projects / GitHub / mt8127 / ttab-system.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
LRX21M.vC1O-0
[GitHub/mt8127/ttab-system.git] / ramdisk / init.rc
CommitLineData
d05bb22f
S		 1# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7import /init.environ.rc
8import /init.usb.rc
9import /init.${ro.hardware}.rc
10import /init.${ro.zygote}.rc
11import /init.trace.rc
12
13on early-init
14 # Set init and its forked children's oom_adj.
15 write /proc/1/oom_score_adj -1000
16
17 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
18 write /sys/fs/selinux/checkreqprot 0
19
20 # Set the security context for the init process.
21 # This should occur before anything else (e.g. ueventd) is started.
22 setcon u:r:init:s0
23
24 # Set the security context of /adb_keys if present.
25 restorecon /adb_keys
26
27 start ueventd
28
29 # create mountpoints
30 mkdir /mnt 0775 root system
31
32on init
33 sysclktz 0
34
35loglevel 6 ####
36 write /proc/bootprof "INIT: on init start" ####
37
38 # Backward compatibility
39 symlink /system/etc /etc
40 symlink /sys/kernel/debug /d
41
42 # Right now vendor lives on the same filesystem as system,
43 # but someday that may change.
44 symlink /system/vendor /vendor
45
46 # Create cgroup mount point for cpu accounting
47 mkdir /acct
48 mount cgroup none /acct cpuacct
49 mkdir /acct/uid
50
51 # Create cgroup mount point for memory
52 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
53 mkdir /sys/fs/cgroup/memory 0750 root system
54 mount cgroup none /sys/fs/cgroup/memory memory
55 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
56 chown root system /sys/fs/cgroup/memory/tasks
57 chmod 0660 /sys/fs/cgroup/memory/tasks
58 mkdir /sys/fs/cgroup/memory/sw 0750 root system
59 write /sys/fs/cgroup/memory/sw/memory.swappiness 100
60 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
61 chown root system /sys/fs/cgroup/memory/sw/tasks
62 chmod 0660 /sys/fs/cgroup/memory/sw/tasks
63
64 ##bsp config enable
65 write /sys/class/misc/tp_cfg/cfg_load_enable 1
66
67 mkdir /system
68 mkdir /data 0771 system system
69 mkdir /cache 0770 system cache
70 mkdir /config 0500 root root
71
72 # See storage config details at http://source.android.com/tech/storage/
73 mkdir /mnt/shell 0700 shell shell
74 mkdir /mnt/media_rw 0700 media_rw media_rw
75 mkdir /storage 0751 root sdcard_r
76
77 # Directory for putting things only root should see.
78 mkdir /mnt/secure 0700 root root
79
80 # Directory for staging bindmounts
81 mkdir /mnt/secure/staging 0700 root root
82
83 # Directory-target for where the secure container
84 # imagefile directory will be bind-mounted
85 mkdir /mnt/secure/asec 0700 root root
86
87 # Secure container public mount points.
88 mkdir /mnt/asec 0700 root system
89 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
90
91 # Filesystem image public mount points.
92 mkdir /mnt/obb 0700 root system
93 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
94
95 # memory control cgroup
96 mkdir /dev/memcg 0700 root system
97 mount cgroup none /dev/memcg memory
98
99 write /proc/sys/kernel/panic_on_oops 1
100 write /proc/sys/kernel/hung_task_timeout_secs 0
101 write /proc/cpu/alignment 4
102 write /proc/sys/kernel/sched_latency_ns 10000000
103 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
104 write /proc/sys/kernel/sched_compat_yield 1
105 write /proc/sys/kernel/sched_child_runs_first 0
106 write /proc/sys/kernel/randomize_va_space 2
107 write /proc/sys/kernel/kptr_restrict 2
108 write /proc/sys/vm/mmap_min_addr 32768
109 write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
110 write /proc/sys/net/unix/max_dgram_qlen 300
111 write /proc/sys/kernel/sched_rt_runtime_us 950000
112 write /proc/sys/kernel/sched_rt_period_us 1000000
113
114 # reflect fwmark from incoming packets onto generated replies
115 write /proc/sys/net/ipv4/fwmark_reflect 1
116 write /proc/sys/net/ipv6/fwmark_reflect 1
117
118 # set fwmark on accepted sockets
119 write /proc/sys/net/ipv4/tcp_fwmark_accept 1
120
121 # Create cgroup mount points for process groups
122 mkdir /dev/cpuctl
123 mount cgroup none /dev/cpuctl cpu
124 chown system system /dev/cpuctl
125 chown system system /dev/cpuctl/tasks
126 chmod 0660 /dev/cpuctl/tasks
127 write /dev/cpuctl/cpu.shares 1024
128 write /dev/cpuctl/cpu.rt_runtime_us 950000
129 write /dev/cpuctl/cpu.rt_period_us 1000000
130
131 mkdir /dev/cpuctl/apps
132 chown system system /dev/cpuctl/apps/tasks
133 chmod 0666 /dev/cpuctl/apps/tasks
134 write /dev/cpuctl/apps/cpu.shares 1024
135 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
136 write /dev/cpuctl/apps/cpu.rt_period_us 1000000
137
138 mkdir /dev/cpuctl/apps/bg_non_interactive
139 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
140 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
141 # 5.0 %
142 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
143 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
144 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
145
146 # qtaguid will limit access to specific data based on group memberships.
