/raw_data
|
|
chown system radio /sys/class/sensors/grip_sensor/offset
|
|
chown system radio /sys/class/sensors/grip_sensor/threshold
|
|
chown system radio /sys/class/sensors/grip_sensor/name
|
|
chown system radio /sys/class/sensors/grip_sensor/vendor
|
|
# Proximity_sensor
|
|
chown system radio /sys/class/sensors/proximity_sensor/state
|
|
chown system radio /sys/class/sensors/proximity_sensor/raw_data
|
|
chown system radio /sys/class/sensors/proximity_sensor/prox_avg
|
|
chown system radio /sys/class/sensors/proximity_sensor/prox_cal
|
|
chown system radio /sys/class/sensors/proximity_sensor/vendor
|
|
chown system radio /sys/class/sensors/proximity_sensor/name
|
|
chown system radio /sys/class/sensors/proximity_sensor/thresh_high
|
|
chown system radio /sys/class/sensors/proximity_sensor/thresh_low
|
|
chown system radio /sys/class/sensors/proximity_sensor/barcode_emul_en
|
|
# Light_sensor
|
|
chown system radio /sys/class/sensors/light_sensor/lux
|
|
chown system radio /sys/class/sensors/light_sensor/raw_data
|
|
chown system radio /sys/class/sensors/light_sensor/vendor
|
|
chown system radio /sys/class/sensors/light_sensor/name
|
|
# Gyro_sensor
|
|
chown system radio /sys/class/sensors/gyro_sensor/power_on
|
|
chown system radio /sys/class/sensors/gyro_sensor/power_off
|
|
chown system radio /sys/class/sensors/gyro_sensor/temperature
|
|
chown system radio /sys/class/sensors/gyro_sensor/selftest
|
|
chown system radio /sys/class/sensors/gyro_sensor/selftest_dps
|
|
chown system radio /sys/class/sensors/gyro_sensor/vendor
|
|
chown system radio /sys/class/sensors/gyro_sensor/name
|
|
# Barometer_sensor
|
|
chown system radio /sys/class/sensors/barometer_sensor/sea_level_pressure
|
|
chown system radio /sys/class/sensors/barometer_sensor/eeprom_check
|
|
chown system radio /sys/class/sensors/barometer_sensor/vendor
|
|
chown system radio /sys/class/sensors/barometer_sensor/name
|
|
chown system radio /sys/class/sensors/barometer_sensor/calibration
|
|
# Magnetic_sensor
|
|
# chown system radio /dev/akm8963
|
|
chown system radio /sys/class/sensors/magnetic_sensor/raw_data
|
|
chown system radio /sys/class/sensors/magnetic_sensor/vendor
|
|
chown system radio /sys/class/sensors/magnetic_sensor/name
|
|
# uv_sensor
|
|
chown system radio /sys/class/sensors/uv_sensor/vendor
|
|
chown system radio /sys/class/sensors/uv_sensor/name
|
|
chown system radio /sys/class/sensors/uv_sensor/raw_data
|
|
chown system radio /sys/class/sensors/uv_sensor/power_on
|
|
chown system radio /sys/class/sensors/uv_sensor/power_off
|
|
# Temphumidity_sensor
|
|
chown system radio /sys/class/sensors/temphumidity_sensor/vendor
|
|
chown system radio /sys/class/sensors/temphumidity_sensor/name
|
|
chown system radio /sys/class/sensors/temphumidity_sensor/engine_ver
|
|
chown system radio /sys/class/sensors/temphumidity_sensor/engine_ver2
|
|
chown system radio /sys/class/sensors/temphumidity_sensor/cp_thm
|
|
chown system radio /sys/class/sensors/temphumidity_sensor/send_accuracy
|
|
# SensorHub
|
|
chown system radio /sys/class/sensors/ssp_sensor/enable
|
|
chown system radio /sys/class/sensors/ssp_sensor/enable_irq
|
|
chown system radio /sys/class/sensors/ssp_sensor/mcu_rev
|
|
chown system radio /sys/class/sensors/ssp_sensor/mcu_name
|
|
chown system radio /sys/class/sensors/ssp_sensor/mcu_test
|
|
chown system radio /sys/class/sensors/ssp_sensor/mcu_reset
|
|
chown system radio /sys/class/sensors/ssp_sensor/mcu_update
|
|
chown system radio /sys/class/sensors/ssp_sensor/mcu_sleep_test
|
|
chown system radio /sys/class/sensors/ssp_sensor/ori_poll_delay
|
|
chown system radio /sys/class/sensors/ssp_sensor/mag_poll_delay
|
|
chown system radio /sys/class/sensors/ssp_sensor/temp_humi_poll_delay
|
|
# Gesture_sensor
|
|
chown system radio /sys/class/sensors/gesture_sensor/ir_current
|
|
chown system radio /sys/class/sensors/gesture_sensor/selftest
|
|
# Seac Jack
|
|
chown media system /sys/class/audio/earjack/reselect_jack
|
|
# IrLed
|
|
chmod 0660 /dev/ice4_dev
|
|
chown system system /dev/ice4_dev
|
|
|
|
# NFC_NXP
|
|
setprop ro.nfc.port "I2C"
