projects / GitHub / mt8127 / ttab-system.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
LRX21M.vC29-0
[GitHub/mt8127/ttab-system.git] / ramdisk / init.rc
CommitLineData
d05bb22f
S		 1# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7import /init.environ.rc
8import /init.usb.rc
9import /init.${ro.hardware}.rc
10import /init.${ro.zygote}.rc
11import /init.trace.rc
12
13on early-init
14 # Set init and its forked children's oom_adj.
15 write /proc/1/oom_score_adj -1000
16
17 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
18 write /sys/fs/selinux/checkreqprot 0
19
20 # Set the security context for the init process.
21 # This should occur before anything else (e.g. ueventd) is started.
22 setcon u:r:init:s0
23
24 # Set the security context of /adb_keys if present.
25 restorecon /adb_keys
26
27 start ueventd
28
29 # create mountpoints
30 mkdir /mnt 0775 root system
31
32on init
33 sysclktz 0
34
35loglevel 6 ####
36 write /proc/bootprof "INIT: on init start" ####
37
38 # Backward compatibility
39 symlink /system/etc /etc
40 symlink /sys/kernel/debug /d
41
42 # Right now vendor lives on the same filesystem as system,
43 # but someday that may change.
44 symlink /system/vendor /vendor
45
46 # Create cgroup mount point for cpu accounting
47 mkdir /acct
48 mount cgroup none /acct cpuacct
49 mkdir /acct/uid
50
51 # Create cgroup mount point for memory
52 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
53 mkdir /sys/fs/cgroup/memory 0750 root system
54 mount cgroup none /sys/fs/cgroup/memory memory
55 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
56 chown root system /sys/fs/cgroup/memory/tasks
57 chmod 0660 /sys/fs/cgroup/memory/tasks
58 mkdir /sys/fs/cgroup/memory/sw 0750 root system
59 write /sys/fs/cgroup/memory/sw/memory.swappiness 100
60 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
61 chown root system /sys/fs/cgroup/memory/sw/tasks
62 chmod 0660 /sys/fs/cgroup/memory/sw/tasks
63
64 ##bsp config enable
65 write /sys/class/misc/tp_cfg/cfg_load_enable 1
66
67 mkdir /system
68 mkdir /data 0771 system system
69 mkdir /cache 0770 system cache
70 mkdir /config 0500 root root
71
72 # See storage config details at http://source.android.com/tech/storage/
73 mkdir /mnt/shell 0700 shell shell
74 mkdir /mnt/media_rw 0700 media_rw media_rw
75 mkdir /storage 0751 root sdcard_r
76
77 # Directory for putting things only root should see.
78 mkdir /mnt/secure 0700 root root
79
80 # Directory for staging bindmounts
81 mkdir /mnt/secure/staging 0700 root root
82
83 # Directory-target for where the secure container
84 # imagefile directory will be bind-mounted
85 mkdir /mnt/secure/asec 0700 root root
86
87 # Secure container public mount points.
88 mkdir /mnt/asec 0700 root system
89 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
90
91 # Filesystem image public mount points.
92 mkdir /mnt/obb 0700 root system
93 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
94
95 # memory control cgroup
96 mkdir /dev/memcg 0700 root system
97 mount cgroup none /dev/memcg memory
98
99 write /proc/sys/kernel/panic_on_oops 1
100 write /proc/sys/kernel/hung_task_timeout_secs 0
101 write /proc/cpu/alignment 4
102 write /proc/sys/kernel/sched_latency_ns 10000000
103 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
104 write /proc/sys/kernel/sched_compat_yield 1
105 write /proc/sys/kernel/sched_child_runs_first 0
106 write /proc/sys/kernel/randomize_va_space 2
107 write /proc/sys/kernel/kptr_restrict 2
108 write /proc/sys/vm/mmap_min_addr 32768
109 write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
110 write /proc/sys/net/unix/max_dgram_qlen 300
111 write /proc/sys/kernel/sched_rt_runtime_us 950000
112 write /proc/sys/kernel/sched_rt_period_us 1000000
113
114 # reflect fwmark from incoming packets onto generated replies
115 write /proc/sys/net/ipv4/fwmark_reflect 1
116 write /proc/sys/net/ipv6/fwmark_reflect 1
117
118 # set fwmark on accepted sockets
119 write /proc/sys/net/ipv4/tcp_fwmark_accept 1
120
121 # Create cgroup mount points for process groups
122 mkdir /dev/cpuctl
123 mount cgroup none /dev/cpuctl cpu
124 chown system system /dev/cpuctl
125 chown system system /dev/cpuctl/tasks
126 chmod 0660 /dev/cpuctl/tasks
127 write /dev/cpuctl/cpu.shares 1024
128 write /dev/cpuctl/cpu.rt_runtime_us 950000
129 write /dev/cpuctl/cpu.rt_period_us 1000000
130
131 mkdir /dev/cpuctl/apps
132 chown system system /dev/cpuctl/apps/tasks
133 chmod 0666 /dev/cpuctl/apps/tasks
134 write /dev/cpuctl/apps/cpu.shares 1024
135 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
136 write /dev/cpuctl/apps/cpu.rt_period_us 1000000
137
138 mkdir /dev/cpuctl/apps/bg_non_interactive
139 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
140 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
141 # 5.0 %
142 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
143 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
144 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
145
146 # qtaguid will limit access to specific data based on group memberships.