147 # net_bw_acct grants impersonation of socket owners.
148 # net_bw_stats grants access to other apps' detailed tagged-socket stats.
149 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
150 chown root net_bw_stats /proc/net/xt_qtaguid/stats
151
152 # Allow everybody to read the xt_qtaguid resource tracking misc dev.
153 # This is needed by any process that uses socket tagging.
154 chmod 0644 /dev/xt_qtaguid
155
156 # Create location for fs_mgr to store abbreviated output from filesystem
157 # checker programs.
158 mkdir /dev/fscklogs 0770 root system
159
160 # pstore/ramoops previous console log
161 mount pstore pstore /sys/fs/pstore
162 chown system log /sys/fs/pstore/console-ramoops
163 chmod 0440 /sys/fs/pstore/console-ramoops
164
165 # ion device
166 chmod 0666 /dev/ion
167
168# Healthd can trigger a full boot from charger mode by signaling this
169# property when the power button is held.
170on property:sys.boot_from_charger_mode=1
171 class_stop charger
172 trigger late-init
173
174# Load properties from /system/ + /factory after fs mount.
175on load_all_props_action
176 load_all_props
177
178# Indicate to fw loaders that the relevant mounts are up.
179on firmware_mounts_complete
180 rm /dev/.booting
181
182# Mount filesystems and start core system services.
183on late-init
184 trigger early-fs
185 trigger fs
186 trigger post-fs
187 trigger post-fs-data
188
189 # Load properties from /system/ + /factory after fs mount. Place
190 # this in another action so that the load will be scheduled after the prior
191 # issued fs triggers have completed.
192 trigger load_all_props_action
193
194 # Remove a file to wake up anything waiting for firmware.
195 trigger firmware_mounts_complete
196
197 trigger early-boot
198 trigger boot
199
200
201on post-fs
202 # once everything is setup, no need to modify /
203 mount rootfs rootfs / ro remount
204 # mount shared so changes propagate into child namespaces
205 mount rootfs rootfs / shared rec
206
207 # We chown/chmod /cache again so because mount is run as root + defaults
208 chown system cache /cache
209 chmod 0770 /cache
210 # We restorecon /cache in case the cache partition has been reset.
211 restorecon_recursive /cache
212
213 # This may have been created by the recovery system with odd permissions
214 chown system cache /cache/recovery
215 chmod 0770 /cache/recovery
216
217 #change permissions on vmallocinfo so we can grab it from bugreports
218 chown root log /proc/vmallocinfo
219 chmod 0440 /proc/vmallocinfo
220
221 chown root log /proc/slabinfo
222 chmod 0440 /proc/slabinfo
223
224 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
225 chown root system /proc/kmsg
226 chmod 0440 /proc/kmsg
227 chown root system /proc/sysrq-trigger
228 chmod 0220 /proc/sysrq-trigger
229 chown system log /proc/last_kmsg
230 chmod 0440 /proc/last_kmsg
231
232 # make the selinux kernel policy world-readable
233 chmod 0444 /sys/fs/selinux/policy
234
235 # create the lost+found directories, so as to enforce our permissions
236 mkdir /cache/lost+found 0770 root root
237
238on post-fs-data
239 # We chown/chmod /data again so because mount is run as root + defaults
240 chown system system /data
241 chmod 0771 /data
242 # We restorecon /data in case the userdata partition has been reset.
243 restorecon /data
244
245 # Avoid predictable entropy pool. Carry over entropy from previous boot.
