projects / GitHub / mt8127 / ttab-system.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
LRX21M.vC1O-0
[GitHub/mt8127/ttab-system.git] / ramdisk / init.tct.rc
CommitLineData
d05bb22f
S		 1# Copyright (C) 2012 The Android Open Source Project
2#
3# IMPORTANT: Do not create world writable files or directories.
4# This is a common source of Android security bugs.
5#
6
7#import /init.environ.rc
8#import /init.usb.rc
9import /init.tct.${ro.hardware}.rc
10#import /init.${ro.zygote}.rc
11#import /init.trace.rc
12
13on early-init
14 # Set init and its forked children's oom_adj.
15 write /proc/1/oom_score_adj -1000
16
17 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
18 write /sys/fs/selinux/checkreqprot 0
19
20 # Set the security context for the init process.
21 # This should occur before anything else (e.g. ueventd) is started.
22 setcon u:r:init:s0
23
24 # Set the security context of /adb_keys if present.
25 restorecon /adb_keys
26
27 start ueventd
28
29 # create mountpoints
30 mkdir /mnt 0775 root system
31
32on init
33 sysclktz 0
34
35loglevel 6 ####
36 write /proc/bootprof "INIT: on init start" ####
37
38 # Backward compatibility
39 symlink /system/etc /etc
40 symlink /sys/kernel/debug /d
41
42 # Right now vendor lives on the same filesystem as system,
43 # but someday that may change.
44 symlink /system/vendor /vendor
45
46 # Create cgroup mount point for cpu accounting
47 mkdir /acct
48 mount cgroup none /acct cpuacct
49 mkdir /acct/uid
50
51 # Create cgroup mount point for memory
52 mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
53 mkdir /sys/fs/cgroup/memory 0750 root system
54 mount cgroup none /sys/fs/cgroup/memory memory
55 write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
56 chown root system /sys/fs/cgroup/memory/tasks
57 chmod 0660 /sys/fs/cgroup/memory/tasks
58 mkdir /sys/fs/cgroup/memory/sw 0750 root system
59 write /sys/fs/cgroup/memory/sw/memory.swappiness 100
60 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
61 chown root system /sys/fs/cgroup/memory/sw/tasks
62 chmod 0660 /sys/fs/cgroup/memory/sw/tasks
63
64 ##bsp config enable
65 write /sys/class/misc/tp_cfg/cfg_load_enable 1
66
67 mkdir /system
68 mkdir /data 0771 system system
69 mkdir /cache 0770 system cache
70 mkdir /config 0500 root root
71
72 # See storage config details at http://source.android.com/tech/storage/
73 mkdir /mnt/shell 0700 shell shell
74 mkdir /mnt/media_rw 0700 media_rw media_rw
75 mkdir /storage 0751 root sdcard_r
76
77 # Directory for putting things only root should see.
78 mkdir /mnt/secure 0700 root root
79
80 # Directory for staging bindmounts
81 mkdir /mnt/secure/staging 0700 root root
82
83 # Directory-target for where the secure container
84 # imagefile directory will be bind-mounted
85 mkdir /mnt/secure/asec 0700 root root
86
87 # Secure container public mount points.
88 mkdir /mnt/asec 0700 root system
89 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
90
91 # Filesystem image public mount points.
92 mkdir /mnt/obb 0700 root system
93 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
94
95 # memory control cgroup
96 mkdir /dev/memcg 0700 root system
97 mount cgroup none /dev/memcg memory
98
99 write /proc/sys/kernel/panic_on_oops 1
100 write /proc/sys/kernel/hung_task_timeout_secs 0
101 write /proc/cpu/alignment 4
102 write /proc/sys/kernel/sched_latency_ns 10000000
103 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
104 write /proc/sys/kernel/sched_compat_yield 1
105 write /proc/sys/kernel/sched_child_runs_first 0
106 write /proc/sys/kernel/randomize_va_space 2
107 write /proc/sys/kernel/kptr_restrict 2
108 write /proc/sys/vm/mmap_min_addr 32768
109 write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
110 write /proc/sys/net/unix/max_dgram_qlen 300
111 write /proc/sys/kernel/sched_rt_runtime_us 950000
112 write /proc/sys/kernel/sched_rt_period_us 1000000
113
114 # reflect fwmark from incoming packets onto generated replies
115 write /proc/sys/net/ipv4/fwmark_reflect 1
116 write /proc/sys/net/ipv6/fwmark_reflect 1
117
118 # set fwmark on accepted sockets
119 write /proc/sys/net/ipv4/tcp_fwmark_accept 1
120
121 # Create cgroup mount points for process groups
122 mkdir /dev/cpuctl
123 mount cgroup none /dev/cpuctl cpu
124 chown system system /dev/cpuctl
125 chown system system /dev/cpuctl/tasks
126 chmod 0660 /dev/cpuctl/tasks
127 write /dev/cpuctl/cpu.shares 1024
128 write /dev/cpuctl/cpu.rt_runtime_us 950000
129 write /dev/cpuctl/cpu.rt_period_us 1000000
130
131 mkdir /dev/cpuctl/apps
132 chown system system /dev/cpuctl/apps/tasks
133 chmod 0666 /dev/cpuctl/apps/tasks
134 write /dev/cpuctl/apps/cpu.shares 1024
135 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
136 write /dev/cpuctl/apps/cpu.rt_period_us 1000000
137
138 mkdir /dev/cpuctl/apps/bg_non_interactive
139 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
140 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
141 # 5.0 %
142 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
143 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
144 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
145
146 # qtaguid will limit access to specific data based on group memberships.
