1# Copyright (C) 2012 The Android Open Source Project
2# Copyright (C)
3# Copyright (C)
4#
5# IMPORTANT: Do not create world writable files or directories.
6# This is a common source of Android security bugs.
7#
8
9import /init.${ro.hardware}.rc //import <filename> : 包含其他的*.rc,类似include
10import /init.usb.rc
11import /init.trace.rc
12
13on early-init //最先做 其中的action, 开始early-init 段
14 # Set init and its forked children's oom_adj.
15 write /proc/1/oom_adj -16 //直接写入procfs
16
17 start ueventd //启动一个服务,注意ueventd 必须是一个service,在359行有定义
18
19# create mountpoints
20 mkdir /mnt 0775 root system //创建目录,具体用法与shell中的mkdir命令一样
21
22on init //开始init段,其中的action在 early-init,property-init后执行
23
24sysclktz 0 //设置系统时钟,如果是0表示用GMT的时钟ticks
25
26loglevel 3 //log的输出级别[0,7],控制的kernel的log输出
27
28# setup the global environment
29 export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin //export,shell命令,设置全局环境变量
30 export LD_LIBRARY_PATH /vendor/lib:/system/lib
31 export ANDROID_BOOTLOGO 1
32 export ANDROID_ROOT /system
33 export ANDROID_ASSETS /system/app
34 export ANDROID_DATA /data
35 export ASEC_MOUNTPOINT /mnt/asec
36 export LOOP_MOUNTPOINT /mnt/obb
37 export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/framework_ext.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar
38
39# Backward compatibility
40 symlink /system/etc /etc //创建一个指向/system/etc的软连接/etc, 也就是/etc目录实际上指向/system/etc
41 symlink /sys/kernel/debug /d
42
43# Right now vendor lives on the same filesystem as system,
44# but someday that may change.
45 symlink /system/vendor /vendor
46
47# Create cgroup mount point for cpu accounting
48 mkdir /acct
49 mount cgroup none /acct cpuacct //mount <type> <device> <dir> [mountoption] 把device(none)挂载到type为cgroup 的文件系统/acct下
//其中<device>可以是以mtd@name形式指定的一个mtd块设备. mountoption可以是mode=0755,gid=1000
50 mkdir /acct/uid
51
52 mkdir /system
53 mkdir /data 0771 system system
54 mkdir /cache 0770 system cache
55 mkdir /config 0500 root root
56
57 # Directory for putting things only root should see.
58 mkdir /mnt/secure 0700 root root
59
60 # Directory for staging bindmounts
61 mkdir /mnt/secure/staging 0700 root root
62
63 # Directory-target for where the secure container
64 # imagefile directory will be bind-mounted
65 mkdir /mnt/secure/asec 0700 root root
66
67 # Secure container public mount points.
68 mkdir /mnt/asec 0700 root system
69 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
70
71 # Filesystem image public mount points.
72 mkdir /mnt/obb 0700 root system
73 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
74
75 write /proc/sys/kernel/panic_on_oops 1
76 write /proc/sys/kernel/hung_task_timeout_secs 0
77 write /proc/cpu/alignment 4
78 write /proc/sys/kernel/sched_latency_ns 10000000
79 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
80 write /proc/sys/kernel/sched_compat_yield 1
81 write /proc/sys/kernel/sched_child_runs_first 0
82 write /proc/sys/kernel/randomize_va_space 2
83 write /proc/sys/kernel/kptr_restrict 2
84 write /proc/sys/kernel/dmesg_restrict 1
85 write /proc/sys/vm/mmap_min_addr 32768
86 write /proc/sys/kernel/sched_rt_runtime_us 950000
87 write /proc/sys/kernel/sched_rt_period_us 1000000
88
89# Create cgroup mount points for process groups
90 mkdir /dev/cpuctl
91 mount cgroup none /dev/cpuctl cpu
92 chown system system /dev/cpuctl //改变目录(/dev/cpuctl)的使用群体为system
93 chown system system /dev/cpuctl/tasks
94 chmod 0660 /dev/cpuctl/tasks //改变文件(/dev/cpuctl/tasks)的使用权限为0660
95 write /dev/cpuctl/cpu.shares 1024
96 write /dev/cpuctl/cpu.rt_runtime_us 950000
97 write /dev/cpuctl/cpu.rt_period_us 1000000
98
99 mkdir /dev/cpuctl/apps
100 chown system system /dev/cpuctl/apps/tasks
101 chmod 0666 /dev/cpuctl/apps/tasks
102 write /dev/cpuctl/apps/cpu.shares 1024
103 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
104 write /dev/cpuctl/apps/cpu.rt_period_us 1000000
105
106 mkdir /dev/cpuctl/apps/bg_non_interactive
107 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
108 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
109 # 5.0 %
110 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
111 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
112 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
113
114# Allow everybody to read the xt_qtaguid resource tracking misc dev.
