openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
platform_system_core/rootdir/init.rc

470 lines
15 KiB
Plaintext
Raw Normal View History

init: Move uevent handling to an external ueventd process Change-Id: Iea6c56013062ade633a1754f7bcf8cf09b3dedc1
2010-04-22 03:04:20 +08:00
on early-init
start ueventd
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
init.rc: Move SD card support to device specific init.rc files Change-Id: I5745e91df2b7c5722bd6e650931d3d2d7d0eadcb Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-06-16 11:57:59 +08:00
# create mountpoints
mkdir /mnt 0775 root system
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
on init
sysclktz 0
loglevel 3
# setup the global environment
add /vendor support - look in /vendor/firmware/... in addition to /system/etc/firmware/... for firmware loading - add /vendor/bin to path before /system/bin - add /vendor/lib to ldpath before /system/lib - configure appropriate permissions for /system/vendor/bin - symlink /vendor -> /system/vendor Change-Id: I0c06ca1e38a44f0c7024cee6cea8907aa93a4532
2010-09-19 18:36:39 +08:00
export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
export LD_LIBRARY_PATH /vendor/lib:/system/lib
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
export ANDROID_BOOTLOGO 1
export ANDROID_ROOT /system
export ANDROID_ASSETS /system/app
export ANDROID_DATA /data
rootdir: init.rc: Add 'ASEC_MOUNTPOINT' environment variable. Signed-off-by: San Mehat <san@google.com>
2010-02-25 02:17:32 +08:00
export ASEC_MOUNTPOINT /mnt/asec
Add directories for OBB mounting Change-Id: Ib73e9bca50fb168ab5d147cc260666a770092961
2010-07-16 03:14:44 +08:00
export LOOP_MOUNTPOINT /mnt/obb
Tracking merge of dalvik-dev to master Reordered bootclasspath to allow verification of all framework methods. git cherry-pick --no-commit ec164a0170955fe63106c2576a65bc4ffb1df425 Address CVE-2011-1090. git cherry-pick --no-commit 3365288d3c00072689cd9d733e055561cadc87b5 Change-Id: I6a89bc600ced06a0cb84ae1670cb7a6ea39de9c8
2011-05-06 05:25:36 +08:00
export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
# Backward compatibility
symlink /system/etc /etc
init.rc: mount debugfs for debugging - put it at /sys/kernel/debug so Arve will be happy - symlink /d to /sys/kernel/debug so Brian will be happy.
2009-09-19 06:31:23 +08:00
symlink /sys/kernel/debug /d
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
add /vendor support - look in /vendor/firmware/... in addition to /system/etc/firmware/... for firmware loading - add /vendor/bin to path before /system/bin - add /vendor/lib to ldpath before /system/lib - configure appropriate permissions for /system/vendor/bin - symlink /vendor -> /system/vendor Change-Id: I0c06ca1e38a44f0c7024cee6cea8907aa93a4532
2010-09-19 18:36:39 +08:00
# Right now vendor lives on the same filesystem as system,
# but someday that may change.
symlink /system/vendor /vendor
rootdir: init.rc: Create secure staging directories, and a compat symlink Signed-off-by: San Mehat <san@google.com>
2010-02-20 10:25:22 +08:00
init.rc: Add cpuacct to cgroup mount for cpu statistic Cpu accounting statistics expored in /acct Change-Id: I8a35816e94b69d9e67a3dd65aae16520864777d7 Signed-off-by: Mike Chan <mike@android.com>
2010-03-02 03:36:10 +08:00
# Create cgroup mount point for cpu accounting
mkdir /acct
mount cgroup none /acct cpuacct
mkdir /acct/uid
rootdir: init.rc: Create secure staging directories, and a compat symlink Signed-off-by: San Mehat <san@google.com>
2010-02-20 10:25:22 +08:00
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
mkdir /system
mkdir /data 0771 system system
mkdir /cache 0770 system cache
Add /config mounting point Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2009-06-10 05:38:56 +08:00
mkdir /config 0500 root root
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
rootdir: init.rc: Create secure staging directories, and a compat symlink Signed-off-by: San Mehat <san@google.com>
2010-02-20 10:25:22 +08:00
# Directory for putting things only root should see.
mkdir /mnt/secure 0700 root root
# Directory for staging bindmounts
mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
mkdir /mnt/secure/asec 0700 root root
# Secure container public mount points.
mkdir /mnt/asec 0700 root system
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
init.rc: Create a small tmpfs on /asec so we can create mountpoints Signed-off-by: San Mehat <san@google.com>
2010-01-07 02:38:49 +08:00
Add directories for OBB mounting Change-Id: Ib73e9bca50fb168ab5d147cc260666a770092961