147 # net_bw_acct grants impersonation of socket owners.
148 # net_bw_stats grants access to other apps' detailed tagged-socket stats.
149 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
150 chown root net_bw_stats /proc/net/xt_qtaguid/stats
151
152 # Allow everybody to read the xt_qtaguid resource tracking misc dev.
153 # This is needed by any process that uses socket tagging.
154 chmod 0644 /dev/xt_qtaguid
155
156 # Create location for fs_mgr to store abbreviated output from filesystem
157 # checker programs.
158 mkdir /dev/fscklogs 0770 root system
159
160 # pstore/ramoops previous console log
161 mount pstore pstore /sys/fs/pstore
162 chown system log /sys/fs/pstore/console-ramoops
163 chmod 0440 /sys/fs/pstore/console-ramoops
164
165 # ion device
166 chmod 0666 /dev/ion
167
168# Healthd can trigger a full boot from charger mode by signaling this
169# property when the power button is held.
170on property:sys.boot_from_charger_mode=1
171 class_stop charger
172 trigger late-init
173
174# Load properties from /system/ + /factory after fs mount.
175on load_all_props_action
176 load_all_props
177
178# Indicate to fw loaders that the relevant mounts are up.
179on firmware_mounts_complete
180 rm /dev/.booting
181
182# Mount filesystems and start core system services.
183on late-init
184 trigger early-fs
185 trigger fs
186 trigger post-fs
187 trigger post-fs-data
188
189 # Load properties from /system/ + /factory after fs mount. Place
190 # this in another action so that the load will be scheduled after the prior
191 # issued fs triggers have completed.
192 trigger load_all_props_action
193
194 # Remove a file to wake up anything waiting for firmware.
195 trigger firmware_mounts_complete
196
197 trigger early-boot
198 trigger boot
199
200
201on post-fs
202 # once everything is setup, no need to modify /
203 mount rootfs rootfs / ro remount
204 # mount shared so changes propagate into child namespaces
205 mount rootfs rootfs / shared rec
206
207 # We chown/chmod /cache again so because mount is run as root + defaults
208 chown system cache /cache
209 chmod 0770 /cache
210 # We restorecon /cache in case the cache partition has been reset.
211 restorecon_recursive /cache
212
213 # This may have been created by the recovery system with odd permissions
214 chown system cache /cache/recovery
215 chmod 0770 /cache/recovery
216
217 #change permissions on vmallocinfo so we can grab it from bugreports
218 chown root log /proc/vmallocinfo
219 chmod 0440 /proc/vmallocinfo
220
221 chown root log /proc/slabinfo
222 chmod 0440 /proc/slabinfo
223
224 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
225 chown root system /proc/kmsg
226 chmod 0440 /proc/kmsg
227 chown root system /proc/sysrq-trigger
228 chmod 0220 /proc/sysrq-trigger
229 chown system log /proc/last_kmsg
230 chmod 0440 /proc/last_kmsg
231
232 # make the selinux kernel policy world-readable
233 chmod 0444 /sys/fs/selinux/policy
234
235 # create the lost+found directories, so as to enforce our permissions
236 mkdir /cache/lost+found 0770 root root
237
238on post-fs-data
239 # We chown/chmod /data again so because mount is run as root + defaults
240 chown system system /data
241 chmod 0771 /data
242 # We restorecon /data in case the userdata partition has been reset.
243 restorecon /data
244
245 # Avoid predictable entropy pool. Carry over entropy from previous boot.
246 copy /data/system/entropy.dat /dev/urandom
247
248 # Create dump dir and collect dumps.