115# This is needed by any process that uses socket tagging.
116 chmod 0644 /dev/xt_qtaguid
117
118on fs //??????
119# mount mtd partitions
120 # Mount /system rw first to give the filesystem a chance to save a checkpoint
121 mount yaffs2 mtd@system /system
122 mount yaffs2 mtd@system /system ro remount
123 mount yaffs2 mtd@userdata /data nosuid nodev
124 mount yaffs2 mtd@cache /cache nosuid nodev
125
126on post-fs
127 # once everything is setup, no need to modify /
128 mount rootfs rootfs / ro remount
129
130 # We chown/chmod /cache again so because mount is run as root + defaults
131 chown system cache /cache
132 chmod 0770 /cache
133
134 # This may have been created by the recovery system with odd permissions
135 mkdir /cache/recovery
136 chown system cache /cache/recovery
137 chmod 0770 /cache/recovery
138
139 #change permissions on vmallocinfo so we can grab it from bugreports
140 chown root log /proc/vmallocinfo
141 chmod 0440 /proc/vmallocinfo
142
143 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
144 chown root system /proc/kmsg
145 chmod 0440 /proc/kmsg
146 chown root system /proc/sysrq-trigger
147 chmod 0220 /proc/sysrq-trigger
148
149 # create the lost+found directories, so as to enforce our permissions
150 # Moved to init.target.rc in the Sony product git
151 # mkdir /cache/lost+found 0770 root root
152
153on post-fs-data
154 # We chown/chmod /data again so because mount is run as root + defaults
155 chown system system /data
156 chmod 0771 /data
157
158 # Create dump dir and collect dumps.
159 # Do this before we mount cache so eventually we can use cache for
160 # storing dumps on platforms which do not have a dedicated dump partition.
161 mkdir /data/dontpanic 0750 root log
162
163 # Collect apanic data, free resources and re-arm trigger
164 copy /proc/apanic_console /data/dontpanic/apanic_console
165 chown root log /data/dontpanic/apanic_console
166 chmod 0640 /data/dontpanic/apanic_console
167
168 copy /proc/apanic_threads /data/dontpanic/apanic_threads
169 chown root log /data/dontpanic/apanic_threads
170 chmod 0640 /data/dontpanic/apanic_threads
171
172 write /proc/apanic_console 1
173
174 # create basic filesystem structure
175 mkdir /data/misc 01771 system misc
176 mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
177 mkdir /data/misc/bluetooth 0770 system system
178 mkdir /data/misc/keystore 0700 keystore keystore
179 mkdir /data/misc/keychain 0771 system system
180 mkdir /data/misc/vpn 0770 system vpn
181 mkdir /data/misc/systemkeys 0700 system system
182 # give system access to wpa_supplicant.conf for backup and restore
183 mkdir /data/misc/wifi 0770 wifi wifi
184 chmod 0660 /data/misc/wifi/wpa_supplicant.conf
185 mkdir /data/local 0751 root root
186 chmod 2770 /data/radio
187
188 # For security reasons, /data/local/tmp should always be empty.