246 copy /data/system/entropy.dat /dev/urandom
247
248 # Create dump dir and collect dumps.
249 # Do this before we mount cache so eventually we can use cache for
250 # storing dumps on platforms which do not have a dedicated dump partition.
251 mkdir /data/dontpanic 0750 root log
252
253 # Collect apanic data, free resources and re-arm trigger
254 copy /proc/apanic_console /data/dontpanic/apanic_console
255 chown root log /data/dontpanic/apanic_console
256 chmod 0640 /data/dontpanic/apanic_console
257
258 copy /proc/apanic_threads /data/dontpanic/apanic_threads
259 chown root log /data/dontpanic/apanic_threads
260 chmod 0640 /data/dontpanic/apanic_threads
261
262 write /proc/apanic_console 1
263
264 # create basic filesystem structure
265 mkdir /data/misc 01771 system misc
266 mkdir /data/misc/adb 02750 system shell
267 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
268 mkdir /data/misc/bluetooth 0770 system system
269 mkdir /data/misc/keystore 0700 keystore keystore
270 mkdir /data/misc/keychain 0771 system system
271 mkdir /data/misc/net 0750 root shell
272 mkdir /data/misc/radio 0770 system radio
273 mkdir /data/misc/sms 0770 system radio
274 mkdir /data/misc/zoneinfo 0775 system system
275 mkdir /data/misc/vpn 0770 system vpn
276 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
277 mkdir /data/misc/systemkeys 0700 system system
278 mkdir /data/misc/wifi 0770 wifi wifi
279 mkdir /data/misc/wifi/sockets 0770 wifi wifi
280 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
281 mkdir /data/misc/ethernet 0770 system system
282 mkdir /data/misc/dhcp 0770 dhcp dhcp
283 mkdir /data/misc/user 0771 root root
284 # give system access to wpa_supplicant.conf for backup and restore
285 chmod 0660 /data/misc/wifi/wpa_supplicant.conf
286 mkdir /data/local 0751 root root
287 mkdir /data/misc/media 0700 media media
288
289 # For security reasons, /data/local/tmp should always be empty.
290 # Do not place files or directories in /data/local/tmp
291 mkdir /data/local/tmp 0771 shell shell
292 mkdir /data/data 0771 system system
293 mkdir /data/app-private 0771 system system
294 mkdir /data/app-asec 0700 root root
295 mkdir /data/app-lib 0771 system system
296 mkdir /data/app 0771 system system
297 mkdir /data/property 0700 root root
298
299 # create dalvik-cache, so as to enforce our permissions
300 mkdir /data/dalvik-cache 0771 root root
301 mkdir /data/dalvik-cache/profiles 0711 system system
302
303 # create resource-cache and double-check the perms
304 mkdir /data/resource-cache 0771 system system
305 chown system system /data/resource-cache
306 chmod 0771 /data/resource-cache
307
308 # create the lost+found directories, so as to enforce our permissions
309 mkdir /data/lost+found 0770 root root
310
311 # create directory for DRM plug-ins - give drm the read/write access to
312 # the following directory.
313 mkdir /data/drm 0770 drm drm ####
314 # mkdir /data/drm 0774 drm system ####
315
316 # create directory for MediaDrm plug-ins - give drm the read/write access to
317 # the following directory.
318 mkdir /data/mediadrm 0770 mediadrm mediadrm
319
320 # symlink to bugreport storage location
321 symlink /data/data/com.android.shell/files/bugreports /data/bugreports
322
323 # Separate location for storing security policy files on data
324 mkdir /data/security 0711 system system
325
326 # add for mediaserver data
327 mkdir /data/mediaserver 0775 media media
328 restorecon /data/mediaserver
329
330 # Reload policy from /data/security if present.
331 setprop selinux.reload_policy 1
332
333 # Set SELinux security contexts on upgrade or policy update.
334 restorecon_recursive /data
335
336 # If there is no fs-post-data action in the init.<device>.rc file, you
337 # must uncomment this line, otherwise encrypted filesystems
338 # won't work.
339 # Set indication (checked by vold) that we have finished this action
340 #setprop vold.post_fs_data_done 1
341
342on boot
343 # basic network init
344 ifup lo
345 hostname localhost
346 domainname localdomain
347
348 # set RLIMIT_NICE to allow priorities from 19 to -20
349 setrlimit 13 40 40
350
351 # Memory management. Basic kernel parameters, and allow the high
352 # level system server to be able to adjust the kernel OOM driver
353 # parameters to match how it is managing things.
