1# Copyright (C) 2012 The Android Open Source Project 2# Copyright (C) 3# Copyright (C) 4# 5# IMPORTANT: Do not create world writable files or directories. 6# This is a common source of Android security bugs. 7# 8 9import /init.${ro.hardware}.rc //import <filename> : 包含其他的*.rc,類似include 10import /init.usb.rc 11import /init.trace.rc 12 13on early-init //最先做 其中的action, 開始early-init 段 14 # Set init and its forked children's oom_adj. 15 write /proc/1/oom_adj -16 //直接寫入procfs 16 17 start ueventd //啓動一個服務,注意ueventd 必須是一個service,在359行有定義 18 19# create mountpoints 20 mkdir /mnt 0775 root system //創建目錄,具體用法與shell中的mkdir命令一樣 21 22on init //開始init段,其中的action在 early-init,property-init後執行 23 24sysclktz 0 //設置系統時鐘,如果是0表示用GMT的時鐘ticks 25 26loglevel 3 //log的輸出級別[0,7],控制的kernel的log輸出 27 28# setup the global environment 29 export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin //export,shell命令,設置全局環境變量 30 export LD_LIBRARY_PATH /vendor/lib:/system/lib 31 export ANDROID_BOOTLOGO 1 32 export ANDROID_ROOT /system 33 export ANDROID_ASSETS /system/app 34 export ANDROID_DATA /data 35 export ASEC_MOUNTPOINT /mnt/asec 36 export LOOP_MOUNTPOINT /mnt/obb 37 export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/framework_ext.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar 38 39# Backward compatibility 40 symlink /system/etc /etc //創建一個指向/system/etc的軟連接/etc, 也就是/etc目錄實際上指向/system/etc 41 symlink /sys/kernel/debug /d 42 43# Right now vendor lives on the same filesystem as system, 44# but someday that may change. 45 symlink /system/vendor /vendor 46 47# Create cgroup mount point for cpu accounting 48 mkdir /acct 49 mount cgroup none /acct cpuacct //mount <type> <device> <dir> [mountoption] 把device(none)掛載到type爲cgroup 的文件系統/acct下 //其中<device>可以是以mtd@name形式指定的一個mtd塊設備. mountoption可以是mode=0755,gid=1000 50 mkdir /acct/uid 51 52 mkdir /system 53 mkdir /data 0771 system system 54 mkdir /cache 0770 system cache 55 mkdir /config 0500 root root 56 57 # Directory for putting things only root should see. 58 mkdir /mnt/secure 0700 root root 59 60 # Directory for staging bindmounts 61 mkdir /mnt/secure/staging 0700 root root 62 63 # Directory-target for where the secure container 64 # imagefile directory will be bind-mounted 65 mkdir /mnt/secure/asec 0700 root root 66 67 # Secure container public mount points. 68 mkdir /mnt/asec 0700 root system 69 mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000 70 71 # Filesystem image public mount points. 72 mkdir /mnt/obb 0700 root system 73 mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000 74 75 write /proc/sys/kernel/panic_on_oops 1 76 write /proc/sys/kernel/hung_task_timeout_secs 0 77 write /proc/cpu/alignment 4 78 write /proc/sys/kernel/sched_latency_ns 10000000 79 write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000 80 write /proc/sys/kernel/sched_compat_yield 1 81 write /proc/sys/kernel/sched_child_runs_first 0 82 write /proc/sys/kernel/randomize_va_space 2 83 write /proc/sys/kernel/kptr_restrict 2 84 write /proc/sys/kernel/dmesg_restrict 1 85 write /proc/sys/vm/mmap_min_addr 32768 86 write /proc/sys/kernel/sched_rt_runtime_us 950000 87 write /proc/sys/kernel/sched_rt_period_us 1000000 88 89# Create cgroup mount points for process groups 90 mkdir /dev/cpuctl 91 mount cgroup none /dev/cpuctl cpu 92 chown system system /dev/cpuctl //改變目錄(/dev/cpuctl)的使用羣體爲system 93 chown system system /dev/cpuctl/tasks 94 chmod 0660 /dev/cpuctl/tasks //改變文件(/dev/cpuctl/tasks)的使用權限爲0660 95 write /dev/cpuctl/cpu.shares 1024 96 write /dev/cpuctl/cpu.rt_runtime_us 950000 97 write /dev/cpuctl/cpu.rt_period_us 1000000 98 99 mkdir /dev/cpuctl/apps 100 chown system system /dev/cpuctl/apps/tasks 101 chmod 0666 /dev/cpuctl/apps/tasks 102 write /dev/cpuctl/apps/cpu.shares 1024 103 write /dev/cpuctl/apps/cpu.rt_runtime_us 800000 104 write /dev/cpuctl/apps/cpu.rt_period_us 1000000 105 106 mkdir /dev/cpuctl/apps/bg_non_interactive 107 chown system system /dev/cpuctl/apps/bg_non_interactive/tasks 108 chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks 109 # 5.0 % 110 write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52 111 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000 112 write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000 113 114# Allow everybody to read the xt_qtaguid resource tracking misc dev. 115# This is needed by any process that uses socket tagging. 