2010-07-16 03:14:44 +08:00
# Filesystem image public mount points.
mkdir /mnt/obb 0700 root system
mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
init: Enable sched_yield() compatability mode on boot. In CFS, the (somewhat undefined) behavior of sched_yield() changed. See: http://kerneltrap.org/Linux/CFS_and_sched_yield This change enables 'compat' mode for sched_yield() Signed-off-by: San Mehat <san@google.com>
2009-06-29 23:47:43 +08:00
write /proc/sys/kernel/sched_compat_yield 1
rootdir: init.rc: tweak cfs scheduler - disable child_runs_first Signed-off-by: San Mehat <san@google.com>
2009-09-17 04:32:23 +08:00
write /proc/sys/kernel/sched_child_runs_first 0
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
Revert "rootdir: init.rc: *LATENCY EXPERIMENT* - Disable cgroups in favor of new scheduler policy support" This reverts commit 35ad5f41c39c5f3af7a8f00185a13366f4901e69.
2009-10-07 02:22:55 +08:00
# Create cgroup mount points for process groups
mkdir /dev/cpuctl
Revert "init.rc: Add cpuacct to cgroup mount for cpu statistics" This reverts commit a7d88224ff7283c210c25ce6d57239b4053b5f14. This cgroup subsys should be mounted on it's own mount-point, since it's addition to /dev/cpuctl causes the cpu subsys to EPERM
2010-02-28 00:20:11 +08:00
mount cgroup none /dev/cpuctl cpu
rootdir: init.rc: Fix typo in chown of /dev/cpuctl Signed-off-by: San Mehat <san@google.com>
2010-01-18 04:21:42 +08:00
chown system system /dev/cpuctl
Revert "rootdir: init.rc: *LATENCY EXPERIMENT* - Disable cgroups in favor of new scheduler policy support" This reverts commit 35ad5f41c39c5f3af7a8f00185a13366f4901e69.
2009-10-07 02:22:55 +08:00
chown system system /dev/cpuctl/tasks
chmod 0777 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
mkdir /dev/cpuctl/fg_boost
chown system system /dev/cpuctl/fg_boost/tasks
chmod 0777 /dev/cpuctl/fg_boost/tasks
write /dev/cpuctl/fg_boost/cpu.shares 1024
mkdir /dev/cpuctl/bg_non_interactive
chown system system /dev/cpuctl/bg_non_interactive/tasks
chmod 0777 /dev/cpuctl/bg_non_interactive/tasks
# 5.0 %
write /dev/cpuctl/bg_non_interactive/cpu.shares 52
cgroups: Initialize cgroups at startup. Signed-off-by: San Mehat <san@google.com>
2009-04-22 05:34:19 +08:00
Move filesystem mounting into a new "fs" init level Devices with non-MTD storage need to override the filesystem mounting commands in init.rc. Moving them to a new "fs" init level allows a custom init.<device>.rc to handle the mounting. Change-Id: If0e655139b9734650fb798b6eb0a90e2241fc29b
2010-04-10 03:26:06 +08:00
on fs
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
# mount mtd partitions
# Mount /system rw first to give the filesystem a chance to save a checkpoint
Add VPN and Keystore services and data directories. -- changed the default mode to 0770 for keystore with the new user 'keystore'. -- add the keystore service providing the basic key lookup/install/remove, but only keystore user can access the key content.