354 write /proc/sys/vm/overcommit_memory 1
355 write /proc/sys/vm/min_free_order_shift 4
356 chown root system /sys/module/lowmemorykiller/parameters/adj
357 chmod 0220 /sys/module/lowmemorykiller/parameters/adj
358 chown root system /sys/module/lowmemorykiller/parameters/minfree
359 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
360
361 # Tweak background writeout
362 write /proc/sys/vm/dirty_expire_centisecs 200
363 write /proc/sys/vm/dirty_background_ratio 5
364
365 # Permissions for System Server and daemons.
366 chown radio system /sys/android_power/state
367 chown radio system /sys/android_power/request_state
368 chown radio system /sys/android_power/acquire_full_wake_lock
369 chown radio system /sys/android_power/acquire_partial_wake_lock
370 chown radio system /sys/android_power/release_wake_lock
371 chown system system /sys/power/autosleep
372 chown system system /sys/power/state
373 chown system system /sys/power/wakeup_count
374 chown radio system /sys/power/wake_lock
375 chown radio system /sys/power/wake_unlock
376 chmod 0660 /sys/power/state
377 chmod 0660 /sys/power/wake_lock
378 chmod 0660 /sys/power/wake_unlock
379
380 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
381 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
382 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
383 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
384 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
385 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
386 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
387 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
388 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
389 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
390 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
391 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
392 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
393 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
394 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
395 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
396 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
397 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
398 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
399 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
400 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
401 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
402 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
403
404 # Assume SMP uses shared cpufreq policy for all CPUs
405 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
406 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
407
408 chown system system /sys/class/timed_output/vibrator/enable
409 chown system system /sys/class/leds/keyboard-backlight/brightness
410 chown system system /sys/class/leds/lcd-backlight/brightness
411 chown system system /sys/class/leds/button-backlight/brightness
412 chown system system /sys/class/leds/jogball-backlight/brightness
413 chown system system /sys/class/leds/red/brightness
414 chown system system /sys/class/leds/green/brightness
415 chown system system /sys/class/leds/blue/brightness
416 chown system system /sys/class/leds/red/device/grpfreq
417 chown system system /sys/class/leds/red/device/grppwm
418 chown system system /sys/class/leds/red/device/blink
419 chown system system /sys/class/timed_output/vibrator/enable
420 chown system system /sys/module/sco/parameters/disable_esco
421 chown system system /sys/kernel/ipv4/tcp_wmem_min
422 chown system system /sys/kernel/ipv4/tcp_wmem_def
423 chown system system /sys/kernel/ipv4/tcp_wmem_max
424 chown system system /sys/kernel/ipv4/tcp_rmem_min
425 chown system system /sys/kernel/ipv4/tcp_rmem_def
426 chown system system /sys/kernel/ipv4/tcp_rmem_max
427 chown root radio /proc/cmdline
428
429 # Define default initial receive window size in segments.
430 setprop net.tcp.default_init_rwnd 60
431
432 class_start core
433
434on nonencrypted
435 class_start main
436 class_start late_start
437
438on property:vold.decrypt=trigger_default_encryption
439 start defaultcrypto
440
441on property:vold.decrypt=trigger_encryption
442 start surfaceflinger
443 start encrypt
444
445on property:sys.init_log_level=*
446 loglevel ${sys.init_log_level}
447
448on charger
449 class_start charger
450
451on property:vold.decrypt=trigger_reset_main
452 class_reset main
453
454on property:vold.decrypt=trigger_load_persist_props
455 load_persist_props
456
457on property:vold.decrypt=trigger_post_fs_data
458 trigger post-fs-data
459
460on property:vold.decrypt=trigger_restart_min_framework
461 class_start main
462
463on property:vold.decrypt=trigger_restart_framework
464 class_start main
465 class_start late_start
466
467on property:vold.decrypt=trigger_shutdown_framework
468 class_reset late_start
469 class_reset main
470
471on property:sys.powerctl=*
472 powerctl ${sys.powerctl}
473
474# system server cannot write to /proc/sys files,
475# and chown/chmod does not work for /proc/sys/ entries.
476# So proxy writes through init.
477on property:sys.sysctl.extra_free_kbytes=*
478 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
479
480# "tcp_default_init_rwnd" Is too long!
481on property:sys.sysctl.tcp_def_init_rwnd=*
482 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
483
484
485## Daemon processes to be run by init.