116 chmod 0644 /dev/xt_qtaguid 117 118on fs //?????? 119# mount mtd partitions 120 # Mount /system rw first to give the filesystem a chance to save a checkpoint 121 mount yaffs2 mtd@system /system 122 mount yaffs2 mtd@system /system ro remount 123 mount yaffs2 mtd@userdata /data nosuid nodev 124 mount yaffs2 mtd@cache /cache nosuid nodev 125 126on post-fs 127 # once everything is setup, no need to modify / 128 mount rootfs rootfs / ro remount 129 130 # We chown/chmod /cache again so because mount is run as root + defaults 131 chown system cache /cache 132 chmod 0770 /cache 133 134 # This may have been created by the recovery system with odd permissions 135 mkdir /cache/recovery 136 chown system cache /cache/recovery 137 chmod 0770 /cache/recovery 138 139 #change permissions on vmallocinfo so we can grab it from bugreports 140 chown root log /proc/vmallocinfo 141 chmod 0440 /proc/vmallocinfo 142 143 #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks 144 chown root system /proc/kmsg 145 chmod 0440 /proc/kmsg 146 chown root system /proc/sysrq-trigger 147 chmod 0220 /proc/sysrq-trigger 148 149 # create the lost+found directories, so as to enforce our permissions 150 # Moved to init.target.rc in the Sony product git 151 # mkdir /cache/lost+found 0770 root root 152 153on post-fs-data 154 # We chown/chmod /data again so because mount is run as root + defaults 155 chown system system /data 156 chmod 0771 /data 157 158 # Create dump dir and collect dumps. 159 # Do this before we mount cache so eventually we can use cache for 160 # storing dumps on platforms which do not have a dedicated dump partition. 161 mkdir /data/dontpanic 0750 root log 162 163 # Collect apanic data, free resources and re-arm trigger 164 copy /proc/apanic_console /data/dontpanic/apanic_console 165 chown root log /data/dontpanic/apanic_console 166 chmod 0640 /data/dontpanic/apanic_console 167 168 copy /proc/apanic_threads /data/dontpanic/apanic_threads 169 chown root log /data/dontpanic/apanic_threads 170 chmod 0640 /data/dontpanic/apanic_threads 171 172 write /proc/apanic_console 1 173 174 # create basic filesystem structure 175 mkdir /data/misc 01771 system misc 176 mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth 177 mkdir /data/misc/bluetooth 0770 system system 178 mkdir /data/misc/keystore 0700 keystore keystore 179 mkdir /data/misc/keychain 0771 system system 180 mkdir /data/misc/vpn 0770 system vpn 181 mkdir /data/misc/systemkeys 0700 system system 182 # give system access to wpa_supplicant.conf for backup and restore 183 mkdir /data/misc/wifi 0770 wifi wifi 184 chmod 0660 /data/misc/wifi/wpa_supplicant.conf 185 mkdir /data/local 0751 root root 186 chmod 2770 /data/radio 187 188 # For security reasons, /data/local/tmp should always be empty. 189 # Do not place files or directories in /data/local/tmp 190 mkdir /data/local/tmp 0771 shell shell 191 mkdir /data/data 0771 system system 192 mkdir /data/app-private 0771 system system 193 mkdir /data/app-asec 0700 root root 194 mkdir /data/app 0771 system system 195 mkdir /data/property 0700 root root 196 mkdir /data/ssh 0750 root shell 197 mkdir /data/ssh/empty 0700 root root 198 199 # create dalvik-cache, so as to enforce our permissions 200 mkdir /data/dalvik-cache 0771 system system 201 202 # create resource-cache and double-check the perms 203 mkdir /data/resource-cache 0771 system system 204 chown system system /data/resource-cache 205 chmod 0771 /data/resource-cache 206 207 # create the lost+found directories, so as to enforce our permissions 208 # Moved to init.target.rc in the Sony product git 209 # mkdir /data/lost+found 0770 root root 210 211 # create directory for DRM plug-ins - give drm the read/write access to 212 # the following directory. 