|
|
chmod 0600 /dev/pn544
|
|
chown nfc nfc /dev/pn544
|
|
|
|
# NFC_BROADCOM
|
|
chmod 0600 /dev/bcm2079x
|
|
chown nfc nfc /dev/bcm2079x
|
|
mkdir /data/bcmnfc
|
|
mkdir /data/bcmnfc/param
|
|
chmod 0700 /data/bcmnfc
|
|
chmod 0700 /data/bcmnfc/param
|
|
chown nfc nfc /data/bcmnfc
|
|
chown nfc nfc /data/bcmnfc/param
|
|
|
|
# Permissions for Barcode Emul
|
|
chown system radio /sys/class/sec/sec_barcode_emul/barcode_send
|
|
chown system radio /sys/class/sec/sec_barcode_emul/barcode_ver_check
|
|
chown system radio /sys/class/sec/sec_barcode_emul/barcode_led_status
|
|
|
|
# IR_LED
|
|
chown system radio /sys/class/sec/sec_ir/ir_send
|
|
chown system radio /sys/class/sec/sec_ir/ir_send_result
|
|
|
|
# Permission for fast dormacy for RIL
|
|
chown system radio /sys/devices/virtual/sec/bamdmux/waketime
|
|
|
|
# Define TCP buffer sizes for various networks
|
|
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
|
|
setprop net.tcp.buffersize.default 4096,87380,704512,4096,16384,110208
|
|
setprop net.tcp.buffersize.wifi 524288,1048576,2560000,524288,1048576,2560000
|
|
setprop net.tcp.buffersize.lte 524288,1048576,2560000,524288,1048576,2560000
|
|
setprop net.tcp.buffersize.umts 4094,87380,704512,4096,16384,110208
|
|
setprop net.tcp.buffersize.hspa 4094,87380,704512,4096,16384,262144
|
|
setprop net.tcp.buffersize.hsupa 4094,87380,704512,4096,16384,262144
|
|
setprop net.tcp.buffersize.hsdpa 4094,87380,704512,4096,16384,262144
|
|
setprop net.tcp.buffersize.hspap 4094,87380,1220608,4096,16384,1220608
|
|
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
|
|
setprop net.tcp.buffersize.gprs 4092,30000,30000,4096,8760,11680
|
|
setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144
|
|
|
|
# Assign TCP buffer thresholds to be ceiling value of technology maximums
|
|
# Increased technology maximums should be reflected here.
|
|
write /proc/sys/net/core/rmem_max 1048576
|
|
write /proc/sys/net/core/wmem_max 2097152
|
|
|
|
write /sys/block/mmcblk0/queue/scheduler noop
|
|
|
|
class_start core
|
|
class_start main
|
|
|
|
on nonencrypted
|
|
class_start late_start
|
|
|
|
on charger
|
|
mount_all fstab.qcom
|
|
class_start charger
|
|
write /sys/devices/system/cpu/cpu1/online 1
|
|
write /sys/devices/system/cpu/cpu2/online 1
|
|
write /sys/devices/system/cpu/cpu3/online 1
|
|
write /sys/module/rpm_resources/enable_low_power/L2_cache 1
|
|
write /sys/module/rpm_resources/enable_low_power/pxo 1
|
|
write /sys/module/rpm_resources/enable_low_power/vdd_dig 1
|
|
write /sys/module/rpm_resources/enable_low_power/vdd_mem 1
|
|
write /sys/module/pm_8x60/modes/cpu0/power_collapse/suspend_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu1/power_collapse/suspend_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu2/power_collapse/suspend_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu3/power_collapse/suspend_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu0/standalone_power_collapse/suspend_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu1/standalone_power_collapse/suspend_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu2/standalone_power_collapse/suspend_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu3/standalone_power_collapse/suspend_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu0/standalone_power_collapse/idle_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu1/standalone_power_collapse/idle_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu2/standalone_power_collapse/idle_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu3/standalone_power_collapse/idle_enabled 1