189 # Do not place files or directories in /data/local/tmp
190 mkdir /data/local/tmp 0771 shell shell
191 mkdir /data/data 0771 system system
192 mkdir /data/app-private 0771 system system
193 mkdir /data/app-asec 0700 root root
194 mkdir /data/app 0771 system system
195 mkdir /data/property 0700 root root
196 mkdir /data/ssh 0750 root shell
197 mkdir /data/ssh/empty 0700 root root
198
199 # create dalvik-cache, so as to enforce our permissions
200 mkdir /data/dalvik-cache 0771 system system
201
202 # create resource-cache and double-check the perms
203 mkdir /data/resource-cache 0771 system system
204 chown system system /data/resource-cache
205 chmod 0771 /data/resource-cache
206
207 # create the lost+found directories, so as to enforce our permissions
208 # Moved to init.target.rc in the Sony product git
209 # mkdir /data/lost+found 0770 root root
210
211 # create directory for DRM plug-ins - give drm the read/write access to
212 # the following directory.
213 mkdir /data/drm 0770 drm drm
214
215 # If there is no fs-post-data action in the init.<device>.rc file, you
216 # must uncomment this line, otherwise encrypted filesystems
217 # won't work.
218 # Set indication (checked by vold) that we have finished this action
219 #setprop vold.post_fs_data_done 1
220
221on boot //开始boot段,其中的action在 early-init,property-init,init后执行
222# basic network init
223 ifup lo //启动网路接口 lo, 但lo是啥接口?
224 hostname localhost //设置手机主机名为localhost
225 domainname localdomain //设置域名localdomain
226
227# set RLIMIT_NICE to allow priorities from 19 to -20
228 setrlimit 13 40 40
229
230# Memory management. Basic kernel parameters, and allow the high
231# level system server to be able to adjust the kernel OOM driver
232# parameters to match how it is managing things.
233 write /proc/sys/vm/overcommit_memory 1
234 write /proc/sys/vm/min_free_order_shift 4
235 chown root system /sys/module/lowmemorykiller/parameters/adj
236 chmod 0664 /sys/module/lowmemorykiller/parameters/adj
237 chown root system /sys/module/lowmemorykiller/parameters/minfree
238 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
239
240 # Tweak background writeout
241 write /proc/sys/vm/dirty_expire_centisecs 200
242 write /proc/sys/vm/dirty_background_ratio 5
243
244 # Permissions for System Server and daemons.
245 chown radio system /sys/android_power/state
246 chown radio system /sys/android_power/request_state
247 chown radio system /sys/android_power/acquire_full_wake_lock
248 chown radio system /sys/android_power/acquire_partial_wake_lock
249 chown radio system /sys/android_power/release_wake_lock
250 chown system system /sys/power/state
251 chown system system /sys/power/autosleep
252 chown system system /sys/power/wakeup_count
253 chown radio system /sys/power/wake_lock
254 chown radio system /sys/power/wake_unlock
255 chmod 0660 /sys/power/state
256 chmod 0660 /sys/power/wake_lock
257 chmod 0660 /sys/power/wake_unlock
258
259 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
260 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
261 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
262 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
263 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
264 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
265 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
266 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
267 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
268 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
269 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
270 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
271 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
272 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
273 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
274
275 # Assume SMP uses shared cpufreq policy for all CPUs
276 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
277 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
278
279 chown system system /sys/class/timed_output/vibrator/enable
280 chown system system /sys/class/leds/keyboard-backlight/brightness
281 chown system system /sys/class/leds/lcd-backlight/brightness