147 # net_bw_acct grants impersonation of socket owners.
148 # net_bw_stats grants access to other apps' detailed tagged-socket stats.
149 chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
150 chown root net_bw_stats /proc/net/xt_qtaguid/stats
151
152 # Allow everybody to read the xt_qtaguid resource tracking misc dev.
153 # This is needed by any process that uses socket tagging.
154 chmod 0644 /dev/xt_qtaguid
155
156 # Create location for fs_mgr to store abbreviated output from filesystem
157 # checker programs.
158 mkdir /dev/fscklogs 0770 root system
159
160 # pstore/ramoops previous console log
161 mount pstore pstore /sys/fs/pstore
162 chown system log /sys/fs/pstore/console-ramoops
163 chmod 0440 /sys/fs/pstore/console-ramoops
164
165 # ion device
166 chmod 0666 /dev/ion
167
168# Healthd can trigger a full boot from charger mode by signaling this
169# property when the power button is held.
170on property:sys.boot_from_charger_mode=1
171 class_stop charger
172 trigger late-init
173
174# Load properties from /system/ + /factory after fs mount.
175on load_all_props_action
176 load_all_props
177
178# Indicate to fw loaders that the relevant mounts are up.
179on firmware_mounts_complete
180 rm /dev/.booting
181
182# Mount filesystems and start core system services.
183on late-init
184 trigger early-fs
185 trigger fs
186 trigger post-fs
187 trigger post-fs-data
188
189 # Load properties from /system/ + /factory after fs mount. Place
190 # this in another action so that the load will be scheduled after the prior
191 # issued fs triggers have completed.
192 trigger load_all_props_action
193
194 # Remove a file to wake up anything waiting for firmware.
195 trigger firmware_mounts_complete
196
197 trigger early-boot
198 trigger boot
199
200
201on post-fs
202 # once everything is setup, no need to modify /
203 mount rootfs rootfs / ro remount
204 # mount shared so changes propagate into child namespaces
205 mount rootfs rootfs / shared rec
206
207 # We chown/chmod /cache again so because mount is run as root + defaults
208 chown system cache /cache
209 chmod 0770 /cache
210 # We restorecon /cache in case the cache partition has been reset.
211 restorecon_recursive /cache
212
213 # This may have been created by the recovery system with odd permissions
214 chown system cache /cache/recovery
215 chmod 0770 /cache/recovery
216
217 #change permissions on vmallocinfo so we can grab it from bugreports
218 chown root log /proc/vmallocinfo
219 chmod 0440 /proc/vmallocinfo
220
221 chown root log /proc/slabinfo
222 chmod 0440 /proc/slabinfo
223
224 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
225 chown root system /proc/kmsg
226 chmod 0440 /proc/kmsg
227 chown root system /proc/sysrq-trigger
228 chmod 0220 /proc/sysrq-trigger
229 chown system log /proc/last_kmsg
230 chmod 0440 /proc/last_kmsg
231
232 # make the selinux kernel policy world-readable
233 chmod 0444 /sys/fs/selinux/policy
234
235 # create the lost+found directories, so as to enforce our permissions
236 mkdir /cache/lost+found 0770 root root
237
238on post-fs-data
239 # We chown/chmod /data again so because mount is run as root + defaults
240 chown system system /data
241 chmod 0771 /data
242 # We restorecon /data in case the userdata partition has been reset.
243 restorecon /data
244
245 # Avoid predictable entropy pool. Carry over entropy from previous boot.