249 # Do this before we mount cache so eventually we can use cache for
250 # storing dumps on platforms which do not have a dedicated dump partition.
251 mkdir /data/dontpanic 0750 root log
252
253 # Collect apanic data, free resources and re-arm trigger
254 copy /proc/apanic_console /data/dontpanic/apanic_console
255 chown root log /data/dontpanic/apanic_console
256 chmod 0640 /data/dontpanic/apanic_console
257
258 copy /proc/apanic_threads /data/dontpanic/apanic_threads
259 chown root log /data/dontpanic/apanic_threads
260 chmod 0640 /data/dontpanic/apanic_threads
261
262 write /proc/apanic_console 1
263
264 # create basic filesystem structure
265 mkdir /data/misc 01771 system misc
266 mkdir /data/misc/adb 02750 system shell
267 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
268 mkdir /data/misc/bluetooth 0770 system system
269 mkdir /data/misc/keystore 0700 keystore keystore
270 mkdir /data/misc/keychain 0771 system system
271 mkdir /data/misc/net 0750 root shell
272 mkdir /data/misc/radio 0770 system radio
273 mkdir /data/misc/sms 0770 system radio
274 mkdir /data/misc/zoneinfo 0775 system system
275 mkdir /data/misc/vpn 0770 system vpn
276 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
277 mkdir /data/misc/systemkeys 0700 system system
278 mkdir /data/misc/wifi 0770 wifi wifi
279 mkdir /data/misc/wifi/sockets 0770 wifi wifi
280 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
281 mkdir /data/misc/ethernet 0770 system system
282 mkdir /data/misc/dhcp 0770 dhcp dhcp
283 mkdir /data/misc/user 0771 root root
284 # give system access to wpa_supplicant.conf for backup and restore
285 chmod 0660 /data/misc/wifi/wpa_supplicant.conf
286 mkdir /data/local 0751 root root
287 mkdir /data/misc/media 0700 media media
288
289 # For security reasons, /data/local/tmp should always be empty.
290 # Do not place files or directories in /data/local/tmp
291 mkdir /data/local/tmp 0771 shell shell
292 mkdir /data/data 0771 system system
293 mkdir /data/app-private 0771 system system
294 mkdir /data/app-asec 0700 root root
295 mkdir /data/app-lib 0771 system system
296 mkdir /data/app 0771 system system
297 mkdir /data/property 0700 root root
9ff65a5e 298 mkdir /data/tombstones 0771 system system
d05bb22f
S		 299
300 # create dalvik-cache, so as to enforce our permissions
301 mkdir /data/dalvik-cache 0771 root root
302 mkdir /data/dalvik-cache/profiles 0711 system system
303
304 # create resource-cache and double-check the perms
305 mkdir /data/resource-cache 0771 system system
306 chown system system /data/resource-cache
307 chmod 0771 /data/resource-cache
308
309 # create the lost+found directories, so as to enforce our permissions
310 mkdir /data/lost+found 0770 root root
311
312 # create directory for DRM plug-ins - give drm the read/write access to
313 # the following directory.
314 mkdir /data/drm 0770 drm drm ####
315 # mkdir /data/drm 0774 drm system ####
316
317 # create directory for MediaDrm plug-ins - give drm the read/write access to
318 # the following directory.
319 mkdir /data/mediadrm 0770 mediadrm mediadrm
320
321 # symlink to bugreport storage location
322 symlink /data/data/com.android.shell/files/bugreports /data/bugreports
323
324 # Separate location for storing security policy files on data
325 mkdir /data/security 0711 system system
326
327 # add for mediaserver data
328 mkdir /data/mediaserver 0775 media media
329 restorecon /data/mediaserver
330
331 # Reload policy from /data/security if present.
332 setprop selinux.reload_policy 1
333
334 # Set SELinux security contexts on upgrade or policy update.
335 restorecon_recursive /data
336
337 # If there is no fs-post-data action in the init.<device>.rc file, you
338 # must uncomment this line, otherwise encrypted filesystems
339 # won't work.
340 # Set indication (checked by vold) that we have finished this action
341 #setprop vold.post_fs_data_done 1
342
343on boot
344 # basic network init
345 ifup lo
346 hostname localhost
347 domainname localdomain
348
349 # set RLIMIT_NICE to allow priorities from 19 to -20
350 setrlimit 13 40 40
351
352 # Memory management. Basic kernel parameters, and allow the high
353 # level system server to be able to adjust the kernel OOM driver
354 # parameters to match how it is managing things.