2009-06-01 19:04:05 +08:00
mount yaffs2 mtd@system /system
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
mount yaffs2 mtd@system /system ro remount
Move filesystem mounting into a new "fs" init level Devices with non-MTD storage need to override the filesystem mounting commands in init.rc. Moving them to a new "fs" init level allows a custom init.<device>.rc to handle the mounting. Change-Id: If0e655139b9734650fb798b6eb0a90e2241fc29b
2010-04-10 03:26:06 +08:00
mount yaffs2 mtd@userdata /data nosuid nodev
mount yaffs2 mtd@cache /cache nosuid nodev
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
Move filesystem mounting into a new "fs" init level Devices with non-MTD storage need to override the filesystem mounting commands in init.rc. Moving them to a new "fs" init level allows a custom init.<device>.rc to handle the mounting. Change-Id: If0e655139b9734650fb798b6eb0a90e2241fc29b
2010-04-10 03:26:06 +08:00
on post-fs
remount / as read-only only on post-fs to allow per-target config of / Change-Id: Ia89dd2021e0f960201b4cee573227f0addd48431
2010-09-09 06:06:45 +08:00
# once everything is setup, no need to modify /
mount rootfs rootfs / ro remount
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
# We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache
chmod 0770 /cache
# This may have been created by the recovery system with odd permissions
chown system cache /cache/recovery
chmod 0770 /cache/recovery
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg
chmod 0440 /proc/kmsg
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
# create the lost+found directories, so as to enforce our permissions
mkdir /cache/lost+found 0770
# double check the perms, in case lost+found already exists, and set owner
chown root root /cache/lost+found
chmod 0770 /cache/lost+found
on post-fs-data
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
# We chown/chmod /data again so because mount is run as root + defaults
chown system system /data
chmod 0771 /data
rootdir: init.rc: Clean up dump collection Signed-off-by: San Mehat <san@google.com>
2009-09-02 00:11:04 +08:00
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
mkdir /data/dontpanic
init.rc: Adjust permissions on /data/dontpanic/ so dumpstate will not need root Change-Id: Iff83310f9411c39e1833b3d710b029b12f702993 Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-09-12 05:13:28 +08:00
chown root log /data/dontpanic
init.rc: Make /data/dontpanic files readable only by the system process. Change-Id: If87470b7bcbb1c0774d10296ac82605db3dd9bf0 Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-09-09 10:55:59 +08:00
chmod 0750 /data/dontpanic
rootdir: init.rc: Clean up dump collection Signed-off-by: San Mehat <san@google.com>
2009-09-02 00:11:04 +08:00
# Collect apanic data, free resources and re-arm trigger
copy /proc/apanic_console /data/dontpanic/apanic_console
init.rc: Adjust permissions on /data/dontpanic/ so dumpstate will not need root Change-Id: Iff83310f9411c39e1833b3d710b029b12f702993 Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-09-12 05:13:28 +08:00
chown root log /data/dontpanic/apanic_console
init.rc: Make /data/dontpanic files readable only by the system process. Change-Id: If87470b7bcbb1c0774d10296ac82605db3dd9bf0 Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-09-09 10:55:59 +08:00
chmod 0640 /data/dontpanic/apanic_console
rootdir: init.rc: Allow all processes access to apanic/ramconsole crash data. This is a temporary measure until bugreports are taken as root. *****STOPSHIP***** Signed-off-by: San Mehat <san@google.com>
2009-09-02 06:38:18 +08:00
rootdir: init.rc: Clean up dump collection Signed-off-by: San Mehat <san@google.com>
2009-09-02 00:11:04 +08:00
copy /proc/apanic_threads /data/dontpanic/apanic_threads
init.rc: Adjust permissions on /data/dontpanic/ so dumpstate will not need root Change-Id: Iff83310f9411c39e1833b3d710b029b12f702993 Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-09-12 05:13:28 +08:00
chown root log /data/dontpanic/apanic_threads
init.rc: Make /data/dontpanic files readable only by the system process. Change-Id: If87470b7bcbb1c0774d10296ac82605db3dd9bf0 Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-09-09 10:55:59 +08:00
chmod 0640 /data/dontpanic/apanic_threads
rootdir: init.rc: Allow all processes access to apanic/ramconsole crash data. This is a temporary measure until bugreports are taken as root. *****STOPSHIP***** Signed-off-by: San Mehat <san@google.com>
2009-09-02 06:38:18 +08:00
rootdir: init.rc: Clean up dump collection Signed-off-by: San Mehat <san@google.com>
2009-09-02 00:11:04 +08:00
write /proc/apanic_console 1
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
# create basic filesystem structure
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
mkdir /data/misc 01771 system misc
Bluez4 changes Rename hcid to bluetoothd and change permissions.
2009-05-06 13:28:54 +08:00
mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
Update bluetooth data files path.
2010-01-08 12:24:55 +08:00
mkdir /data/misc/bluetooth 0770 system system
init.rc: specify keystore directory and fix permissions.