486##
487service ueventd /sbin/ueventd
488 class core
489 critical
490 seclabel u:r:ueventd:s0
491
492service logd /system/bin/logd
493 class core
494 socket logd stream 0666 logd logd
495 socket logdr seqpacket 0666 logd logd
496 socket logdw dgram 0222 logd logd
497 seclabel u:r:logd:s0
498
499service healthd /sbin/healthd
500 class core
501 critical
502 seclabel u:r:healthd:s0
503
504service console /system/bin/sh
505 class core
506 console
507 disabled
508 user shell
509 seclabel u:r:shell:s0
510
511on property:ro.debuggable=1
512 start console
513
514# adbd is controlled via property triggers in init.<platform>.usb.rc
515service adbd /sbin/adbd --root_seclabel=u:r:su:s0
516 class core
517 socket adbd stream 660 system system
518 disabled
519 seclabel u:r:adbd:s0
520
521# adbd on at boot in emulator
522on property:ro.kernel.qemu=1
523 start adbd
524
525service lmkd /system/bin/lmkd
526 class core
527 critical
528 socket lmkd seqpacket 0660 system system
529
530service servicemanager /system/bin/servicemanager
531 class core
532 user system
533 group system
534 critical
535 onrestart restart healthd
536 onrestart restart zygote
537 onrestart restart media
538 onrestart restart surfaceflinger
539 onrestart restart drm
540
541service vold /system/bin/vold
542 class core
543 socket vold stream 0660 root mount
544 ioprio be 2
545
546service netd /system/bin/netd
547 class main
548 socket netd stream 0660 root system
549 socket dnsproxyd stream 0660 root inet
550 socket mdns stream 0660 root system
551 socket fwmarkd stream 0660 root inet
552
553service debuggerd /system/bin/debuggerd
554 class main
555
556service debuggerd64 /system/bin/debuggerd64
557 class main
558
559# for using TK init.modem.rc rild-daemon setting
560#service ril-daemon /system/bin/rild
561# class main
562# socket rild stream 660 root radio
563# socket rild-debug stream 660 radio system
564# user root
565# group radio cache inet misc audio log
566
567service surfaceflinger /system/bin/surfaceflinger
568 class core
569 user system
570 group graphics drmrpc
571 onrestart restart zygote
572
573#make sure drm server has rights to read and write sdcard ####
574service drm /system/bin/drmserver
575 class main
576 user drm
577 # group drm system inet drmrpc ####
578 group drm system inet drmrpc sdcard_r ####
579
580service media /system/bin/mediaserver
581 class main
582 user root ####
583# google default ####
584# user media ####
585 group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm media sdcard_r system net_bt_stack ####
586# google default ####
587# group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm ####
588
589 ioprio rt 4
590
591# One shot invocation to deal with encrypted volume.
592service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
593 disabled
594 oneshot
595 # vold will set vold.decrypt to trigger_restart_framework (default
596 # encryption) or trigger_restart_min_framework (other encryption)
597
598# One shot invocation to encrypt unencrypted volumes
599service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
600 disabled
601 oneshot
602 # vold will set vold.decrypt to trigger_restart_framework (default
603 # encryption)
604
605service bootanim /system/bin/bootanimation
606 class core
607 user graphics
608# group graphics audio ####
609 group graphics media audio ####
610 disabled
611 oneshot
612
613service installd /system/bin/installd
614 class main
615 socket installd stream 600 system system
616
617service flash_recovery /system/bin/install-recovery.sh
618 class main
619 seclabel u:r:install_recovery:s0
620 oneshot
621
622service racoon /system/bin/racoon
623 class main
624 socket racoon stream 600 system system
625 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
626 group vpn net_admin inet
627 disabled
628 oneshot
629
630service mtpd /system/bin/mtpd
631 class main
632 socket mtpd stream 600 system system
633 user vpn
634 group vpn net_admin inet net_raw
635 disabled
636 oneshot
637
638service keystore /system/bin/keystore /data/misc/keystore
639 class main
640 user keystore
641 group keystore drmrpc
642
643service dumpstate /system/bin/dumpstate -s
644 class main
645 socket dumpstate stream 0660 shell log
646 disabled
647 oneshot
648
649service mdnsd /system/bin/mdnsd
650 class main
651 user mdnsr
652 group inet net_raw
653 socket mdnsd stream 0660 mdnsr inet
654 disabled
655 oneshot
656
657service pre-recovery /system/bin/uncrypt
658 class main
659 disabled
660 oneshot
extracted stock system of the telekom puls