summaryrefslogtreecommitdiffstats
path: root/rootdir/init.rc
diff options
context:
space:
mode:
Diffstat (limited to 'rootdir/init.rc')
-rw-r--r--rootdir/init.rc65
1 files changed, 44 insertions, 21 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 1ee9fbf..90c8187 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -13,10 +13,16 @@ on early-init
# Set init and its forked children's oom_adj.
write /proc/1/oom_adj -16
+ # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
+ write /sys/fs/selinux/checkreqprot 0
+
# Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started.
setcon u:r:init:s0
+ # Set the security context of /adb_keys if present.
+ restorecon /adb_keys
+
start ueventd
# create mountpoints
@@ -82,6 +88,10 @@ loglevel 3
mkdir /mnt/obb 0700 root system
mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
+ # memory control cgroup
+ mkdir /dev/memcg 0700 root system
+ mount cgroup none /dev/memcg memory
+
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
@@ -213,13 +223,23 @@ on post-fs-data
mkdir /data/misc/radio 0770 system radio
mkdir /data/misc/sms 0770 system radio
mkdir /data/misc/zoneinfo 0775 system system
+ restorecon_recursive /data/misc/zoneinfo
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/systemkeys 0700 system system
- # give system access to wpa_supplicant.conf for backup and restore
mkdir /data/misc/wifi 0770 wifi wifi
+ mkdir /data/misc/wifi/sockets 0770 wifi wifi
+ restorecon_recursive /data/misc/wifi/sockets
+ mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
+ mkdir /data/misc/dhcp 0770 dhcp dhcp
+ # give system access to wpa_supplicant.conf for backup and restore
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0751 root root
mkdir /data/misc/media 0700 media media
+ restorecon_recursive /data/misc/media
+
+ # Set security context of any pre-existing /data/misc/adb/adb_keys file.
+ restorecon /data/misc/adb
+ restorecon /data/misc/adb/adb_keys
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
@@ -251,6 +271,7 @@ on post-fs-data
# create directory for MediaDrm plug-ins - give drm the read/write access to
# the following directory.
mkdir /data/mediadrm 0770 mediadrm mediadrm
+ restorecon_recursive /data/mediadrm
# symlink to bugreport storage location
symlink /data/data/com.android.shell/files/bugreports /data/bugreports
@@ -258,6 +279,9 @@ on post-fs-data
# Separate location for storing security policy files on data
mkdir /data/security 0711 system system
+ # Reload policy from /data/security if present.
+ setprop selinux.reload_policy 1
+
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.
@@ -351,23 +375,20 @@ on boot
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
-# Set these so we can remotely update SELinux policy
- chown system system /sys/fs/selinux/load
- chown system system /sys/fs/selinux/enforce
-
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
- setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
- setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576
- setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576
- setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
- setprop net.tcp.buffersize.hspa 4094,87380,262144,4096,16384,262144
- setprop net.tcp.buffersize.hsupa 4094,87380,262144,4096,16384,262144
- setprop net.tcp.buffersize.hsdpa 4094,87380,262144,4096,16384,262144
- setprop net.tcp.buffersize.hspap 4094,87380,1220608,4096,16384,1220608
- setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
- setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
- setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144
+ setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
+ setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576
+ setprop net.tcp.buffersize.ethernet 524288,1048576,3145728,524288,1048576,2097152
+ setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576
+ setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
+ setprop net.tcp.buffersize.hspa 4094,87380,262144,4096,16384,262144
+ setprop net.tcp.buffersize.hsupa 4094,87380,262144,4096,16384,262144
+ setprop net.tcp.buffersize.hsdpa 4094,87380,262144,4096,16384,262144
+ setprop net.tcp.buffersize.hspap 4094,87380,1220608,4096,16384,1220608
+ setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
+ setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
+ setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144
# Define default initial receive window size in segments.
setprop net.tcp.default_init_rwnd 60
@@ -431,22 +452,19 @@ service healthd-charger /sbin/healthd -n
critical
seclabel u:r:healthd:s0
-on property:selinux.reload_policy=1
- restart ueventd
- restart installd
-
service console /system/bin/sh
class core
console
disabled
user shell
group log
+ seclabel u:r:shell:s0
on property:ro.debuggable=1
start console
# adbd is controlled via property triggers in init.<platform>.usb.rc
-service adbd /sbin/adbd
+service adbd /sbin/adbd --root_seclabel=u:r:su:s0
class core
socket adbd stream 660 system system
disabled
@@ -456,6 +474,11 @@ service adbd /sbin/adbd
on property:ro.kernel.qemu=1
start adbd
+service lmkd /system/bin/lmkd
+ class core
+ critical
+ socket lmkd seqpacket 0660 system system
+
service servicemanager /system/bin/servicemanager
class core
user system
generated by cgit v1.1 at 2025-08-16 02:28:11 +0000