summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilipp Tomsich <philipp.tomsich@theobroma-systems.com>2017-10-11 16:04:40 +0200
committerMartin Elshuber <martin.elshuber@theobroma-systems.com>2017-10-11 16:04:40 +0200
commiteb42fc8f1932066907b40a1398a952c8f4a064a1 (patch)
tree0e05ad28f40f58e9c719859bb0169319cb57b826
parent879fb1a6d5e0aff9887dac8172ae1db334c0fe35 (diff)
init.rc: include full init.rc in our board-directory
-rwxr-xr-xdevice.mk2
-rw-r--r--init.rc695
2 files changed, 696 insertions, 1 deletions
diff --git a/device.mk b/device.mk
index bd8d71b..5030b82 100755
--- a/device.mk
+++ b/device.mk
@@ -31,7 +31,7 @@ TARGET_USERIMAGES_USE_F2FS := true
endif
PRODUCT_COPY_FILES += \
- $(LOCAL_PATH)/rk3399_firefly_box/init.rc:root/init.rc
+ $(LOCAL_PATH)/init.rc:root/init.rc
#copy init.rc for tablet or box product
#ifeq ($(strip $(TARGET_BOARD_PLATFORM_PRODUCT)), box)
#PRODUCT_COPY_FILES += \
diff --git a/init.rc b/init.rc
new file mode 100644
index 0000000..24dded9
--- /dev/null
+++ b/init.rc
@@ -0,0 +1,695 @@
+# Copyright (C) 2012 The Android Open Source Project
+#
+# IMPORTANT: Do not create world writable files or directories.
+# This is a common source of Android security bugs.
+#
+
+import /init.environ.rc
+import /init.usb.rc
+import /init.${ro.hardware}.rc
+import /init.usb.configfs.rc
+import /init.${ro.zygote}.rc
+
+on early-init
+ # Set init and its forked children's oom_adj.
+ write /proc/1/oom_score_adj -1000
+
+ # Disable sysrq from keyboard
+ write /proc/sys/kernel/sysrq 0
+
+ # Set the security context of /adb_keys if present.
+ restorecon /adb_keys
+
+ # Shouldn't be necessary, but sdcard won't start without it. http://b/22568628.
+ mkdir /mnt 0775 root system
+
+ # Set the security context of /postinstall if present.
+ restorecon /postinstall
+
+ start ueventd
+
+on init
+ sysclktz 0
+
+ # Mix device-specific information into the entropy pool
+ copy /proc/cmdline /dev/urandom
+ copy /default.prop /dev/urandom
+
+ # Backward compatibility.
+ symlink /system/etc /etc
+ symlink /sys/kernel/debug /d
+
+ # Link /vendor to /system/vendor for devices without a vendor partition.
+ symlink /system/vendor /vendor
+
+ # Mount cgroup mount point for cpu accounting
+ mount cgroup none /acct cpuacct
+ mkdir /acct/uid
+
+ # Create energy-aware scheduler tuning nodes
+ mkdir /dev/stune
+ mount cgroup none /dev/stune schedtune
+ mkdir /dev/stune/foreground
+ mkdir /dev/stune/background
+ mkdir /dev/stune/top-app
+ chown system system /dev/stune
+ chown system system /dev/stune/foreground
+ chown system system /dev/stune/background
+ chown system system /dev/stune/top-app
+ chown system system /dev/stune/tasks
+ chown system system /dev/stune/foreground/tasks
+ chown system system /dev/stune/background/tasks
+ chown system system /dev/stune/top-app/tasks
+ chmod 0664 /dev/stune/tasks
+ chmod 0664 /dev/stune/foreground/tasks
+ chmod 0664 /dev/stune/background/tasks
+ chmod 0664 /dev/stune/top-app/tasks
+
+ # Mount staging areas for devices managed by vold
+ # See storage config details at http://source.android.com/tech/storage/
+ mount tmpfs tmpfs /mnt mode=0755,uid=0,gid=1000
+ restorecon_recursive /mnt
+
+ mount configfs none /config
+ chmod 0775 /config/sdcardfs
+ chown system package_info /config/sdcardfs
+
+ mkdir /mnt/secure 0700 root root