2009-09-18 10:35:26 +08:00
mkdir /data/misc/keystore 0700 keystore keystore
Make CertInstaller installed CA certs trusted by applications via default TrustManager (6 of 6) frameworks/base Adding IKeyChainService APIs for CertInstaller and Settings use keystore/java/android/security/IKeyChainService.aidl libcore Improve exceptions to include more information luni/src/main/java/javax/security/auth/x500/X500Principal.java Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods. Added support for adding user CAs in a separate directory for system. Added support for removing system CAs by placing a copy in a sytem directory luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash to make sure the implementing algorithms doe not change since TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to 1.0.0) luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Extensive test of new TrustedCertificateStore behavior luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java TestKeyStore improvements - Refactored TestKeyStore to provide simpler createCA method (and internal createCertificate) - Cleaned up to remove use of BouncyCastle specific X509Principal in the TestKeyStore API when the public X500Principal would do. - Cleaned up TestKeyStore support methods to not throw Exception to remove need for static blocks for catch clauses in tests. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Added private PKIXParameters contructor for use by IndexedPKIXParameters to avoid wart of having to lookup and pass a TrustAnchor to satisfy the super-class sanity check. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java luni/src/main/java/java/security/cert/PKIXParameters.java packages/apps/CertInstaller Change CertInstaller to call IKeyChainService.installCertificate for CA certs to pass them to the KeyChainServiceTest which will make them available to all apps through the TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask. src/com/android/certinstaller/CertInstaller.java Added installCaCertsToKeyChain and hasCaCerts accessor for use by CertInstaller. Use hasUserCertificate() internally. Cleanup coding style. src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Added MANAGE_ACCOUNTS so that IKeyChainService.reset implementation can remove KeyChain accounts. AndroidManifest.xml Implement new IKeyChainService methods: - Added IKeyChainService.installCaCertificate to install certs provided by CertInstaller using the TrustedCertificateStore. - Added IKeyChainService.reset to allow Settings to remove the KeyChain accounts so that any app granted access to keystore credentials are revoked when the keystore is reset. src/com/android/keychain/KeyChainService.java packages/apps/Settings Changed com.android.credentials.RESET credential reset action to also call IKeyChainService.reset to remove any installed user CAs and remove KeyChain accounts to have AccountManager revoke credential granted to private keys removed during the RESET. src/com/android/settings/CredentialStorage.java Added toast text value for failure case res/values/strings.xml system/core Have init create world readable /data/misc/keychain to allow apps to access user added CA certificates installed by the CertInstaller. rootdir/init.rc Change-Id: I768ca8e8e990ff333ce0f7069a0935173498c5ed
2011-05-05 09:33:27 +08:00
mkdir /data/misc/keychain 0771 keychain keychain
Add VPN and Keystore services and data directories. -- changed the default mode to 0770 for keystore with the new user 'keystore'. -- add the keystore service providing the basic key lookup/install/remove, but only keystore user can access the key content.
2009-06-01 19:04:05 +08:00
mkdir /data/misc/vpn 0770 system system
Apps on SD project. Small change to support apps on SD file system key storage.
2010-01-07 05:18:12 +08:00
mkdir /data/misc/systemkeys 0700 system system
Add VPN and Keystore services and data directories. -- changed the default mode to 0770 for keystore with the new user 'keystore'. -- add the keystore service providing the basic key lookup/install/remove, but only keystore user can access the key content.
2009-06-01 19:04:05 +08:00
mkdir /data/misc/vpn/profiles 0770 system system
init.rc: Fix commands for allowing the system_server to access wpa_supplicant.conf The touch command does not exist, and the chown commands are unnecessary because the system_server is in the WIFI group. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-07-09 06:42:08 +08:00
# give system access to wpa_supplicant.conf for backup and restore
mkdir /data/misc/wifi 0770 wifi wifi
chmod 0770 /data/misc/wifi
Set the permissions of wifi supplicant file so that system can access it. Create the required directories and set the correct owner and permissions.
2009-07-03 03:08:13 +08:00
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
mkdir /data/local 0771 shell shell
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
# create dalvik-cache and double-check the perms
mkdir /data/dalvik-cache 0771 system system
chown system system /data/dalvik-cache
chmod 0771 /data/dalvik-cache
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770
# double check the perms, in case lost+found already exists, and set owner
chown root root /data/lost+found
chmod 0770 /data/lost+found
Create directory for DRM plug-ins. Change-Id: I1bfef96b1949f288852cd88222e0ce2bbb186f40
2010-10-27 05:10:22 +08:00
# create directory for DRM plug-ins
- Add drm and drmio service - Add /data/drm directory for storing DRM related data Change-Id: Ifd8922a3de109dbf5cd3f9cabbf4e5689b16c1d7
