# Copyright (C) 2012 The Android Open Source Project # # IMPORTANT: Do not create world writable files or directories. # This is a common source of Android security bugs. # import /init.environ.rc import /init.usb.rc import /init.${ro.hardware}.rc import /init.${ro.zygote}.rc import /init.trace.rc on early-init # Set init and its forked children's oom_adj. write /proc/1/oom_score_adj -1000 # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. write /sys/fs/selinux/checkreqprot 0 # Set the security context for the init process. # This should occur before anything else (e.g. ueventd) is started. setcon u:r:init:s0 # Set the security context of /adb_keys if present. restorecon /adb_keys start ueventd # create mountpoints mkdir /mnt 0775 root system on init sysclktz 0 loglevel 3 # Backward compatibility symlink /system/etc /etc symlink /sys/kernel/debug /d # Right now vendor lives on the same filesystem as system, # but someday that may change. symlink /system/vendor /vendor # Create cgroup mount point for cpu accounting mkdir /acct mount cgroup none /acct cpuacct mkdir /acct/uid # Create cgroup mount point for memory mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000 mkdir /sys/fs/cgroup/memory 0750 root system mount cgroup none /sys/fs/cgroup/memory memory write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1 chown root system /sys/fs/cgroup/memory/tasks chmod 0660 /sys/fs/cgroup/memory/tasks mkdir /sys/fs/cgroup/memory/sw 0750 root system write /sys/fs/cgroup/memory/sw/memory.swappiness 100 write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1 chown root system /sys/fs/cgroup/memory/sw/tasks chmod 0660 /sys/fs/cgroup/memory/sw/tasks mkdir /system mkdir /data 0771 system system mkdir /cache 0770 system cache mkdir /config 0500 root root # See storage config details at http://source.android.com/tech/storage/ mkdir /mnt/shell 0700 shell shell mkdir /mnt/media_rw 0700 media_rw media_rw mkdir /storage 0751 root sdcard_r # Directory for putting things only root should see. mkdir /mnt/secure 0700 root root # Directory for staging bindmounts mkdir /mnt/secure/staging 0700 root root # Directory-target for where the secure container # imagefile directory will be bind-mounted mkdir /mnt/secure/asec 0700 root root # Secure container public mount points. mkdir /mnt/asec 0700 root system mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 # Filesystem image public mount points. mkdir /mnt/obb 0700 root system mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 # memory control cgroup mkdir /dev/memcg 0700 root system mount cgroup none /dev/memcg memory write /proc/sys/kernel/panic_on_oops 1 write /proc/sys/kernel/hung_task_timeout_secs 0 write /proc/cpu/alignment 4 write /proc/sys/kernel/sched_latency_ns 10000000 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 write /proc/sys/kernel/sched_compat_yield 1 write /proc/sys/kernel/sched_child_runs_first 0 write /proc/sys/kernel/randomize_va_space 2 write /proc/sys/kernel/kptr_restrict 2 write /proc/sys/vm/mmap_min_addr 32768 write /proc/sys/net/ipv4/ping_group_range "0 2147483647" write /proc/sys/net/unix/max_dgram_qlen 300 write /proc/sys/kernel/sched_rt_runtime_us 950000 write /proc/sys/kernel/sched_rt_period_us 1000000 # reflect fwmark from incoming packets onto generated replies write /proc/sys/net/ipv4/fwmark_reflect 1 write /proc/sys/net/ipv6/fwmark_reflect 1 # set fwmark on accepted sockets write /proc/sys/net/ipv4/tcp_fwmark_accept 1 # Create cgroup mount points for process groups mkdir /dev/cpuctl mount cgroup none /dev/cpuctl cpu chown system system /dev/cpuctl chown system system /dev/cpuctl/tasks chmod 0666 /dev/cpuctl/tasks write /dev/cpuctl/cpu.shares 1024 write /dev/cpuctl/cpu.rt_runtime_us 800000 write /dev/cpuctl/cpu.rt_period_us 1000000 mkdir /dev/cpuctl/bg_non_interactive chown system system /dev/cpuctl/bg_non_interactive/tasks chmod 0666 /dev/cpuctl/bg_non_interactive/tasks # 5.0 % write /dev/cpuctl/bg_non_interactive/cpu.shares 52 write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000 write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000 # qtaguid will limit access to specific data based on group memberships. # net_bw_acct grants impersonation of socket owners. # net_bw_stats grants access to other apps' detailed tagged-socket stats. chown root net_bw_acct /proc/net/xt_qtaguid/ctrl chown root net_bw_stats /proc/net/xt_qtaguid/stats # Allow everybody to read the xt_qtaguid resource tracking misc dev. # This is needed by any process that uses socket tagging. chmod 0644 /dev/xt_qtaguid # Create location for fs_mgr to store abbreviated output from filesystem # checker programs. mkdir /dev/fscklogs 0770 root system # pstore/ramoops previous console log mount pstore pstore /sys/fs/pstore chown system log /sys/fs/pstore/console-ramoops chmod 0440 /sys/fs/pstore/console-ramoops # Healthd can trigger a full boot from charger mode by signaling this # property when the power button is held. on property:sys.boot_from_charger_mode=1 class_stop charger trigger late-init # Load properties from /system/ + /factory after fs mount. on load_all_props_action load_all_props # Indicate to fw loaders that the relevant mounts are up. on firmware_mounts_complete rm /dev/.booting # Mount filesystems and start core system services. on late-init trigger early-fs trigger fs trigger post-fs trigger post-fs-data # Load properties from /system/ + /factory after fs mount. Place # this in another action so that the load will be scheduled after the prior # issued fs triggers have completed. trigger load_all_props_action # Remove a file to wake up anything waiting for firmware. trigger firmware_mounts_complete trigger early-boot trigger boot on post-fs # once everything is setup, no need to modify / mount rootfs rootfs / rw remount # mount shared so changes propagate into child namespaces mount rootfs rootfs / shared rec # We chown/chmod /cache again so because mount is run as root + defaults chown system cache /cache chmod 0770 /cache # We restorecon /cache in case the cache partition has been reset. restorecon_recursive /cache # This may have been created by the recovery system with odd permissions chown system cache /cache/recovery chmod 0770 /cache/recovery #change permissions on vmallocinfo so we can grab it from bugreports chown root log /proc/vmallocinfo chmod 0440 /proc/vmallocinfo chown root log /proc/slabinfo chmod 0440 /proc/slabinfo #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks chown root system /proc/kmsg chmod 0440 /proc/kmsg chown root system /proc/sysrq-trigger chmod 0220 /proc/sysrq-trigger chown system log /proc/last_kmsg chmod 0440 /proc/last_kmsg # make the selinux kernel policy world-readable chmod 0444 /sys/fs/selinux/policy # create the lost+found directories, so as to enforce our permissions mkdir /cache/lost+found 0770 root root on post-fs-data # We chown/chmod /data again so because mount is run as root + defaults chown system system /data chmod 0771 /data # We restorecon /data in case the userdata partition has been reset. restorecon /data # Avoid predictable entropy pool. Carry over entropy from previous boot. copy /data/system/entropy.dat /dev/urandom # Create dump dir and collect dumps. # Do this before we mount cache so eventually we can use cache for # storing dumps on platforms which do not have a dedicated dump partition. mkdir /data/dontpanic 0750 root log # Collect apanic data, free resources and re-arm trigger copy /proc/apanic_console /data/dontpanic/apanic_console chown root log /data/dontpanic/apanic_console chmod 0640 /data/dontpanic/apanic_console copy /proc/apanic_threads /data/dontpanic/apanic_threads chown root log /data/dontpanic/apanic_threads chmod 0640 /data/dontpanic/apanic_threads write /proc/apanic_console 1 # create basic filesystem structure mkdir /data/misc 01771 system misc mkdir /data/misc/adb 02750 system shell mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack mkdir /data/misc/bluetooth 0770 system system mkdir /data/misc/keystore 0700 keystore keystore mkdir /data/misc/keychain 0771 system system mkdir /data/misc/net 0750 root shell mkdir /data/misc/radio 0770 system radio mkdir /data/misc/sms 0770 system radio mkdir /data/misc/zoneinfo 0775 system system mkdir /data/misc/vpn 0770 system vpn mkdir /data/misc/shared_relro 0771 shared_relro shared_relro mkdir /data/misc/systemkeys 0700 system system mkdir /data/misc/wifi 0770 wifi wifi mkdir /data/misc/wifi/sockets 0770 wifi wifi mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi mkdir /data/misc/ethernet 0770 system system mkdir /data/misc/dhcp 0770 dhcp dhcp mkdir /data/misc/user 0771 root root # give system access to wpa_supplicant.conf for backup and restore chmod 0660 /data/misc/wifi/wpa_supplicant.conf mkdir /data/local 0751 root root mkdir /data/misc/media 0700 media media # For security reasons, /data/local/tmp should always be empty. # Do not place files or directories in /data/local/tmp mkdir /data/local/tmp 0771 shell shell mkdir /data/data 0771 system system mkdir /data/app-private 0771 system system mkdir /data/app-asec 0700 root root mkdir /data/app-lib 0771 system system mkdir /data/app 0771 system system mkdir /data/property 0700 root root # create dalvik-cache, so as to enforce our permissions mkdir /data/dalvik-cache 0771 root root mkdir /data/dalvik-cache/profiles 0711 system system # create resource-cache and double-check the perms mkdir /data/resource-cache 0771 system system chown system system /data/resource-cache chmod 0771 /data/resource-cache # create the lost+found directories, so as to enforce our permissions mkdir /data/lost+found 0770 root root # create directory for DRM plug-ins - give drm the read/write access to # the following directory. mkdir /data/drm 0770 drm drm # create directory for MediaDrm plug-ins - give drm the read/write access to # the following directory. mkdir /data/mediadrm 0770 mediadrm mediadrm mkdir /data/adb 0700 root root # symlink to bugreport storage location symlink /data/data/com.android.shell/files/bugreports /data/bugreports # Separate location for storing security policy files on data mkdir /data/security 0711 system system # Reload policy from /data/security if present. setprop selinux.reload_policy 1 # Set SELinux security contexts on upgrade or