246 copy /data/system/entropy.dat /dev/urandom
247
248 # Create dump dir and collect dumps.
249 # Do this before we mount cache so eventually we can use cache for
250 # storing dumps on platforms which do not have a dedicated dump partition.
251 mkdir /data/dontpanic 0750 root log
252
253 # Collect apanic data, free resources and re-arm trigger
254 copy /proc/apanic_console /data/dontpanic/apanic_console
255 chown root log /data/dontpanic/apanic_console
256 chmod 0640 /data/dontpanic/apanic_console
257
258 copy /proc/apanic_threads /data/dontpanic/apanic_threads
259 chown root log /data/dontpanic/apanic_threads
260 chmod 0640 /data/dontpanic/apanic_threads
261
262 write /proc/apanic_console 1
263
264 # create basic filesystem structure
265 mkdir /data/misc 01771 system misc
266 mkdir /data/misc/adb 02750 system shell
267 mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
268 mkdir /data/misc/bluetooth 0770 system system
269 mkdir /data/misc/keystore 0700 keystore keystore
270 mkdir /data/misc/keychain 0771 system system
271 mkdir /data/misc/net 0750 root shell
272 mkdir /data/misc/radio 0770 system radio
273 mkdir /data/misc/sms 0770 system radio
274 mkdir /data/misc/zoneinfo 0775 system system
275 mkdir /data/misc/vpn 0770 system vpn
276 mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
277 mkdir /data/misc/systemkeys 0700 system system
278 mkdir /data/misc/wifi 0770 wifi wifi
279 mkdir /data/misc/wifi/sockets 0770 wifi wifi
280 mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
281 mkdir /data/misc/ethernet 0770 system system
282 mkdir /data/misc/dhcp 0770 dhcp dhcp
283 mkdir /data/misc/user 0771 root root
284 # give system access to wpa_supplicant.conf for backup and restore
285 chmod 0660 /data/misc/wifi/wpa_supplicant.conf
286 mkdir /data/local 0751 root root
287 mkdir /data/misc/media 0700 media media
288
289 # For security reasons, /data/local/tmp should always be empty.
290 # Do not place files or directories in /data/local/tmp
291 mkdir /data/local/tmp 0771 shell shell
292 mkdir /data/data 0771 system system
293 mkdir /data/app-private 0771 system system
294 mkdir /data/app-asec 0700 root root
295 mkdir /data/app-lib 0771 system system
296 mkdir /data/app 0771 system system
297 mkdir /data/property 0700 root root
298
299 # create dalvik-cache, so as to enforce our permissions
300 mkdir /data/dalvik-cache 0771 root root
301 mkdir /data/dalvik-cache/profiles 0711 system system
302
303 # create resource-cache and double-check the perms
304 mkdir /data/resource-cache 0771 system system
305 chown system system /data/resource-cache
306 chmod 0771 /data/resource-cache
307
308 # create the lost+found directories, so as to enforce our permissions
309 mkdir /data/lost+found 0770 root root
310
311 # create directory for DRM plug-ins - give drm the read/write access to
312 # the following directory.
313 mkdir /data/drm 0770 drm drm ####
314 # mkdir /data/drm 0774 drm system ####
315
316 # create directory for MediaDrm plug-ins - give drm the read/write access to
317 # the following directory.
318 mkdir /data/mediadrm 0770 mediadrm mediadrm
319
320 # symlink to bugreport storage location
321 symlink /data/data/com.android.shell/files/bugreports /data/bugreports
322
323 # Separate location for storing security policy files on data
324 mkdir /data/security 0711 system system
325
326 # add for mediaserver data
327 mkdir /data/mediaserver 0775 media media
328 restorecon /data/mediaserver
329
330 # Reload policy from /data/security if present.
331 setprop selinux.reload_policy 1
332
333 # Set SELinux security contexts on upgrade or policy update.
334 restorecon_recursive /data
335
336 # If there is no fs-post-data action in the init.<device>.rc file, you
337 # must uncomment this line, otherwise encrypted filesystems
338 # won't work.
339 # Set indication (checked by vold) that we have finished this action
340 #setprop vold.post_fs_data_done 1
341
342on boot
343 # basic network init
344 ifup lo
345 hostname localhost
346 domainname localdomain
347
348 # set RLIMIT_NICE to allow priorities from 19 to -20
349 setrlimit 13 40 40
350
351 # Memory management. Basic kernel parameters, and allow the high
352 # level system server to be able to adjust the kernel OOM driver
353 # parameters to match how it is managing things.