|
|
write /sys/module/pm_8x60/modes/cpu0/power_collapse/idle_enabled 0
|
|
write /sys/module/pm_8x60/modes/cpu1/power_collapse/idle_enabled 0
|
|
write /sys/module/pm_8x60/modes/cpu2/power_collapse/idle_enabled 0
|
|
write /sys/module/pm_8x60/modes/cpu3/power_collapse/idle_enabled 0
|
|
write /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor "powersave"
|
|
write /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor "powersave"
|
|
write /sys/devices/system/cpu/cpu2/cpufreq/scaling_governor "powersave"
|
|
write /sys/devices/system/cpu/cpu3/cpufreq/scaling_governor "powersave"
|
|
write /sys/devices/system/cpu/cpu1/online 0
|
|
write /sys/devices/system/cpu/cpu2/online 0
|
|
write /sys/devices/system/cpu/cpu3/online 0
|
|
|
|
on property:vold.decrypt=trigger_reset_main
|
|
class_reset main
|
|
|
|
on property:vold.decrypt=trigger_load_persist_props
|
|
load_persist_props
|
|
|
|
on property:vold.decrypt=trigger_post_fs_data
|
|
trigger post-fs-data
|
|
|
|
on property:vold.decrypt=trigger_restart_min_framework
|
|
class_start main
|
|
|
|
on property:vold.decrypt=trigger_restart_framework
|
|
class_start main
|
|
class_start late_start
|
|
|
|
on property:vold.decrypt=trigger_shutdown_framework
|
|
class_reset late_start
|
|
class_reset main
|
|
|
|
on property:sys.powerctl=*
|
|
powerctl ${sys.powerctl}
|
|
|
|
# system server cannot write to /proc/sys files, so proxy it through init
|
|
on property:sys.sysctl.extra_free_kbytes=*
|
|
write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
|
|
|
|
## Daemon processes to be run by init.
|
|
##
|
|
service ueventd /sbin/ueventd
|
|
class core
|
|
critical
|
|
seclabel u:r:ueventd:s0
|
|
|
|
service healthd /sbin/healthd
|
|
class core
|
|
critical
|
|
seclabel u:r:healthd:s0
|
|
|
|
service lpm /system/bin/lpm
|
|
class charger
|
|
critical
|
|
|
|
service healthd-charger /sbin/healthd -n
|
|
class charger
|
|
critical
|
|
seclabel u:r:healthd:s0
|
|
|
|
# Reload SE Android Policy for MDM
|
|
on property:persist.security.mdm.policy=1
|
|
setprop selinux.reload_policy 1
|
|
|
|
on property:selinux.reload_policy=1
|
|
chown system system /sys/fs/selinux/enforce
|
|
chown -R system system /sys/fs/selinux/booleans
|
|
chown system system /sys/fs/selinux/commit_pending_bools
|
|
|
|
service console /system/bin/sh
|
|
class core
|
|
console
|
|
disabled
|
|
user shell
|
|
group log
|
|
|
|
## WTL_EDM_START
|
|
## EDM AuditLog
|
|
service edmaudit /system/bin/edmaudit
|
|
class main
|
|
user root
|
|
|
|
## WTL_EDM_END
|
|
|
|
service auditd /system/bin/auditd -k
|
|
class main
|
|
seclabel u:r:auditd:s0
|
|
disabled
|
|
oneshot
|
|
|
|
on property:ro.debuggable=1
|
|
start console
|
|
|
|
# adbd is controlled via property triggers in init.<platform>.usb.rc
|
|
service adbd /sbin/adbd
|
|
class core
|
|
socket adbd stream 660 system system
|
|
disabled
|
|
seclabel u:r:adbd:s0
|
|
|
|
# adbd on at boot in emulator
|
|
on property:ro.kernel.qemu=1
|
|