213 mkdir /data/drm 0770 drm drm 214 215 # If there is no fs-post-data action in the init.<device>.rc file, you 216 # must uncomment this line, otherwise encrypted filesystems 217 # won't work. 218 # Set indication (checked by vold) that we have finished this action 219 #setprop vold.post_fs_data_done 1 220 221on boot //開始boot段,其中的action在 early-init,property-init,init後執行 222# basic network init 223 ifup lo //啓動網路接口 lo, 但lo是啥接口? 224 hostname localhost //設置手機主機名爲localhost 225 domainname localdomain //設置域名localdomain 226 227# set RLIMIT_NICE to allow priorities from 19 to -20 228 setrlimit 13 40 40 229 230# Memory management. Basic kernel parameters, and allow the high 231# level system server to be able to adjust the kernel OOM driver 232# parameters to match how it is managing things. 233 write /proc/sys/vm/overcommit_memory 1 234 write /proc/sys/vm/min_free_order_shift 4 235 chown root system /sys/module/lowmemorykiller/parameters/adj 236 chmod 0664 /sys/module/lowmemorykiller/parameters/adj 237 chown root system /sys/module/lowmemorykiller/parameters/minfree 238 chmod 0664 /sys/module/lowmemorykiller/parameters/minfree 239 240 # Tweak background writeout 241 write /proc/sys/vm/dirty_expire_centisecs 200 242 write /proc/sys/vm/dirty_background_ratio 5 243 244 # Permissions for System Server and daemons. 245 chown radio system /sys/android_power/state 246 chown radio system /sys/android_power/request_state 247 chown radio system /sys/android_power/acquire_full_wake_lock 248 chown radio system /sys/android_power/acquire_partial_wake_lock 249 chown radio system /sys/android_power/release_wake_lock 250 chown system system /sys/power/state 251 chown system system /sys/power/autosleep 252 chown system system /sys/power/wakeup_count 253 chown radio system /sys/power/wake_lock 254 chown radio system /sys/power/wake_unlock 255 chmod 0660 /sys/power/state 256 chmod 0660 /sys/power/wake_lock 257 chmod 0660 /sys/power/wake_unlock 258 259 chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate 260 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate 261 chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 262 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time 263 chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 264 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq 265 chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 266 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load 267 chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 268 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay 269 chown system system /sys/devices/system/cpu/cpufreq/interactive/boost 270 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost 271 chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse 272 chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost 273 chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost 274 275 # Assume SMP uses shared cpufreq policy for all CPUs 276 chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 277 chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq 278 279 chown system system /sys/class/timed_output/vibrator/enable 280 chown system system /sys/class/leds/keyboard-backlight/brightness 281 chown system system /sys/class/leds/lcd-backlight/brightness 282 chown system system /sys/class/leds/button-backlight/brightness 283 chown