2010-07-27 07:38:35 +08:00
mkdir /data/drm 0774 drm drm
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
on boot
# basic network init
ifup lo
hostname localhost
domainname localdomain
# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40
# Define the oom_adj values for the classes of processes that can be
# killed by the kernel. These are used in ActivityManagerService.
setprop ro.FOREGROUND_APP_ADJ 0
setprop ro.VISIBLE_APP_ADJ 1
Update OOM adj levels. This introduces some new buckets that will be used by the activity manager, and adjusts the default levels to match what we had been setting for Droid. It turns out Passion has been using the old levels, which makes no sense for how much memory it has. Also it is a problem with these definitions spreading to other projects for different devices, so I am going to update the defaults to be appropriate for our newer devices, and put here a file to tune them down for something like the sapphire. Change-Id: Ia4f33c4c3b94aeb3656f60b9222072a1d11e9e68
2010-06-11 08:52:37 +08:00
setprop ro.PERCEPTIBLE_APP_ADJ 2
setprop ro.HEAVY_WEIGHT_APP_ADJ 3
setprop ro.SECONDARY_SERVER_ADJ 4
setprop ro.BACKUP_APP_ADJ 5
setprop ro.HOME_APP_ADJ 6
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
setprop ro.HIDDEN_APP_MIN_ADJ 7
setprop ro.EMPTY_APP_ADJ 15
# Define the memory thresholds at which the above process classes will
# be killed. These numbers are in pages (4k).
Fix issue #3401380: Raise OOM killer limits Change-Id: Ia9c82e7d31b7f1b89bf9650ebea697d9b3a64506
2011-01-29 07:33:13 +08:00
# These are currently tuned for tablets with approx 1GB RAM.
setprop ro.FOREGROUND_APP_MEM 8192
setprop ro.VISIBLE_APP_MEM 10240
setprop ro.PERCEPTIBLE_APP_MEM 12288
setprop ro.HEAVY_WEIGHT_APP_MEM 12288
setprop ro.SECONDARY_SERVER_MEM 14336
setprop ro.BACKUP_APP_MEM 14336
setprop ro.HOME_APP_MEM 14336
setprop ro.HIDDEN_APP_MEM 16384
setprop ro.EMPTY_APP_MEM 20480
# Old values for phones. Should probably be adjusted up for the next
# phone version.
#setprop ro.FOREGROUND_APP_MEM 2048
#setprop ro.VISIBLE_APP_MEM 3072
#setprop ro.PERCEPTIBLE_APP_MEM 4096
#setprop ro.HEAVY_WEIGHT_APP_MEM 4096
#setprop ro.SECONDARY_SERVER_MEM 6144
#setprop ro.BACKUP_APP_MEM 6144
#setprop ro.HOME_APP_MEM 6144
#setprop ro.HIDDEN_APP_MEM 7168
#setprop ro.EMPTY_APP_MEM 8192
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
# Write value must be consistent with the above properties.
Update OOM adj levels. This introduces some new buckets that will be used by the activity manager, and adjusts the default levels to match what we had been setting for Droid. It turns out Passion has been using the old levels, which makes no sense for how much memory it has. Also it is a problem with these definitions spreading to other projects for different devices, so I am going to update the defaults to be appropriate for our newer devices, and put here a file to tune them down for something like the sapphire. Change-Id: Ia4f33c4c3b94aeb3656f60b9222072a1d11e9e68
2010-06-11 08:52:37 +08:00
# Note that the driver only supports 6 slots, so we have combined some of
# the classes into the same memory level; the associated processes of higher
# classes will still be killed first.
write /sys/module/lowmemorykiller/parameters/adj 0,1,2,4,7,15
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
write /proc/sys/vm/overcommit_memory 1
auto import from //branches/cupcake_rel/...@138607
2009-03-14 04:04:37 +08:00
write /proc/sys/vm/min_free_order_shift 4
Raise the viking killer min free values to match the system properties Change-Id: Idcbdb106d704ef63c9a44e635b6e995e0e5f6479 Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
2011-01-29 14:51:37 +08:00
write /sys/module/lowmemorykiller/parameters/minfree 8192,10240,12288,14336,16384,20480