start adbd
|
|
|
|
service servicemanager /system/bin/servicemanager
|
|
class core
|
|
user system
|
|
group system
|
|
critical
|
|
onrestart restart healthd
|
|
onrestart restart zygote
|
|
onrestart restart media
|
|
onrestart restart surfaceflinger
|
|
onrestart restart drm
|
|
onrestart restart sensorhubservice
|
|
onrestart restart TvoutService_C
|
|
|
|
service vold /system/bin/vold
|
|
class core
|
|
socket vold stream 0660 root mount
|
|
ioprio be 2
|
|
socket dir_enc_report stream 0660 root mount
|
|
socket epm stream 0660 system system
|
|
|
|
service netd /system/bin/netd
|
|
class main
|
|
socket netd stream 0660 root system
|
|
socket dnsproxyd stream 0660 root inet
|
|
socket mdns stream 0660 root system
|
|
|
|
service debuggerd /system/bin/debuggerd
|
|
class main
|
|
|
|
# icd
|
|
service icd /system/bin/icd
|
|
class main
|
|
user system
|
|
group system log
|
|
onrestart check_icd
|
|
oneshot
|
|
|
|
service prepare_param /system/bin/prepare_param.sh /dev/block/platform/msm_sdcc.1/by-name/param
|
|
class main
|
|
user root
|
|
group root
|
|
seclabel u:r:prepare_param:s0
|
|
oneshot
|
|
|
|
service mobex-daemon /system/bin/npsmobex
|
|
class main
|
|
user system
|
|
group system radio inet sdcard_r sdcard_rw media_rw shell
|
|
|
|
service ril-daemon /system/bin/rild
|
|
class main
|
|
socket rild stream 660 root radio
|
|
socket rild-debug stream 660 radio system
|
|
user root
|
|
group radio cache inet misc audio log qcom_diag
|
|
|
|
service secril-daemon /system/bin/sec-ril
|
|
class main
|
|
user root
|
|
group radio cache inet misc audio sdcard_rw diag log
|
|
|
|
service DR-daemon /system/bin/ddexe
|
|
class main
|
|
user root
|
|
group system radio inet net_raw
|
|
|
|
service SMD-daemon /system/bin/smdexe
|
|
class main
|
|
user root
|
|
group system radio inet net_raw
|
|
|
|
service BCS-daemon /system/bin/connfwexe
|
|
class main
|
|
user root
|
|
group system radio inet net_raw
|
|
|
|
service SIDESYNC_service /system/bin/ss_conn_daemon
|
|
class main
|
|
socket ss_conn_daemon stream 0666 system system
|
|
user system
|
|
group inet net_raw
|
|
|
|
service at_distributor /system/bin/at_distributor
|
|
class late_start
|
|
user root
|
|
group radio log
|
|
|
|
service diag_uart_log /system/bin/diag_uart_log
|
|
class main
|
|
user root
|
|
group radio
|
|
|
|
service surfaceflinger /system/bin/surfaceflinger
|
|
class main
|
|
user system
|
|
group graphics drmrpc
|
|
onrestart restart zygote
|
|
onrestart restart gsiff_daemon
|
|
|
|
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
|
|
class main
|
|
socket zygote stream 660 root system
|
|
onrestart write /sys/android_power/request_state wake
|
|
onrestart write /sys/power/state on
|
|
onrestart restart media
|
|
onrestart restart netd
|
|
onrestart restart sensorhubservice
|
|
onrestart restart gsiff_daemon
|
|
|
|
service drm /system/bin/drmserver
|
|
class main
|
|
user drm
|
|
# [ SEC_MM_DRM
|
|
# fix
|
|
group system drm inet drmrpc sdcard_r sdcard_rw media_rw radio shell
|
|
# org
|
|
# group drm system inet drmrpc
|
|
# ]
|
|
|
|
service media /system/bin/mediaserver
|
|
class main
|
|
user media
|
|
group system audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm sdcard_rw sdcard_r media_rw shell qcom_diag lgt_gid