355 write /proc/sys/vm/overcommit_memory 1
356 write /proc/sys/vm/min_free_order_shift 4
357 chown root system /sys/module/lowmemorykiller/parameters/adj
358 chmod 0220 /sys/module/lowmemorykiller/parameters/adj
359 chown root system /sys/module/lowmemorykiller/parameters/minfree
360 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
361
362 # Tweak background writeout
363 write /proc/sys/vm/dirty_expire_centisecs 200
364 write /proc/sys/vm/dirty_background_ratio 5
365
366 # Permissions for System Server and daemons.
367 chown radio system /sys/android_power/state
368 chown radio system /sys/android_power/request_state
369 chown radio system /sys/android_power/acquire_full_wake_lock
370 chown radio system /sys/android_power/acquire_partial_wake_lock
371 chown radio system /sys/android_power/release_wake_lock
372 chown system system /sys/power/autosleep
373 chown system system /sys/power/state
374 chown system system /sys/power/wakeup_count
375 chown radio system /sys/power/wake_lock
376 chown radio system /sys/power/wake_unlock
377 chmod 0660 /sys/power/state
378 chmod 0660 /sys/power/wake_lock
379 chmod 0660 /sys/power/wake_unlock
380
381 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
382 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
383 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
384 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
385 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
386 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
387 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
388 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
389 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
390 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
391 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
392 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
393 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
394 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
395 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
396 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
397 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
398 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
399 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
400 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
401 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
402 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
403 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
404
405 # Assume SMP uses shared cpufreq policy for all CPUs
406 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
407 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
408
409 chown system system /sys/class/timed_output/vibrator/enable
410 chown system system /sys/class/leds/keyboard-backlight/brightness
411 chown system system /sys/class/leds/lcd-backlight/brightness
412 chown system system /sys/class/leds/button-backlight/brightness
413 chown system system /sys/class/leds/jogball-backlight/brightness
414 chown system system /sys/class/leds/red/brightness
415 chown system system /sys/class/leds/green/brightness
416 chown system system /sys/class/leds/blue/brightness
417 chown system system /sys/class/leds/red/device/grpfreq
418 chown system system /sys/class/leds/red/device/grppwm
419 chown system system /sys/class/leds/red/device/blink
420 chown system system /sys/class/timed_output/vibrator/enable
421 chown system system /sys/module/sco/parameters/disable_esco
422 chown system system /sys/kernel/ipv4/tcp_wmem_min
423 chown system system /sys/kernel/ipv4/tcp_wmem_def
424 chown system system /sys/kernel/ipv4/tcp_wmem_max
425 chown system system /sys/kernel/ipv4/tcp_rmem_min
426 chown system system /sys/kernel/ipv4/tcp_rmem_def
427 chown system system /sys/kernel/ipv4/tcp_rmem_max
428 chown root radio /proc/cmdline
429
430 # Define default initial receive window size in segments.
431 setprop net.tcp.default_init_rwnd 60
432
433 class_start core
434
435on nonencrypted
436 class_start main
437 class_start late_start
438
439on property:vold.decrypt=trigger_default_encryption
440 start defaultcrypto
441
442on property:vold.decrypt=trigger_encryption
443 start surfaceflinger
444 start encrypt
445
446on property:sys.init_log_level=*
447 loglevel ${sys.init_log_level}
448
449on charger
450 class_start charger
451
452on property:vold.decrypt=trigger_reset_main
453 class_reset main
454
455on property:vold.decrypt=trigger_load_persist_props
456 load_persist_props
457
458on property:vold.decrypt=trigger_post_fs_data
459 trigger post-fs-data
460
461on property:vold.decrypt=trigger_restart_min_framework
462 class_start main
463
464on property:vold.decrypt=trigger_restart_framework
465 class_start main
466 class_start late_start
467
468on property:vold.decrypt=trigger_shutdown_framework
469 class_reset late_start
470 class_reset main
471
472on property:sys.powerctl=*
473 powerctl ${sys.powerctl}
474
475# system server cannot write to /proc/sys files,
476# and chown/chmod does not work for /proc/sys/ entries.
477# So proxy writes through init.
478on property:sys.sysctl.extra_free_kbytes=*
479 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
480
481# "tcp_default_init_rwnd" Is too long!
482on property:sys.sysctl.tcp_def_init_rwnd=*
483 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
484
485
486## Daemon processes to be run by init.