+ mkdir /mnt/secure/asec 0700 root root
+ mkdir /mnt/asec 0755 root system
+ mkdir /mnt/obb 0755 root system
+ mkdir /mnt/media_rw 0750 root media_rw
+ mkdir /mnt/user 0755 root root
+ mkdir /mnt/user/0 0755 root root
+ mkdir /mnt/expand 0771 system system
+ mkdir /mnt/appfuse 0711 root root
+
+ # Storage views to support runtime permissions
+ mkdir /mnt/runtime 0700 root root
+ mkdir /mnt/runtime/default 0755 root root
+ mkdir /mnt/runtime/default/self 0755 root root
+ mkdir /mnt/runtime/read 0755 root root
+ mkdir /mnt/runtime/read/self 0755 root root
+ mkdir /mnt/runtime/write 0755 root root
+ mkdir /mnt/runtime/write/self 0755 root root
+
+ # Symlink to keep legacy apps working in multi-user world
+ symlink /storage/self/primary /sdcard
+ symlink /storage/self/primary /mnt/sdcard
+ symlink /mnt/user/0/primary /mnt/runtime/default/self/primary
+
+ # root memory control cgroup, used by lmkd
+ mkdir /dev/memcg 0700 root system
+ mount cgroup none /dev/memcg memory
+ # app mem cgroups, used by activity manager, lmkd and zygote
+ mkdir /dev/memcg/apps/ 0755 system system
+
+ write /proc/sys/kernel/panic_on_oops 1
+ write /proc/sys/kernel/hung_task_timeout_secs 0
+ write /proc/cpu/alignment 4
+
+ # scheduler tunables
+ # Disable auto-scaling of scheduler tunables with hotplug. The tunables
+ # will vary across devices in unpredictable ways if allowed to scale with
+ # cpu cores.
+ write /proc/sys/kernel/sched_tunable_scaling 0
+ write /proc/sys/kernel/sched_latency_ns 10000000
+ write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
+ write /proc/sys/kernel/sched_child_runs_first 0
+
+ write /proc/sys/kernel/randomize_va_space 2
+ write /proc/sys/kernel/kptr_restrict 2
+ write /proc/sys/vm/mmap_min_addr 32768
+ write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
+ write /proc/sys/net/unix/max_dgram_qlen 600
+ write /proc/sys/kernel/sched_rt_runtime_us 950000
+ write /proc/sys/kernel/sched_rt_period_us 1000000
+
+ # reflect fwmark from incoming packets onto generated replies
+ write /proc/sys/net/ipv4/fwmark_reflect 1
+ write /proc/sys/net/ipv6/fwmark_reflect 1
+
+ # set fwmark on accepted sockets
+ write /proc/sys/net/ipv4/tcp_fwmark_accept 1
+
+ # disable icmp redirects
+ write /proc/sys/net/ipv4/conf/all/accept_redirects 0
+ write /proc/sys/net/ipv6/conf/all/accept_redirects 0
+
+ # Create cgroup mount points for process groups
+ mkdir /dev/cpuctl
+ mount cgroup none /dev/cpuctl cpu
+ chown system system /dev/cpuctl
+ chown system system /dev/cpuctl/tasks
+ chmod 0666 /dev/cpuctl/tasks
+ write /dev/cpuctl/cpu.rt_period_us 1000000
+ write /dev/cpuctl/cpu.rt_runtime_us 950000
+
+ mkdir /dev/cpuctl/bg_non_interactive
+ chown system system /dev/cpuctl/bg_non_interactive/tasks
+ chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
+ # 5.0 %
+ write /dev/cpuctl/bg_non_interactive/cpu.shares 52
+ write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
+ # active FIFO threads will never be in BG
+ write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 10000
+
+ # sets up initial cpusets for ActivityManager
+ mkdir /dev/cpuset
+ mount cpuset none /dev/cpuset
+
+ # this ensures that the cpusets are present and usable, but the device's
+ # init.rc must actually set the correct cpus
+ mkdir /dev/cpuset/foreground
+ write /dev/cpuset/foreground/cpus 0
+ write /dev/cpuset/foreground/mems 0