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
# Set init its forked children's oom_adj.
write /proc/1/oom_adj -16
rootdir: init.rc: Adjust background dirty writeout policy Signed-off-by: San Mehat <san@google.com>
2009-10-14 03:24:47 +08:00
# Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown radio system /sys/power/state
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
auto import from //branches/cupcake_rel/...@140373
2009-03-19 08:39:49 +08:00
chown system system /sys/class/leds/jogball-backlight/brightness
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.wifi 4095,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
Run surfaceflinger in its own process. [DO NOT MERGE] This is to allow OpenGL ES rendering from the system process, and help with debugging. Bug: 4086003 Change-Id: I732e95f4fcaa358f430cc195d8e63a69263bffdc
2011-03-04 10:48:30 +08:00
# Set this property so surfaceflinger is not started by system_init
setprop system_init.startsurfaceflinger 0
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class_start core
class_start main
on nonencrypted
class_start late_start
on property:vold.decrypt=trigger_reset_main
class_reset main
Load the persistent properties after decrypting the /data partition Fix for bug 3415286. The persistent properties are normally read early in the boot process after /data is mounted. However, for an encrypted system, at that point /data is a tmpfs ramdisk. This change adds a new command to init (load_persist_props) to read the persistent properties, and adds an action to init.rc to load the persistent properties. This action is triggered by setting a property in vold, but that's in a different CL. Change-Id: I74b3057974ee6029c29d956b76fef5566700d471
2011-03-09 09:01:29 +08:00
on property:vold.decrypt=trigger_load_persist_props
load_persist_props
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
on property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data
Add a new trigger to support a progress bar UI for encrypt in place. Change-Id: I6a14eb43462505cb7fecfee9fd1ecdea50065963
2011-01-18 06:26:34 +08:00
on property:vold.decrypt=trigger_restart_min_framework
class_start main
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
on property:vold.decrypt=trigger_restart_framework
class_start main
class_start late_start
on property:vold.decrypt=trigger_shutdown_framework
class_reset late_start
class_reset main
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
## Daemon processes to be run by init.
##
disable console in user builds Also, run console as shell/log instead of root/root. Change-Id: I6104f1edddfd5e11843ff41d7839d0c296e6a6f9
2010-10-28 06:40:23 +08:00
service ueventd /sbin/ueventd
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class core
disable console in user builds Also, run console as shell/log instead of root/root. Change-Id: I6104f1edddfd5e11843ff41d7839d0c296e6a6f9
2010-10-28 06:40:23 +08:00
critical
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
service console /system/bin/sh
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class core
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
console
disable console in user builds Also, run console as shell/log instead of root/root. Change-Id: I6104f1edddfd5e11843ff41d7839d0c296e6a6f9
2010-10-28 06:40:23 +08:00
disabled
user shell
group log
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
init.rc: Allow console in userdebug builds Change-Id: Ib5734c6d3e2bf5a9da3d44721c529971f2345120 Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-11-19 22:12:27 +08:00
on property:ro.debuggable=1
disable console in user builds Also, run console as shell/log instead of root/root. Change-Id: I6104f1edddfd5e11843ff41d7839d0c296e6a6f9
2010-10-28 06:40:23 +08:00
start console
init: Move uevent handling to an external ueventd process Change-Id: Iea6c56013062ade633a1754f7bcf8cf09b3dedc1
2010-04-22 03:04:20 +08:00
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
# adbd is controlled by the persist.service.adb.enable system property
service adbd /sbin/adbd
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class core
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
disabled
# adbd on at boot in emulator
on property:ro.kernel.qemu=1
start adbd
on property:persist.service.adb.enable=1
start adbd
on property:persist.service.adb.enable=0
stop adbd
service servicemanager /system/bin/servicemanager
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class core
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
user system
don't run services with gid=0 Ensure that we drop privileges for servicemanager and drmioserver. These should not be running with gid=0. Bug: 3275526 Testing: Applied change and successfully rebooted the device. No obvious bugs. Change-Id: I782fbda812cb88e0a365788b45b3b32894623177
2010-12-11 06:10:16 +08:00
group system
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
critical
onrestart restart zygote
onrestart restart media
auto import from //branches/cupcake/...@137197
2009-03-10 02:52:15 +08:00
service vold /system/bin/vold
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class core
auto import from //branches/cupcake/...@137197
2009-03-10 02:52:15 +08:00
socket vold stream 0660 root mount
rootdir: init.rc: Enable I/O priorities for media server and vold Sets the media-server to class 'real-time' pri 4, and vold to class 'best effort' pri 2 Signed-off-by: San Mehat <san@google.com>
2010-02-27 02:01:14 +08:00
ioprio be 2
auto import from //branches/cupcake/...@137197
2009-03-10 02:52:15 +08:00
rootdir: init.rc: Add netd to startup services list Signed-off-by: San Mehat <san@google.com>
2010-01-15 23:48:35 +08:00
service netd /system/bin/netd
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