282 chown system system /sys/class/leds/button-backlight/brightness
283 chown system system /sys/class/leds/jogball-backlight/brightness
284 chown system system /sys/class/leds/red/brightness
285 chown system system /sys/class/leds/green/brightness
286 chown system system /sys/class/leds/blue/brightness
287 chown system system /sys/class/leds/red/device/grpfreq
288 chown system system /sys/class/leds/red/device/grppwm
289 chown system system /sys/class/leds/red/device/blink
290 chown system system /sys/class/leds/red/brightness
291 chown system system /sys/class/leds/green/brightness
292 chown system system /sys/class/leds/blue/brightness
293 chown system system /sys/class/leds/red/device/grpfreq
294 chown system system /sys/class/leds/red/device/grppwm
295 chown system system /sys/class/leds/red/device/blink
296 chown system system /sys/class/timed_output/vibrator/enable
297 chown system system /sys/module/sco/parameters/disable_esco
298 chown system system /sys/kernel/ipv4/tcp_wmem_min
299 chown system system /sys/kernel/ipv4/tcp_wmem_def
300 chown system system /sys/kernel/ipv4/tcp_wmem_max
301 chown system system /sys/kernel/ipv4/tcp_rmem_min
302 chown system system /sys/kernel/ipv4/tcp_rmem_def
303 chown system system /sys/kernel/ipv4/tcp_rmem_max
304 chown root radio /proc/cmdline
305
306# Define TCP buffer sizes for various networks
307# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
308 setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
309 setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576
310 setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576
311 setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
312 setprop net.tcp.buffersize.hspa 4094,87380,1220608,4096,16384,1220608
313 setprop net.tcp.buffersize.hsupa 4094,87380,1220608,4096,16384,1220608
314 setprop net.tcp.buffersize.hsdpa 4094,87380,1220608,4096,16384,110208
315 setprop net.tcp.buffersize.hspap 4094,87380,2097152,4096,16384,1220608
316 setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
317 setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
318 setprop net.tcp.buffersize.evdo_b 4094,87380,262144,4096,16384,262144
319
320# Assign TCP buffer thresholds to be ceiling value of technology maximums
321# Increased technology maximums should be reflected here.
322 write /proc/sys/net/core/rmem_max 2097152
323 write /proc/sys/net/core/wmem_max 1220608
324
325# Set this property so surfaceflinger is not started by system_init
326 setprop system_init.startsurfaceflinger 0
327
328 class_start core //如果所有的class类别为core 的服务没有运行,则马上启动它们
329 class_start main
330
331on nonencrypted
332 class_start late_start
333
334on charger
335 class_start charger
336
337on property:vold.decrypt=trigger_reset_main
338 class_reset main
339
340on property:vold.decrypt=trigger_load_persist_props
341 load_persist_props
342
343on property:vold.decrypt=trigger_post_fs_data
344 trigger post-fs-data //触发一个事件post-fs-data, 该事件是用on post-fs-data定义的,位于后面
345
346on property:vold.decrypt=trigger_restart_min_framework
347 class_start main
348
349on property:vold.decrypt=trigger_restart_framework
350 class_start main
351 class_start late_start
352
353on property:vold.decrypt=trigger_shutdown_framework
354 class_reset late_start
355 class_reset main
356
357## Daemon processes to be run by init.
358##
359service ueventd /sbin/ueventd //表示service段,语法: service <服务名字> <服务对应的执行文件>; 声明服务名字为ueventd的服务,其具体执行路径
//为/sbin/ueventd
360 class core //表示属于class 类别为core 的服务,如果没有设置,则表示该服务的默认类别为default
361 critical //
362
363service console /system/bin/sh
364 class core
365 console
366 disabled
367 user shell
368 group log
369
370on property:ro.debuggable=1 //如果用setprop命令设置属性 ro.debuggable变成1,则触发下面的start console
371 start console
372
373# adbd is controlled via property triggers in init.<platform>.usb.rc
374service adbd /sbin/adbd
375 class core
376 disabled //该服务不能通过启动一类服务来启动,比如 class_start core来启动,只能以单独的名字来启动 start adbd.
377
378# adbd on at boot in emulator
379on property:ro.kernel.qemu=1
380 start adbd
381
382service servicemanager /system/bin/servicemanager
383 class core
384 user system //在该服务启动前,把用户名切换到 system,默认是root
385 group system //在该服务启动前,把组名切换到 system.