354 write /proc/sys/vm/overcommit_memory 1
355 write /proc/sys/vm/min_free_order_shift 4
356 chown root system /sys/module/lowmemorykiller/parameters/adj
357 chmod 0220 /sys/module/lowmemorykiller/parameters/adj
358 chown root system /sys/module/lowmemorykiller/parameters/minfree
359 chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
360
361 # Tweak background writeout
362 write /proc/sys/vm/dirty_expire_centisecs 200
363 write /proc/sys/vm/dirty_background_ratio 5
364
365 # Permissions for System Server and daemons.
366 chown radio system /sys/android_power/state
367 chown radio system /sys/android_power/request_state
368 chown radio system /sys/android_power/acquire_full_wake_lock
369 chown radio system /sys/android_power/acquire_partial_wake_lock
370 chown radio system /sys/android_power/release_wake_lock
371 chown system system /sys/power/autosleep
372 chown system system /sys/power/state
373 chown system system /sys/power/wakeup_count
374 chown radio system /sys/power/wake_lock
375 chown radio system /sys/power/wake_unlock
376 chmod 0660 /sys/power/state
377 chmod 0660 /sys/power/wake_lock
378 chmod 0660 /sys/power/wake_unlock
379
380 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
381 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
382 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
383 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
384 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
385 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
386 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
387 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
388 chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
389 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
390 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
391 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
392 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
393 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
394 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
395 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
396 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
397 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
398 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
399 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
400 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
401 chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
402 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
403
404 # Assume SMP uses shared cpufreq policy for all CPUs
405 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
406 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
407
408 chown system system /sys/class/timed_output/vibrator/enable
409 chown system system /sys/class/leds/keyboard-backlight/brightness
410 chown system system /sys/class/leds/lcd-backlight/brightness
411 chown system system /sys/class/leds/button-backlight/brightness
412 chown system system /sys/class/leds/jogball-backlight/brightness
413 chown system system /sys/class/leds/red/brightness
414 chown system system /sys/class/leds/green/brightness
415 chown system system /sys/class/leds/blue/brightness
416 chown system system /sys/class/leds/red/device/grpfreq
417 chown system system /sys/class/leds/red/device/grppwm
418 chown system system /sys/class/leds/red/device/blink
419 chown system system /sys/class/timed_output/vibrator/enable
420 chown system system /sys/module/sco/parameters/disable_esco
421 chown system system /sys/kernel/ipv4/tcp_wmem_min
422 chown system system /sys/kernel/ipv4/tcp_wmem_def
423 chown system system /sys/kernel/ipv4/tcp_wmem_max
424 chown system system /sys/kernel/ipv4/tcp_rmem_min
425 chown system system /sys/kernel/ipv4/tcp_rmem_def
426 chown system system /sys/kernel/ipv4/tcp_rmem_max
427 chown root radio /proc/cmdline
428
429 # Define default initial receive window size in segments.
430 setprop net.tcp.default_init_rwnd 60
431
432 class_start core
433
434on nonencrypted
435 class_start main
436 class_start late_start
437
438on property:vold.decrypt=trigger_default_encryption
439 start defaultcrypto
440
441on property:vold.decrypt=trigger_encryption
442 start surfaceflinger
443 start encrypt
444
445on property:sys.init_log_level=*
446 loglevel ${sys.init_log_level}
447
448on charger
449 class_start charger
450
451on property:vold.decrypt=trigger_reset_main
452 class_reset main
453
454on property:vold.decrypt=trigger_load_persist_props
455 load_persist_props
456
457on property:vold.decrypt=trigger_post_fs_data
458 trigger post-fs-data
459
460on property:vold.decrypt=trigger_restart_min_framework
461 class_start main
462
463on property:vold.decrypt=trigger_restart_framework
464 class_start main
465 class_start late_start
466
467on property:vold.decrypt=trigger_shutdown_framework
468 class_reset late_start
469 class_reset main
470
471on property:sys.powerctl=*
472 powerctl ${sys.powerctl}
473
474# system server cannot write to /proc/sys files,
475# and chown/chmod does not work for /proc/sys/ entries.
476# So proxy writes through init.
477on property:sys.sysctl.extra_free_kbytes=*
478 write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
479
480# "tcp_default_init_rwnd" Is too long!
481on property:sys.sysctl.tcp_def_init_rwnd=*
482 write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
483
484
485## Daemon processes to be run by init.