rootdir: init.rc: Add netd to startup services list Signed-off-by: San Mehat <san@google.com>
2010-01-15 23:48:35 +08:00
socket netd stream 0660 root system
Let SocketClient users write binary data to clients. This is a dependency for the DNS proxy CLs. This CL also adds a new socket for the netd process to inherit which is owned by the inet group. (so only apps with the INTERNET permission can use the DNS proxy...) Change-Id: Ic3475c697913ba85805b4e49801b65e7a1d59289
2010-10-28 01:23:16 +08:00
socket dnsproxyd stream 0660 root inet
rootdir: init.rc: Add netd to startup services list Signed-off-by: San Mehat <san@google.com>
2010-01-15 23:48:35 +08:00
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
service debuggerd /system/bin/debuggerd
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
service ril-daemon /system/bin/rild
Move rild to the late_start class Now that rild can be killed in a reasonable amount of time, move it from the core class to late_start. I was going to move it to main, but it would get killed and restarted right after the disk crypto password was entered, which is when the late_start class is started, and I was seeing issues with rild not re-connecting to the network when it was killed and restarted. Change-Id: I60479ddb853953029890fc816538d615ef5a96ab
2011-01-20 15:06:12 +08:00
class late_start
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
socket rild stream 660 root radio
socket rild-debug stream 660 radio system
user root
add sdcard access permission to ril daemon Some RIL daemons write crashdumps to sdcard. Change-Id: I49a8d2cb342fd7f8bd23dbb1bcc378726e10a579
2010-10-23 13:17:17 +08:00
group radio cache inet misc audio sdcard_rw
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
Run surfaceflinger in its own process. [DO NOT MERGE] This is to allow OpenGL ES rendering from the system process, and help with debugging. Bug: 4086003 Change-Id: I732e95f4fcaa358f430cc195d8e63a69263bffdc
2011-03-04 10:48:30 +08:00
service surfaceflinger /system/bin/surfaceflinger
class main
user system
group graphics
onrestart restart zygote
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
socket zygote stream 666
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
Run surfaceflinger in its own process. [DO NOT MERGE] This is to allow OpenGL ES rendering from the system process, and help with debugging. Bug: 4086003 Change-Id: I732e95f4fcaa358f430cc195d8e63a69263bffdc
2011-03-04 10:48:30 +08:00
onrestart restart surfaceflinger
Force the mediaserver process to restart whenever the zygote or system server do. Change-Id: I16ce4ae656473055e7e244ccd4af7055959e3c1c
2009-10-10 05:24:51 +08:00
onrestart restart media
Make netd restart when system server hangs on it. netd has been seen hanging (cause suspected but unconfirmed) which then brings down the system server which blocks forever on its main thread trying to connect to netd with its hung event loop. This then results in an infinite watchdog runtime restart loop because the situation never improves: netd is still borked. Instead, we should kill netd and give it another chance when the system server dies. Bug: 3018996 Bug: 3017876 Change-Id: Ibf9ecf0ffcb78e48c38e5167f21cbeefe0e2a47f
2010-09-22 06:49:06 +08:00
onrestart restart netd
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
- Add drm and drmio service - Add /data/drm directory for storing DRM related data Change-Id: Ifd8922a3de109dbf5cd3f9cabbf4e5689b16c1d7
2010-07-27 07:38:35 +08:00
service drm /system/bin/drmserver
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
- Add drm and drmio service - Add /data/drm directory for storing DRM related data Change-Id: Ifd8922a3de109dbf5cd3f9cabbf4e5689b16c1d7
2010-07-27 07:38:35 +08:00
user drm
Make drmserver's primary group be system, so setgid is not required in ueventd.stingray.rc Change-Id: Ie8a287620d22b5c1bdc459fb288b7403589ab474
2011-03-18 01:55:05 +08:00
group system inet
- Add drm and drmio service - Add /data/drm directory for storing DRM related data Change-Id: Ifd8922a3de109dbf5cd3f9cabbf4e5689b16c1d7
2010-07-27 07:38:35 +08:00
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
service media /system/bin/mediaserver
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
user media
Bug 4089635 mediaserver fewer supplementary groups Change-Id: I90111567564397ca08e87dcfcbdf23337bf79ae6
2011-03-15 02:43:45 +08:00
group audio camera inet net_bt net_bt_admin
rootdir: init.rc: Enable I/O priorities for media server and vold Sets the media-server to class 'real-time' pri 4, and vold to class 'best effort' pri 2 Signed-off-by: San Mehat <san@google.com>
2010-02-27 02:01:14 +08:00
ioprio rt 4
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
add bootanimation service to init.rc
2009-05-21 09:09:51 +08:00
service bootanim /system/bin/bootanimation
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
add bootanimation service to init.rc
2009-05-21 09:09:51 +08:00
user graphics
group graphics
disabled
oneshot
Remove logwrapper for Bluetoothd. Change-Id: I6d16bc0dbdf9f3aff2080f8c7968ff3cb592811e
2009-09-19 06:45:43 +08:00
service dbus /system/bin/dbus-daemon --system --nofork
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
socket dbus stream 660 bluetooth bluetooth
user bluetooth
group bluetooth net_bt_admin
Remove logwrapper for Bluetoothd. Change-Id: I6d16bc0dbdf9f3aff2080f8c7968ff3cb592811e
2009-09-19 06:45:43 +08:00
service bluetoothd /system/bin/bluetoothd -n
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
socket bluetooth stream 660 bluetooth bluetooth
socket dbus_bluetooth stream 660 bluetooth bluetooth
# init.rc does not yet support applying capabilities, so run as root and
Bluez4 changes Rename hcid to bluetoothd and change permissions.