policy update. restorecon_recursive /data # If there is no fs-post-data action in the init..rc file, you # must uncomment this line, otherwise encrypted filesystems # won't work. # Set indication (checked by vold) that we have finished this action #setprop vold.post_fs_data_done 1 on boot # basic network init ifup lo hostname localhost domainname localdomain # set RLIMIT_NICE to allow priorities from 19 to -20 setrlimit 13 40 40 # Memory management. Basic kernel parameters, and allow the high # level system server to be able to adjust the kernel OOM driver # parameters to match how it is managing things. write /proc/sys/vm/overcommit_memory 1 write /proc/sys/vm/min_free_order_shift 4 chown root system /sys/module/lowmemorykiller/parameters/adj chmod 0220 /sys/module/lowmemorykiller/parameters/adj chown root system /sys/module/lowmemorykiller/parameters/minfree chmod 0220 /sys/module/lowmemorykiller/parameters/minfree # Tweak background writeout write /proc/sys/vm/dirty_expire_centisecs 200 write /proc/sys/vm/dirty_background_ratio 5 # Permissions for System Server and daemons. chown radio system /sys/android_power/state chown radio system /sys/android_power/request_state chown radio system /sys/android_power/acquire_full_wake_lock chown radio system /sys/android_power/acquire_partial_wake_lock chown radio system /sys/android_power/release_wake_lock chown system system /sys/power/autosleep chown system system /sys/power/state chown system system /sys/power/wakeup_count chown radio system /sys/power/wake_lock chown radio system /sys/power/wake_unlock chmod 0660 /sys/power/state chmod 0660 /sys/power/wake_lock chmod 0660 /sys/power/wake_unlock chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay chown system system /sys/devices/system/cpu/cpufreq/interactive/boost chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy # Assume SMP uses shared cpufreq policy for all CPUs chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq chown system system /sys/class/timed_output/vibrator/enable chown system system /sys/class/leds/keyboard-backlight/brightness chown system system /sys/class/leds/lcd-backlight/brightness chown system system /sys/class/leds/button-backlight/brightness chown system system /sys/class/leds/jogball-backlight/brightness chown system system /sys/class/leds/red/brightness chown system system /sys/class/leds/green/brightness chown system system /sys/class/leds/blue/brightness chown system system /sys/class/leds/red/device/grpfreq chown system system /sys/class/leds/red/device/grppwm chown system system /sys/class/leds/red/device/blink chown system system /sys/class/timed_output/vibrator/enable chown system system /sys/module/sco/parameters/disable_esco chown system system /sys/kernel/ipv4/tcp_wmem_min chown system system /sys/kernel/ipv4/tcp_wmem_def chown system system /sys/kernel/ipv4/tcp_wmem_max chown system system /sys/kernel/ipv4/tcp_rmem_min chown system system /sys/kernel/ipv4/tcp_rmem_def chown system system /sys/kernel/ipv4/tcp_rmem_max chown root radio /proc/cmdline # Define default initial receive window size in segments. setprop net.tcp.default_init_rwnd 60 class_start core on nonencrypted class_start main class_start late_start on property:vold.decrypt=trigger_default_encryption start defaultcrypto on property:vold.decrypt=trigger_encryption start surfaceflinger start encrypt on property:sys.init_log_level=* loglevel ${sys.init_log_level} on charger class_start charger on property:vold.decrypt=trigger_reset_main class_reset main on property:vold.decrypt=trigger_load_persist_props load_persist_props on property:vold.decrypt=trigger_post_fs_data trigger post-fs-data on property:vold.decrypt=trigger_restart_min_framework class_start main on property:vold.decrypt=trigger_restart_framework class_start main class_start late_start on property:vold.decrypt=trigger_shutdown_framework class_reset late_start class_reset main on property:sys.powerctl=* powerctl ${sys.powerctl} # system server cannot write to /proc/sys files, # and chown/chmod does not work for /proc/sys/ entries. # So proxy writes through init. on property:sys.sysctl.extra_free_kbytes=* write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes} # "tcp_default_init_rwnd" Is too long! on property:sys.sysctl.tcp_def_init_rwnd=* write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} ## Daemon processes to be run by init. ## service ueventd /sbin/ueventd class core critical seclabel u:r:ueventd:s0 service logd /system/bin/logd class core socket logd stream 0666 logd logd socket logdr seqpacket 0666 logd logd socket logdw dgram 0222 logd logd seclabel u:r:logd:s0 service console /system/bin/sh class core console disabled user root group root log seclabel u:r:shell:s0 on property:ro.debuggable=1 start console # adbd is controlled via property triggers in init..usb.rc service adbd /sbin/adbd --root_seclabel=u:r:su:s0 class core socket adbd stream 660 system system disabled seclabel u:r:adbd:s0 # adbd on at boot in emulator on property:ro.kernel.qemu=1 start adbd service debuggerd /system/bin/debuggerd class main service debuggerd64 /system/bin/debuggerd64 class main