+ mkdir /dev/cpuset/foreground/boost
+ write /dev/cpuset/foreground/boost/cpus 0
+ write /dev/cpuset/foreground/boost/mems 0
+ mkdir /dev/cpuset/background
+ write /dev/cpuset/background/cpus 0
+ write /dev/cpuset/background/mems 0
+
+ # system-background is for system tasks that should only run on
+ # little cores, not on bigs
+ # to be used only by init, so don't change system-bg permissions
+ mkdir /dev/cpuset/system-background
+ write /dev/cpuset/system-background/cpus 0
+ write /dev/cpuset/system-background/mems 0
+
+ mkdir /dev/cpuset/top-app
+ write /dev/cpuset/top-app/cpus 0
+ write /dev/cpuset/top-app/mems 0
+
+ # change permissions for all cpusets we'll touch at runtime
+ chown system system /dev/cpuset
+ chown system system /dev/cpuset/foreground
+ chown system system /dev/cpuset/foreground/boost
+ chown system system /dev/cpuset/background
+ chown system system /dev/cpuset/system-background
+ chown system system /dev/cpuset/top-app
+ chown system system /dev/cpuset/tasks
+ chown system system /dev/cpuset/foreground/tasks
+ chown system system /dev/cpuset/foreground/boost/tasks
+ chown system system /dev/cpuset/background/tasks
+ chown system system /dev/cpuset/system-background/tasks
+ chown system system /dev/cpuset/top-app/tasks
+
+ # set system-background to 0775 so SurfaceFlinger can touch it
+ chmod 0775 /dev/cpuset/system-background
+
+ chmod 0664 /dev/cpuset/foreground/tasks
+ chmod 0664 /dev/cpuset/foreground/boost/tasks
+ chmod 0664 /dev/cpuset/background/tasks
+ chmod 0664 /dev/cpuset/system-background/tasks
+ chmod 0664 /dev/cpuset/top-app/tasks
+ chmod 0664 /dev/cpuset/tasks
+
+
+ # qtaguid will limit access to specific data based on group memberships.
+ # net_bw_acct grants impersonation of socket owners.
+ # net_bw_stats grants access to other apps' detailed tagged-socket stats.
+ chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
+ chown root net_bw_stats /proc/net/xt_qtaguid/stats
+
+ # Allow everybody to read the xt_qtaguid resource tracking misc dev.
+ # This is needed by any process that uses socket tagging.
+ chmod 0644 /dev/xt_qtaguid
+
+ # Create location for fs_mgr to store abbreviated output from filesystem
+ # checker programs.
+ mkdir /dev/fscklogs 0770 root system
+
+ # pstore/ramoops previous console log
+ mount pstore pstore /sys/fs/pstore
+ chown system log /sys/fs/pstore/console-ramoops
+ chmod 0440 /sys/fs/pstore/console-ramoops
+ chown system log /sys/fs/pstore/pmsg-ramoops-0
+ chmod 0440 /sys/fs/pstore/pmsg-ramoops-0
+
+ # enable armv8_deprecated instruction hooks
+ write /proc/sys/abi/swp 1
+
+ # Linux's execveat() syscall may construct paths containing /dev/fd
+ # expecting it to point to /proc/self/fd
+ symlink /proc/self/fd /dev/fd
+
+ export DOWNLOAD_CACHE /data/cache
+
+ # set RLIMIT_NICE to allow priorities from 19 to -20
+ setrlimit 13 40 40
+
+# Healthd can trigger a full boot from charger mode by signaling this
+# property when the power button is held.
+on property:sys.boot_from_charger_mode=1
+ class_stop charger
+ trigger late-init
+
+# Load properties from /system/ + /factory after fs mount.
+on load_system_props_action
+ load_system_props
+
+on load_persist_props_action
+ load_persist_props
+ start logd
+ start logd-reinit
+
+# Indicate to fw loaders that the relevant mounts are up.