2009-05-06 13:28:54 +08:00
# let bluetoothd drop uid to bluetooth with the right linux capabilities
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
group bluetooth net_bt_admin misc
disabled
service installd /system/bin/installd
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
socket installd stream 600 system system
install recovery image using patch mechanism With the corresponding change in build/tools, the recovery image is installed via a shell script that is emitted by the OTA builder.
2009-07-24 06:18:34 +08:00
service flash_recovery /system/etc/install-recovery.sh
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
auto import from //depot/cupcake/@135843
2009-03-04 11:32:55 +08:00
oneshot
Add VPN and Keystore services and data directories. -- changed the default mode to 0770 for keystore with the new user 'keystore'. -- add the keystore service providing the basic key lookup/install/remove, but only keystore user can access the key content.
2009-06-01 19:04:05 +08:00
rootdir: Modify init.rc to run mtpd/racoon as a non-root user. Note that this change requires a new prebuilt kernel for AID_NET_ADMIN.
2009-07-01 07:06:47 +08:00
service racoon /system/bin/racoon
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
Add VPN and Keystore services and data directories. -- changed the default mode to 0770 for keystore with the new user 'keystore'. -- add the keystore service providing the basic key lookup/install/remove, but only keystore user can access the key content.
2009-06-01 19:04:05 +08:00
socket racoon stream 600 system system
rootdir: Modify init.rc to run mtpd/racoon as a non-root user. Note that this change requires a new prebuilt kernel for AID_NET_ADMIN.
2009-07-01 07:06:47 +08:00
# racoon will setuid to vpn after getting necessary resources.
init.rc: specify keystore directory and fix permissions.
2009-09-18 10:35:26 +08:00
group net_admin
Add VPN and Keystore services and data directories. -- changed the default mode to 0770 for keystore with the new user 'keystore'. -- add the keystore service providing the basic key lookup/install/remove, but only keystore user can access the key content.
2009-06-01 19:04:05 +08:00
disabled
oneshot
service mtpd /system/bin/mtpd
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
Add VPN and Keystore services and data directories. -- changed the default mode to 0770 for keystore with the new user 'keystore'. -- add the keystore service providing the basic key lookup/install/remove, but only keystore user can access the key content.
2009-06-01 19:04:05 +08:00
socket mtpd stream 600 system system
rootdir: Modify init.rc to run mtpd/racoon as a non-root user. Note that this change requires a new prebuilt kernel for AID_NET_ADMIN.
2009-07-01 07:06:47 +08:00
user vpn
group vpn net_admin net_raw
Add VPN and Keystore services and data directories. -- changed the default mode to 0770 for keystore with the new user 'keystore'. -- add the keystore service providing the basic key lookup/install/remove, but only keystore user can access the key content.
2009-06-01 19:04:05 +08:00
disabled
oneshot
init.rc: specify keystore directory and fix permissions.
2009-09-18 10:35:26 +08:00
service keystore /system/bin/keystore /data/misc/keystore
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
Add VPN and Keystore services and data directories. -- changed the default mode to 0770 for keystore with the new user 'keystore'. -- add the keystore service providing the basic key lookup/install/remove, but only keystore user can access the key content.
2009-06-01 19:04:05 +08:00
user keystore
group keystore
socket keystore stream 666
init.rc: Add dumpstate service Change-Id: Iaf7094dd4693c47566c1acf860b750b762af840c Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-09-03 06:09:26 +08:00
service dumpstate /system/bin/dumpstate -s
Changes to init to support encrypted filesystems. These are the changes to init and init.rc necessary to support booting with and encrypted /data filesystem. A corresponding change to init.<device>.rc goes along with this change. Change-Id: I0c7e2cc39568358014a82e317735c0eae14dd683
2010-12-04 08:33:31 +08:00
class main
init.rc: Add dumpstate service Change-Id: Iaf7094dd4693c47566c1acf860b750b762af840c Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-09-03 06:09:26 +08:00
socket dumpstate stream 0660 shell log
disabled
oneshot