487##
488service ueventd /sbin/ueventd
489 class core
490 critical
491 seclabel u:r:ueventd:s0
492
493service logd /system/bin/logd
494 class core
495 socket logd stream 0666 logd logd
496 socket logdr seqpacket 0666 logd logd
497 socket logdw dgram 0222 logd logd
498 seclabel u:r:logd:s0
499
500service healthd /sbin/healthd
501 class core
502 critical
503 seclabel u:r:healthd:s0
504
505service console /system/bin/sh
506 class core
507 console
508 disabled
509 user shell
510 seclabel u:r:shell:s0
511
512on property:ro.debuggable=1
513 start console
514
515# adbd is controlled via property triggers in init.<platform>.usb.rc
516service adbd /sbin/adbd --root_seclabel=u:r:su:s0
517 class core
518 socket adbd stream 660 system system
519 disabled
520 seclabel u:r:adbd:s0
521
522# adbd on at boot in emulator
523on property:ro.kernel.qemu=1
524 start adbd
525
526service lmkd /system/bin/lmkd
527 class core
528 critical
529 socket lmkd seqpacket 0660 system system
530
531service servicemanager /system/bin/servicemanager
532 class core
533 user system
534 group system
535 critical
536 onrestart restart healthd
537 onrestart restart zygote
538 onrestart restart media
539 onrestart restart surfaceflinger
540 onrestart restart drm
541
542service vold /system/bin/vold
543 class core
544 socket vold stream 0660 root mount
545 ioprio be 2
546
547service netd /system/bin/netd
548 class main
549 socket netd stream 0660 root system
550 socket dnsproxyd stream 0660 root inet
551 socket mdns stream 0660 root system
552 socket fwmarkd stream 0660 root inet
553
554service debuggerd /system/bin/debuggerd
555 class main
556
557service debuggerd64 /system/bin/debuggerd64
558 class main
559
560# for using TK init.modem.rc rild-daemon setting
561#service ril-daemon /system/bin/rild
562# class main
563# socket rild stream 660 root radio
564# socket rild-debug stream 660 radio system
565# user root
566# group radio cache inet misc audio log
567
568service surfaceflinger /system/bin/surfaceflinger
569 class core
570 user system
571 group graphics drmrpc
572 onrestart restart zygote
573
574#make sure drm server has rights to read and write sdcard ####
575service drm /system/bin/drmserver
576 class main
577 user drm
578 # group drm system inet drmrpc ####
579 group drm system inet drmrpc sdcard_r ####
580
581service media /system/bin/mediaserver
582 class main
583 user root ####
584# google default ####
585# user media ####
9ff65a5e 586 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm media sdcard_r system net_bt_stack media_rw ####
d05bb22f
S		 587# google default ####
588# group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm ####
589
590 ioprio rt 4
591
592# One shot invocation to deal with encrypted volume.
593service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
594 disabled
595 oneshot
596 # vold will set vold.decrypt to trigger_restart_framework (default
597 # encryption) or trigger_restart_min_framework (other encryption)
598
599# One shot invocation to encrypt unencrypted volumes
600service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
601 disabled
602 oneshot
603 # vold will set vold.decrypt to trigger_restart_framework (default
604 # encryption)
605
606service bootanim /system/bin/bootanimation
607 class core
608 user graphics
609# group graphics audio ####
610 group graphics media audio ####
611 disabled
612 oneshot
613
614service installd /system/bin/installd
615 class main
616 socket installd stream 600 system system
617
618service flash_recovery /system/bin/install-recovery.sh
619 class main
620 seclabel u:r:install_recovery:s0
621 oneshot
622
623service racoon /system/bin/racoon
624 class main
625 socket racoon stream 600 system system
626 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
627 group vpn net_admin inet
628 disabled
629 oneshot
630
631service mtpd /system/bin/mtpd
632 class main
633 socket mtpd stream 600 system system
634 user vpn
635 group vpn net_admin inet net_raw
636 disabled
637 oneshot
638
639service keystore /system/bin/keystore /data/misc/keystore
640 class main
641 user keystore
642 group keystore drmrpc
643
644service dumpstate /system/bin/dumpstate -s
645 class main
646 socket dumpstate stream 0660 shell log
647 disabled
648 oneshot
649
650service mdnsd /system/bin/mdnsd
651 class main
652 user mdnsr
653 group inet net_raw
654 socket mdnsd stream 0660 mdnsr inet
655 disabled
656 oneshot
657
658service pre-recovery /system/bin/uncrypt
659 class main
660 disabled
661 oneshot
extracted stock system of the telekom puls