+on firmware_mounts_complete
+ rm /dev/.booting
+
+# Mount filesystems and start core system services.
+on late-init
+ trigger early-fs
+
+ # Mount fstab in init.{$device}.rc by mount_all command. Optional parameter
+ # '--early' can be specified to skip entries with 'latemount'.
+ # /system and /vendor must be mounted by the end of the fs stage,
+ # while /data is optional.
+ trigger fs
+
+ # Load properties from /system/ + /factory after fs mount. Place
+ # this in another action so that the load will be scheduled after the prior
+ # issued fs triggers have completed.
+ trigger load_system_props_action
+ trigger post-fs
+
+ # Mount fstab in init.{$device}.rc by mount_all with '--late' parameter
+ # to only mount entries with 'latemount'. This is needed if '--early' is
+ # specified in the previous mount_all command on the fs stage.
+ # With /system mounted and properties form /system + /factory available,
+ # some services can be started.
+ trigger late-fs
+
+ # Now we can mount /data. File encryption requires keymaster to decrypt
+ # /data, which in turn can only be loaded when system properties are present.
+ trigger post-fs-data
+
+ # Load persist properties and override properties (if enabled) from /data.
+ trigger load_persist_props_action
+
+ # Remove a file to wake up anything waiting for firmware.
+ trigger firmware_mounts_complete
+
+ trigger early-boot
+ trigger boot
+
+
+on post-fs
+ # start logd
+ # set RLIMIT_NICE to allow priorities from 19 to -20
+ setrlimit 13 40 40
+ class_start core
+ # once everything is setup, no need to modify /
+ mount rootfs rootfs / ro remount
+ # Mount shared so changes propagate into child namespaces
+ mount rootfs rootfs / shared rec
+ # Mount default storage into root namespace
+ mount none /mnt/runtime/default /storage slave bind rec
+
+ # Make sure /sys/kernel/debug (if present) is labeled properly
+ restorecon_recursive /sys/kernel/debug
+
+ # We chown/chmod /cache again so because mount is run as root + defaults
+ chown system cache /cache
+ chmod 0770 /cache
+ # We restorecon /cache in case the cache partition has been reset.
+ restorecon_recursive /cache
+
+ # Create /cache/recovery in case it's not there. It'll also fix the odd
+ # permissions if created by the recovery system.
+ mkdir /cache/recovery 0770 system cache
+
+ # Backup/restore mechanism uses the cache partition
+ mkdir /cache/backup_stage 0700 system system
+ mkdir /cache/backup 0700 system system
+
+ #change permissions on vmallocinfo so we can grab it from bugreports
+ chown root log /proc/vmallocinfo
+ chmod 0440 /proc/vmallocinfo
+
+ chown root log /proc/slabinfo
+ chmod 0440 /proc/slabinfo
+
+ #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
+ chown root system /proc/kmsg
+ chmod 0440 /proc/kmsg
+ chown root system /proc/sysrq-trigger
+ chmod 0220 /proc/sysrq-trigger
+ chown system log /proc/last_kmsg
+ chmod 0440 /proc/last_kmsg
+
+ # make the selinux kernel policy world-readable
+ chmod 0444 /sys/fs/selinux/policy
+
+ # create the lost+found directories, so as to enforce our permissions
+ mkdir /cache/lost+found 0770 root root
+
+on post-fs-data
+ # We chown/chmod /data again so because mount is run as root + defaults
+ chown system system /data
+ chmod 0771 /data
+ # We restorecon /data in case the userdata partition has been reset.
+ restorecon /data
+
+ # start debuggerd to make debugging early-boot crashes easier.
+ start debuggerd
+ start debuggerd64
+
+ # Make sure we have the device encryption key.
+ start vold
+ installkey /data
+
+ # Start bootcharting as soon as possible after the data partition is
+ # mounted to collect more data.
+ mkdir /data/bootchart 0755 shell shell
+ bootchart_init
+
+ # Avoid predictable entropy pool. Carry over entropy from previous boot.