|
|
ioprio rt 4
|
|
|
|
service powersnd /system/bin/samsungpowersoundplay
|
|
class main
|
|
user media
|
|
group system
|
|
disabled
|
|
oneshot
|
|
|
|
service bootanim /system/bin/bootanimation
|
|
class main
|
|
user graphics
|
|
group graphics system
|
|
disabled
|
|
oneshot
|
|
|
|
service installd /system/bin/installd
|
|
class main
|
|
socket installd stream 600 system system
|
|
|
|
service flash_recovery /system/etc/install-recovery.sh
|
|
class main
|
|
seclabel u:r:flash_recovery:s0
|
|
oneshot
|
|
|
|
service racoon /system/bin/racoon
|
|
class main
|
|
socket racoon stream 600 system system
|
|
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
|
|
group vpn net_admin inet
|
|
disabled
|
|
oneshot
|
|
|
|
# Strongswan VPN
|
|
service charon /system/bin/charon
|
|
class main
|
|
socket charon stream 600 system system
|
|
# charon will setuid to vpn after getting necessary resources.
|
|
group vpn net_admin inet
|
|
disabled
|
|
oneshot
|
|
|
|
service mtpd /system/bin/mtpd
|
|
class main
|
|
socket mtpd stream 600 system system
|
|
user vpn
|
|
group vpn net_admin inet net_raw
|
|
disabled
|
|
oneshot
|
|
|
|
service keystore /system/bin/keystore /data/misc/keystore
|
|
class main
|
|
user keystore
|
|
group keystore drmrpc system
|
|
|
|
service dumpstate /system/bin/dumpstate -s
|
|
class main
|
|
socket dumpstate stream 0660 shell log
|
|
disabled
|
|
oneshot
|
|
|
|
# service for TZPR provisioning version check app
|
|
service scranton_RD /system/bin/scranton_RD
|
|
class main
|
|
user root
|
|
disabled
|
|
oneshot
|
|
|
|
# insthk
|
|
service insthk /system/bin/insthk
|
|
class main
|
|
user root
|
|
disabled
|
|
oneshot
|
|
|
|
# start for TZPR provisioning version check app
|
|
on property:sys.qseecomd.enable=true
|
|
start scranton_RD
|
|
start insthk
|
|
|
|
service sshd /system/bin/start-ssh
|
|
class main
|
|
disabled
|
|
|
|
service mdnsd /system/bin/mdnsd
|
|
class main
|
|
user mdnsr
|
|
group inet net_raw
|
|
socket mdnsd stream 0660 mdnsr inet
|
|
disabled
|
|
oneshot
|
|
|
|
on property:init.svc.bootanim=stopped
|
|
restorecon /data/media
|
|
restorecon /data/media/obb
|
|
start auditd
|
|
start freshsebool
|
|
|
|
service sdumpstate /system/bin/dumpstate -P
|
|
class main
|
|
disabled
|
|
oneshot
|
|
|
|
#sensorhubservice start
|
|
service sensorhubservice /system/bin/sensorhubservice
|
|
class main
|
|
user system
|
|
group input
|
|
|
|
# bugreport is triggered by holding down volume down, volume up and power
|
|
service bugreport /system/bin/dumpstate -d -p -B \
|
|
-o /data/data/com.android.shell/files/bugreports/bugreport
|
|
class main
|
|
disabled
|
|
oneshot
|
|
keycodes 114 115 116
|
|
|
|
# Vibetonz
|
|
service immvibed /system/bin/immvibed
|
|
class core
|
|
user vibe
|
|
group vibe
|
|
oneshot
|
|
# SAMSUNG DRS Service
|
|
service drsd /system/bin/drsd
|
|
class main
|
|
socket drsd stream 600 system system
|
|
|
|
#Knox VPN
|
|
service ipruleset /system/bin/ipruleset
|
|
class main
|
|
group vpn net_admin inet net_raw
|
|
disabled
|
|
oneshot
|
|
|
|
#KNOX - SE Android Security Setting Level
|
|
service freshsebool /system/bin/freshsebool
|
|
class main
|
|
user root
|
|
disabled
|
|
oneshot
|
|
|
|
# WTL_EDM
|
|
service createsystemfile /system/bin/createsystemfile
|
|
class main
|
|
group system
|
|
disabled
|
|
oneshot
|
|
|
|
# icd
|
|
on property:init.svc.media=restarting
|
|
check_icd
|
|
start icd
|
|
|
|
on property:sys.boot_completed=1
|
|
write /sys/block/mmcblk0/queue/scheduler cfq
|