system system /sys/class/leds/jogball-backlight/brightness 284 chown system system /sys/class/leds/red/brightness 285 chown system system /sys/class/leds/green/brightness 286 chown system system /sys/class/leds/blue/brightness 287 chown system system /sys/class/leds/red/device/grpfreq 288 chown system system /sys/class/leds/red/device/grppwm 289 chown system system /sys/class/leds/red/device/blink 290 chown system system /sys/class/leds/red/brightness 291 chown system system /sys/class/leds/green/brightness 292 chown system system /sys/class/leds/blue/brightness 293 chown system system /sys/class/leds/red/device/grpfreq 294 chown system system /sys/class/leds/red/device/grppwm 295 chown system system /sys/class/leds/red/device/blink 296 chown system system /sys/class/timed_output/vibrator/enable 297 chown system system /sys/module/sco/parameters/disable_esco 298 chown system system /sys/kernel/ipv4/tcp_wmem_min 299 chown system system /sys/kernel/ipv4/tcp_wmem_def 300 chown system system /sys/kernel/ipv4/tcp_wmem_max 301 chown system system /sys/kernel/ipv4/tcp_rmem_min 302 chown system system /sys/kernel/ipv4/tcp_rmem_def 303 chown system system /sys/kernel/ipv4/tcp_rmem_max 304 chown root radio /proc/cmdline 305 306# Define TCP buffer sizes for various networks 307# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax, 308 setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208 309 setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576 310 setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576 311 setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208 312 setprop net.tcp.buffersize.hspa 4094,87380,1220608,4096,16384,1220608 313 setprop net.tcp.buffersize.hsupa 4094,87380,1220608,4096,16384,1220608 314 setprop net.tcp.buffersize.hsdpa 4094,87380,1220608,4096,16384,110208 315 setprop net.tcp.buffersize.hspap 4094,87380,2097152,4096,16384,1220608 316 setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040 317 setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680 318 setprop net.tcp.buffersize.evdo_b 4094,87380,262144,4096,16384,262144 319 320# Assign TCP buffer thresholds to be ceiling value of technology maximums 321# Increased technology maximums should be reflected here. 322 write /proc/sys/net/core/rmem_max 2097152 323 write /proc/sys/net/core/wmem_max 1220608 324 325# Set this property so surfaceflinger is not started by system_init 326 setprop system_init.startsurfaceflinger 0 327 328 class_start core //如果所有的class類別爲core 的服務沒有運行,則馬上啓動它們 329 class_start main 330 331on nonencrypted 332 class_start late_start 333 334on charger 335 class_start charger 336 337on property:vold.decrypt=trigger_reset_main 338 class_reset main 339 340on property:vold.decrypt=trigger_load_persist_props 341 load_persist_props 342 343on property:vold.decrypt=trigger_post_fs_data 344 trigger post-fs-data //觸發一個事件post-fs-data, 該事件是用on post-fs-data定義的,位於後面 345 346on property:vold.decrypt=trigger_restart_min_framework 347 class_start main 348 349on property:vold.decrypt=trigger_restart_framework 350 class_start main 351 class_start late_start 352 353on property:vold.decrypt=trigger_shutdown_framework 354 class_reset late_start 355 class_reset main 356 357## Daemon processes to be run by init. 358## 359service ueventd /sbin/ueventd //表示service段,語法: service <服務名字> <服務對應的執行文件>; 聲明服務名字爲ueventd的服務,其具體執行路徑 //爲/sbin/ueventd 360 class core //表示屬於class 類別爲core 的服務,如果沒有設置,則表示該服務的默認類別爲default 361 critical // 362 363service console /system/bin/sh 364 class core 365 console 366 disabled 367 user shell 368 group log 369 370on property:ro.debuggable=1 //如果用setprop命令設置屬性 ro.debuggable變成1,則觸發下面的start console 371 start console 372 373# adbd is controlled via property triggers in init.