386 critical //说明该服务是个对于设备很关键的服务,如果4分钟内退出大于4次,则系统将重启并进入recovery恢复模式
387 onrestart exec /system/bin/sync //当该服务重启时,执行后面的命令 exec
//exec创建和执行一个程序(/system/bin/sync),在程序完全执行完之前,init会被阻塞。所以极有可能引起init卡死
388 onrestart write /proc/sysrq-trigger c
389
390service vold /system/bin/vold
391 class core
392 socket vold stream 0660 root mount //语法:socket <name> <type> <perm> <user> <group>, 创建一个名字为vold<name>,类别为stream<type>
//访问权限为0660<perm> 用户为root,用户组为mount
393 ioprio be 2
394
395service netd /system/bin/netd
396 class main
397 socket netd stream 0660 root system
398 socket dnsproxyd stream 0660 root inet
399 socket mdns stream 0660 root system
400
401service debuggerd /system/bin/debuggerd
402 class main
403
404service ril-daemon /system/bin/rild
405 class main
406 socket rild stream 660 root radio
407 socket rild-debug stream 660 radio system
408 user root
409 group radio cache inet misc audio sdcard_r sdcard_rw qcom_oncrpc diag qcom_diag log
410
411service surfaceflinger /system/bin/surfaceflinger
412 class main
413 user system
414 group graphics
415 onrestart exec /system/bin/sync
416 onrestart write /proc/sysrq-trigger c
417
418service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
419 class main
420 socket zygote stream 660 root system
421 onrestart exec /system/bin/sync
422 onrestart write /proc/sysrq-trigger c
423
424service drm /system/bin/drmserver
425 class main
426 user drm
427 group drm system inet drmrpc sdcard_r
428
429service media /system/bin/mediaserver
430 class main
431 user media
432 group system audio camera inet net_bt net_bt_admin net_bw_acct drmrpc input qcom_diag
433 ioprio rt 4
434
435service bootanim /system/bin/bootanimation
436 class main
437 user graphics
438 group graphics
439 disabled
440 oneshot //该服务只启动一次,退出后不再运行
441
442service dbus /system/bin/dbus-daemon --system --nofork
443 class main
444 socket dbus stream 660 bluetooth bluetooth
445 user bluetooth
446 group bluetooth net_bt_admin
447
448service bluetoothd /system/bin/logwrapper /system/bin/bluetoothd -n
449 class main
450 socket bluetooth stream 660 bluetooth bluetooth
451 socket dbus_bluetooth stream 660 bluetooth bluetooth
452 # init.rc does not yet support applying capabilities, so run as root and
453 # let bluetoothd drop uid to bluetooth with the right linux capabilities
454 group bluetooth net_bt_admin misc
455 disabled
456
457service installd /system/bin/installd
458 class main
459 socket installd stream 600 system system
460
461service flash_recovery /system/etc/install-recovery.sh
462 class main
463 oneshot
464
465service racoon /system/bin/racoon
466 class main
467 socket racoon stream 600 system system
468 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
469 group vpn net_admin inet
470 disabled
471 oneshot
472
473service mtpd /system/bin/mtpd
474 class main
475 socket mtpd stream 600 system system
476 user vpn
477 group vpn net_admin inet net_raw
478 disabled
479 oneshot
480
481service keystore /system/bin/keystore /data/misc/keystore
482 class main
483 user keystore
484 group keystore drmrpc
485 socket keystore stream 666
486
487service dumpstate /system/bin/dumpstate -s
488 class main
489 socket dumpstate stream 0660 shell log
490 disabled
491 oneshot
492
493service sshd /system/bin/start-ssh
494 class main
495 disabled
496
497service mdnsd /system/bin/mdnsd
498 class main
499 user mdnsr
500 group inet net_raw
501 socket mdnsd stream 0660 mdnsr inet
502 disabled
503 oneshot
实例分析init.rc的语法
最新推荐文章于 2022-01-24 20:08:47 发布