+ copy /data/system/entropy.dat /dev/urandom
+
+ # create basic filesystem structure
+ mkdir /data/misc 01771 system misc
+ mkdir /data/misc/bluedroid 02770 bluetooth net_bt_stack
+ # Fix the access permissions and group ownership for 'bt_config.conf'
+ chmod 0660 /data/misc/bluedroid/bt_config.conf
+ chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf
+ mkdir /data/misc/bluetooth 0770 system system
+ mkdir /data/misc/keystore 0700 keystore keystore
+ mkdir /data/misc/gatekeeper 0700 system system
+ mkdir /data/misc/keychain 0771 system system
+ mkdir /data/misc/net 0750 root shell
+ mkdir /data/misc/radio 0770 system radio
+ mkdir /data/misc/sms 0770 system radio
+ mkdir /data/misc/zoneinfo 0775 system system
+ mkdir /data/misc/vpn 0770 system vpn
+ mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
+ mkdir /data/misc/systemkeys 0700 system system
+ mkdir /data/misc/wifi 0770 wifi wifi
+ mkdir /data/misc/wifi/sockets 0770 wifi wifi
+ mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
+ mkdir /data/misc/ethernet 0770 system system
+ mkdir /data/misc/dhcp 0770 dhcp dhcp
+ mkdir /data/misc/user 0771 root root
+ mkdir /data/misc/perfprofd 0775 root root
+ # give system access to wpa_supplicant.conf for backup and restore
+ chmod 0660 /data/misc/wifi/wpa_supplicant.conf
+ mkdir /data/local 0751 root root
+ mkdir /data/misc/media 0700 media media
+ mkdir /data/misc/audioserver 0700 audioserver audioserver
+ mkdir /data/misc/cameraserver 0700 cameraserver cameraserver
+ mkdir /data/misc/vold 0700 root root
+ mkdir /data/misc/boottrace 0771 system shell
+ mkdir /data/misc/update_engine 0700 root root
+ mkdir /data/misc/trace 0700 root root
+ # profile file layout
+ mkdir /data/misc/profiles 0771 system system
+ mkdir /data/misc/profiles/cur 0771 system system
+ mkdir /data/misc/profiles/ref 0771 system system
+ mkdir /data/misc/profman 0770 system shell
+
+ # For security reasons, /data/local/tmp should always be empty.
+ # Do not place files or directories in /data/local/tmp
+ mkdir /data/local/tmp 0771 shell shell
+ mkdir /data/data 0771 system system
+ mkdir /data/app-private 0771 system system
+ mkdir /data/app-ephemeral 0771 system system
+ mkdir /data/app-asec 0700 root root
+ mkdir /data/app-lib 0771 system system
+ mkdir /data/app 0771 system system
+ mkdir /data/property 0700 root root
+ mkdir /data/tombstones 0771 system system
+
+ # create dalvik-cache, so as to enforce our permissions
+ mkdir /data/dalvik-cache 0771 root root
+ # create the A/B OTA directory, so as to enforce our permissions
+ mkdir /data/ota 0771 root root
+
+ # create the OTA package directory. It will be accessed by GmsCore (cache
+ # group), update_engine and update_verifier.
+ mkdir /data/ota_package 0770 system cache
+
+ # create resource-cache and double-check the perms
+ mkdir /data/resource-cache 0771 system system
+ chown system system /data/resource-cache
+ chmod 0771 /data/resource-cache
+
+ # create the lost+found directories, so as to enforce our permissions
+ mkdir /data/lost+found 0770 root root
+
+ # create directory for DRM plug-ins - give drm the read/write access to
+ # the following directory.
+ mkdir /data/drm 0770 drm drm
+
+ # create directory for MediaDrm plug-ins - give drm the read/write access to
+ # the following directory.