486##
487service ueventd /sbin/ueventd
488 class core
489 critical
490 seclabel u:r:ueventd:s0
491
492service logd /system/bin/logd
493 class core
494 socket logd stream 0666 logd logd
495 socket logdr seqpacket 0666 logd logd
496 socket logdw dgram 0222 logd logd
497 seclabel u:r:logd:s0
498
499service healthd /sbin/healthd
500 class core
501 critical
502 seclabel u:r:healthd:s0
503
504service console /system/bin/sh
505 class core
506 console
507 disabled
508 user shell
509 seclabel u:r:shell:s0
510
511on property:ro.debuggable=1
512 start console
513
514# adbd is controlled via property triggers in init.<platform>.usb.rc
515service adbd /sbin/adbd --root_seclabel=u:r:su:s0
516 class core
517 socket adbd stream 660 system system
518 disabled
519 seclabel u:r:adbd:s0
520
521# adbd on at boot in emulator
522on property:ro.kernel.qemu=1
523 start adbd
524
525#service lmkd /system/bin/lmkd
526# class core
527# critical
528# socket lmkd seqpacket 0660 system system
529
530#service servicemanager /system/bin/servicemanager
531# class core
532# user system
533# group system
534# critical
535# onrestart restart healthd
536# onrestart restart zygote
537# onrestart restart media
538# onrestart restart surfaceflinger
539# onrestart restart drm
540
541#service vold /system/bin/vold
542# class core
543# socket vold stream 0660 root mount
544# ioprio be 2
545
546#service netd /system/bin/netd
547# class main
548# socket netd stream 0660 root system
549# socket dnsproxyd stream 0660 root inet
550# socket mdns stream 0660 root system
551# socket fwmarkd stream 0660 root inet
552
553#service debuggerd /system/bin/debuggerd
554# class main
555
556#service debuggerd64 /system/bin/debuggerd64
557# class main
558
559# for using TK init.modem.rc rild-daemon setting
560#service ril-daemon /system/bin/rild
561# class main
562# socket rild stream 660 root radio
563# socket rild-debug stream 660 radio system
564# user root
565# group radio cache inet misc audio log
566
567#service surfaceflinger /system/bin/surfaceflinger
568# class core
569# user system
570# group graphics drmrpc
571# onrestart restart zygote
572
573#make sure drm server has rights to read and write sdcard ####
574#service drm /system/bin/drmserver
575# class main
576# user drm
577 # group drm system inet drmrpc ####
578# group drm system inet drmrpc sdcard_r ####
579
580#service media /system/bin/mediaserver
581# class main
582# user root ####
583# google default ####
584# user media ####
585# group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm media sdcard_r system net_bt_stack ####
586# google default ####
587# group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm ####
588
589# ioprio rt 4
590
591# One shot invocation to deal with encrypted volume.
592#service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
593# disabled
594# oneshot
595 # vold will set vold.decrypt to trigger_restart_framework (default
596 # encryption) or trigger_restart_min_framework (other encryption)
597
598# One shot invocation to encrypt unencrypted volumes
599#service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
600# disabled
601# oneshot
602 # vold will set vold.decrypt to trigger_restart_framework (default
603 # encryption)
604
605#service bootanim /system/bin/bootanimation
606# class core
607# user graphics
608# group graphics audio ####
609# group graphics media audio ####
610# disabled
611# oneshot
612
613#service installd /system/bin/installd
614# class main
615# socket installd stream 600 system system
616
617#service flash_recovery /system/bin/install-recovery.sh
618# class main
619# seclabel u:r:install_recovery:s0
620# oneshot
621
622#service racoon /system/bin/racoon
623# class main
624# socket racoon stream 600 system system
625 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
626# group vpn net_admin inet
627# disabled
628# oneshot
629
630#service mtpd /system/bin/mtpd
631# class main
632# socket mtpd stream 600 system system
633# user vpn
634# group vpn net_admin inet net_raw
635# disabled
636# oneshot
637
638#service keystore /system/bin/keystore /data/misc/keystore
639# class main
640# user keystore
641# group keystore drmrpc
642
643#service dumpstate /system/bin/dumpstate -s
644# class main
645# socket dumpstate stream 0660 shell log
646# disabled
647# oneshot
648
649#service mdnsd /system/bin/mdnsd
650# class main
651# user mdnsr
652# group inet net_raw
653# socket mdnsd stream 0660 mdnsr inet
654# disabled
655# oneshot
656
657#service pre-recovery /system/bin/uncrypt
658# class main
659# disabled
660# oneshot
extracted stock system of the telekom puls