<platform>.usb.rc 374service adbd /sbin/adbd 375 class core 376 disabled //該服務不能通過啓動一類服務來啓動,比如 class_start core來啓動,只能以單獨的名字來啓動 start adbd. 377 378# adbd on at boot in emulator 379on property:ro.kernel.qemu=1 380 start adbd 381 382service servicemanager /system/bin/servicemanager 383 class core 384 user system //在該服務啓動前,把用戶名切換到 system,默認是root 385 group system //在該服務啓動前,把組名切換到 system. 386 critical //說明該服務是個對於設備很關鍵的服務,如果4分鐘內退出大於4次,則系統將重啓並進入recovery恢復模式 387 onrestart exec /system/bin/sync //當該服務重啓時,執行後面的命令 exec //exec創建和執行一個程序(/system/bin/sync),在程序完全執行完之前,init會被阻塞。所以極有可能引起init卡死 388 onrestart write /proc/sysrq-trigger c 389 390service vold /system/bin/vold 391 class core 392 socket vold stream 0660 root mount //語法:socket <name> <type> <perm> <user> <group>, 創建一個名字爲vold<name>,類別爲stream<type> //訪問權限爲0660<perm> 用戶爲root,用戶組爲mount 393 ioprio be 2 394 395service netd /system/bin/netd 396 class main 397 socket netd stream 0660 root system 398 socket dnsproxyd stream 0660 root inet 399 socket mdns stream 0660 root system 400 401service debuggerd /system/bin/debuggerd 402 class main 403 404service ril-daemon /system/bin/rild 405 class main 406 socket rild stream 660 root radio 407 socket rild-debug stream 660 radio system 408 user root 409 group radio cache inet misc audio sdcard_r sdcard_rw qcom_oncrpc diag qcom_diag log 410 411service surfaceflinger /system/bin/surfaceflinger 412 class main 413 user system 414 group graphics 415 onrestart exec /system/bin/sync 416 onrestart write /proc/sysrq-trigger c 417 418service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server 419 class main 420 socket zygote stream 660 root system 421 onrestart exec /system/bin/sync 422 onrestart write /proc/sysrq-trigger c 423 424service drm /system/bin/drmserver 425 class main 426 user drm 427 group drm system inet drmrpc sdcard_r 428 429service media /system/bin/mediaserver 430 class main 431 user media 432 group system audio camera inet net_bt net_bt_admin net_bw_acct drmrpc input qcom_diag 433 ioprio rt 4 434 435service bootanim /system/bin/bootanimation 436 class main 437 user graphics 438 group graphics 439 disabled 440 oneshot //該服務只啓動一次,退出後不再運行 441 442service dbus /system/bin/dbus-daemon --system --nofork 443 class main 444 socket dbus stream 660 bluetooth bluetooth 445 user bluetooth 446 group bluetooth net_bt_admin 447 448service bluetoothd /system/bin/logwrapper /system/bin/bluetoothd -n 449 class main 450 socket bluetooth stream 660 bluetooth bluetooth 451 socket dbus_bluetooth stream 660 bluetooth bluetooth 452 # init.rc does not yet support applying capabilities, so run as root and 453 # let bluetoothd drop uid to bluetooth with the right linux capabilities 454 group bluetooth net_bt_admin misc 455 disabled 456 457service installd /system/bin/installd 458 class main 459 socket installd stream 600 system system 460 461service flash_recovery /system/etc/install-recovery.sh 462 class main 463 oneshot 464 465service racoon /system/bin/racoon 466 class main 467 socket racoon stream 600 system system 468 # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port. 469 group vpn net_admin inet 470 disabled 471 oneshot 472 473service mtpd /system/bin/mtpd 474 class main 475 socket mtpd stream 600 system system 476 user vpn 477 group vpn net_admin inet net_raw 478 disabled 479 oneshot 480 481service keystore /system/bin/keystore /data/misc/keystore 482 class main 483 user keystore 484 group keystore drmrpc 485 socket keystore stream 666 486 487service dumpstate /system/bin/dumpstate -s 488 class main 489 socket dumpstate stream 0660 shell log 490 disabled 491 oneshot 492 493service sshd /system/bin/start-ssh 494 class main 495 disabled 496 497service mdnsd /system/bin/mdnsd 498 class main 499 user mdnsr 500 group inet net_raw 501 socket mdnsd stream 0660 mdnsr inet 502 disabled 503 oneshot 504
Android啓動文件init.rc文件實例語法分析
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.