+ mkdir /data/mediadrm 0770 mediadrm mediadrm
+
+ mkdir /data/anr 0775 system system
+
+ # symlink to bugreport storage location
+ rm /data/bugreports
+ symlink /data/user_de/0/com.android.shell/files/bugreports /data/bugreports
+
+ # Separate location for storing security policy files on data
+ mkdir /data/security 0711 system system
+
+ # Create all remaining /data root dirs so that they are made through init
+ # and get proper encryption policy installed
+ mkdir /data/backup 0700 system system
+ mkdir /data/ss 0700 system system
+
+ mkdir /data/system 0775 system system
+ mkdir /data/system/heapdump 0700 system system
+ mkdir /data/system/users 0775 system system
+
+ mkdir /data/system_de 0770 system system
+ mkdir /data/system_ce 0770 system system
+
+ mkdir /data/misc_de 01771 system misc
+ mkdir /data/misc_ce 01771 system misc
+
+ mkdir /data/user 0711 system system
+ mkdir /data/user_de 0711 system system
+ symlink /data/data /data/user/0
+
+ mkdir /data/media 0770 media_rw media_rw
+ mkdir /data/media/obb 0770 media_rw media_rw
+
+ mkdir /data/cache 0770 system cache
+ mkdir /data/cache/recovery 0770 system cache
+ mkdir /data/cache/backup_stage 0700 system system
+ mkdir /data/cache/backup 0700 system system
+
+ init_user0
+
+ # Reload policy from /data/security if present.
+ setprop selinux.reload_policy 1
+
+ # Set SELinux security contexts on upgrade or policy update.
+ restorecon_recursive /data
+
+ # Check any timezone data in /data is newer than the copy in /system, delete if not.
+ exec - system system -- /system/bin/tzdatacheck /system/usr/share/zoneinfo /data/misc/zoneinfo
+
+ # If there is no fs-post-data action in the init.<device>.rc file, you
+ # must uncomment this line, otherwise encrypted filesystems
+ # won't work.
+ # Set indication (checked by vold) that we have finished this action
+ #setprop vold.post_fs_data_done 1
+
+on boot
+ # basic network init
+ ifup lo
+ hostname localhost
+ domainname localdomain
+
+ # Memory management. Basic kernel parameters, and allow the high
+ # level system server to be able to adjust the kernel OOM driver
+ # parameters to match how it is managing things.
+ write /proc/sys/vm/overcommit_memory 1
+ write /proc/sys/vm/min_free_order_shift 4
+ chown root system /sys/module/lowmemorykiller/parameters/adj
+ chmod 0664 /sys/module/lowmemorykiller/parameters/adj
+ chown root system /sys/module/lowmemorykiller/parameters/minfree
+ chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
+
+ # Tweak background writeout
+ write /proc/sys/vm/dirty_expire_centisecs 200
+ write /proc/sys/vm/dirty_background_ratio 5
+
+ # Permissions for System Server and daemons.
+ chown radio system /sys/android_power/state
+ chown radio system /sys/android_power/request_state
+ chown radio system /sys/android_power/acquire_full_wake_lock
+ chown radio system /sys/android_power/acquire_partial_wake_lock
+ chown radio system /sys/android_power/release_wake_lock
+ chown system system /sys/power/autosleep
+ chown system system /sys/power/state
+ chown system system /sys/power/wakeup_count
+ chown radio wakelock /sys/power/wake_lock
+ chown radio wakelock /sys/power/wake_unlock
+ chmod 0660 /sys/power/state
+ chmod 0660 /sys/power/wake_lock
+ chmod 0660 /sys/power/wake_unlock
+
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
+ chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
+ chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
+
+ # firefly leds
+ chmod 0666 /sys/class/leds/firefly\:yellow\:user/brightness
+ chmod 0666 /sys/class/leds/firefly\:blue\:power/brightness
+
+ # Assume SMP uses shared cpufreq policy for all CPUs
+ chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
+ chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
+
+ chown system system /sys/class/timed_output/vibrator/enable
+ chown system system /sys/class/leds/keyboard-backlight/brightness
+ chown system system /sys/class/leds/lcd-backlight/brightness
+ chown system system /sys/class/leds/button-backlight/brightness
+ chown system system /sys/class/leds/jogball-backlight/brightness
+ chown system system /sys/class/leds/red/brightness
+ chown system system /sys/class/leds/green/brightness
+ chown system system /sys/class/leds/blue/brightness
+ chown system system /sys/class/leds/red/device/grpfreq
+ chown system system /sys/class/leds/red/device/grppwm
+ chown system system /sys/class/leds/red/device/blink
+ chown system system /sys/class/timed_output/vibrator/enable
+ chown system system /sys/module/sco/parameters/disable_esco
+ chown system system /sys/kernel/ipv4/tcp_wmem_min
+ chown system system /sys/kernel/ipv4/tcp_wmem_def
+ chown system system /sys/kernel/ipv4/tcp_wmem_max
+ chown system system /sys/kernel/ipv4/tcp_rmem_min
+ chown system system /sys/kernel/ipv4/tcp_rmem_def
+ chown system system /sys/kernel/ipv4/tcp_rmem_max
+ chown root radio /proc/cmdline
+ echo "05c6 9025" > /sys/bus/usb-serial/drivers/generic/new_id
+
+ # Define default initial receive window size in segments.
+ setprop net.tcp.default_init_rwnd 60
+
+on nonencrypted
+ # A/B update verifier that marks a successful boot.
+ exec - root cache -- /system/bin/update_verifier nonencrypted
+ class_start main
+ class_start late_start
+
+on property:sys.init_log_level=*
+ loglevel ${sys.init_log_level}
+
+on charger
+ class_start charger
+
+on property:vold.decrypt=trigger_reset_main
+ class_reset main
+
+on property:vold.decrypt=trigger_load_persist_props
+ load_persist_props
+ start logd
+ start logd-reinit
+
+on property:vold.decrypt=trigger_post_fs_data
+ trigger post-fs-data
+
+on property:vold.decrypt=trigger_restart_min_framework
+ # A/B update verifier that marks a successful boot.
+ exec - root cache -- /system/bin/update_verifier trigger_restart_min_framework
+ class_start main
+
+on property:vold.decrypt=trigger_restart_framework
+ # A/B update verifier that marks a successful boot.
+ exec - root cache -- /system/bin/update_verifier trigger_restart_framework
+ class_start main
+ class_start late_start
+
+on property:vold.decrypt=trigger_shutdown_framework
+ class_reset late_start
+ class_reset main
+
+on property:sys.powerctl=*
+ powerctl ${sys.powerctl}
+
+# system server cannot write to /proc/sys files,
+# and chown/chmod does not work for /proc/sys/ entries.
+# So proxy writes through init.
+on property:sys.sysctl.extra_free_kbytes=*
+ write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
+
+# "tcp_default_init_rwnd" Is too long!
+on property:sys.sysctl.tcp_def_init_rwnd=*
+ write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
+
+on property:security.perf_harden=0
+ write /proc/sys/kernel/perf_event_paranoid 1
+
+on property:security.perf_harden=1
+ write /proc/sys/kernel/perf_event_paranoid 3
+
+## Daemon processes to be run by init.
+##
+service ueventd /sbin/ueventd
+ class core
+ critical
+ seclabel u:r:ueventd:s0
+
+service healthd /sbin/healthd
+ class core
+ critical
+ seclabel u:r:healthd:s0
+ group root system wakelock
+
+service console /system/bin/sh
+ class core
+ console
+ disabled
+ user shell
+ group shell log readproc
+ seclabel u:r:shell:s0
+
+service ril-daemon /system/bin/rild -l /system/lib/libreference-ril.so -- -d /dev/ttyUSB2 -c /dev/ttyUSB1
+ class main
+ socket rild stream 660 root radio
+ socket sap_uim_socket1 stream 660 bluetooth bluetooth
+ socket rild-debug stream 660 radio system
+ user root
+ group radio cache inet misc audio log
+ u:object_r:rild_exec:s0
+
+on property:ro.debuggable=1
+ # Give writes to anyone for the trace folder on debug builds.
+ # The folder is used to store method traces.
+ chmod 0773 /data/misc/trace
+ start console
+
+service flash_recovery /system/bin/install-recovery.sh
+ class main
+ oneshot
+
+service pppd_gprs /system/etc/ppp/init.gprs-pppd
+ user root
+ group radio cache inet misc
+ seclabel u:r:clear_test:s0
+ disabled
+ oneshot