# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#
import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardwareasure.rc
import /init.usb.configfs.rc
import /init.${ro.zygoteasket.rc
# Include CM's extra init file
import /init.cm.rc
on early-init
# Set init and its forked children's oom_adj.
write / proc / 1 / oom_score_adj -1000
# Disable sysrq from keyboard
write / proc / sys / kernel / sysrq 0
# Set the security context of / adb_keys if present.
restorecon / adb_keys
# Should not be necessary, but sdcard will not start without it.
http: // b / 22568628.
mkdir / mnt 0775 root system
# Set the security context of / postinstall if present.
restorecon / postinstall
start ueventd
on init
sysclktz 0
# Mix device-specific information into the entropy pool
copy / proc / cmdline / dev / urandom
copy /default.prop / dev / urandom
# Backward compatibility.
symlink / system / etc / etc
symlink / sys / kernel / debug / d
# Link / vendor to / system / vendor for devices without a vendor partition.
symlink / system / vendor / vendor
# Mount cgroup mount point for cpu accounting
mount cgroup none / acct cpuacct
mkdir / acct / uid
# Create energy-aware scheduler tuning nodes
mkdir / dev / stune
mount cgroup none / dev / stune schedtune
mkdir / dev / stune / foreground
mkdir / dev / stune / background
mkdir / dev / stune / system-background
mkdir / dev / stune / top-app
chown system system / dev / stune
chown system system / dev / stune / foreground
chown system system / dev / stune / background
chown system system / dev / stune / system-background
chown system system / dev / stune / top-app
chown system system / dev / stune / tasks
chown system system / dev / stune / foreground / tasks
chown system system / dev / stune / background / tasks
chown system system / dev / stune / system-background / tasks
chown system system / dev / stune / top-app / tasks
chmod 0664 / dev / stune / tasks
chmod 0664 / dev / stune / foreground / tasks
chmod 0664 / dev / stune / background / tasks
chmod 0664 / dev / stune / system-background / tasks
chmod 0664 / dev / stune / top-app / tasks
# Mount staging areas for devices managed by vold
# See storage config details at
http://source.android.com/tech/storage/mount tmpfs tmpfs / mnt mode = 0755, uid = 0, gid = 1000
restorecon_recursive / mnt
mount configfs none / config
chmod 0775 / config / sdcardfs
chown system package_info / config / sdcardfs
mkdir / mnt / secure 0700 root root
mkdir / mnt / secure / asec 0700 root root
mkdir / mnt / asec 0755 root system
mkdir / mnt / obb 0755 root system
mkdir / mnt / media_rw 0750 root media_rw
mkdir / mnt / user 0755 root root
mkdir / mnt / user / 0 0755 root root
mkdir / mnt / expand 0771 system system
mkdir / mnt / appfuse 0711 root root
# Storage views to support runtime permissions
mkdir / mnt / runtime 0700 root root
mkdir / mnt / runtime / default 0755 root root
mkdir / mnt / runtime / default / self 0755 root root
mkdir / mnt / runtime / read 0755 root root
mkdir / mnt / runtime / read / self 0755 root root
mkdir / mnt / runtime / write 0755 root root
mkdir / mnt / runtime / write / self 0755 root root
# Symlink to keep legacy apps working in multi-user world
symlink / storage / self / primary / sdcard
symlink / storage / self / primary / mnt / sdcard
symlink / mnt / user / 0 / primary / mnt / runtime / default / self / primary
# root memory control cgroup, used by lmkd
mkdir / dev / memcg 0700 root system
mount cgroup none / dev / memcg memory
# app mem cgroups, used by activity manager, lmkd and zygote
mkdir / dev / memcg / apps / 0755 system system
write / proc / sys / kernel / panic_on_oops 1
write / proc / sys / kernel / hung_task_timeout_secs 0
write / proc / cpu / alignment 4
# scheduler tunables
# Disable auto-scaling of scheduler tunables with hotplug. The tunables
# will vary across devices in unpredictable ways if allowed to scale with
# cpu cores.
write / proc / sys / kernel / sched_tunable_scaling 0
write / proc / sys / kernel / sched_latency_ns 10000000
write / proc / sys / kernel / sched_wakeup_granularity_ns 2,000,000
write / proc / sys / kernel / sched_child_runs_first 0
write / proc / sys / kernel / randomize_va_space 2
write / proc / sys / kernel / kptr_restrict 2
write / proc / sys / vm / mmap_min_addr 32768
write / proc / sys / net / ipv4 / ping_group_range "0 2147483647"
write / proc / sys / net / unix / max_dgram_qlen 600
write / proc / sys / kernel / sched_rt_runtime_us 950000
write / proc / sys / kernel / sched_rt_period_us 1,000,000
# reflect fwmark from incoming packets onto generated replies
write / proc / sys / net / ipv4 / fwmark_reflect 1
write / proc / sys / net / ipv6 / fwmark_reflect 1
# set fwmark on accepted sockets
write / proc / sys / net / ipv4 / tcp_fwmark_accept 1
# disable icmp redirects
write / proc / sys / net / ipv4 / conf / all / accept_redirects 0
write / proc / sys / net / ipv6 / conf / all / accept_redirects 0
# Create cgroup mount points for process groups
mkdir / dev / cpuctl
mount cgroup none / dev / cpuctl cpu
chown system system / dev / cpuctl
chown system system / dev / cpuctl / tasks
chmod 0666 / dev / cpuctl / tasks
write /dev/cpuctl/cpu.rt_period_us 1000000
write /dev/cpuctl/cpu.rt_runtime_us 950000
# sets up initial cpusets for ActivityManager
mkdir / dev / cpuset
mount cpuset none / dev / cpuset
# this ensures that the cpusets are present and usable, but the device's
# init.rc must actually set the correct cpus
mkdir / dev / cpuset / foreground
write / dev / cpuset / foreground / cpus 0
write / dev / cpuset / foreground / mems 0
mkdir / dev / cpuset / foreground / boost
write / dev / cpuset / foreground / boost / cpus 0
write / dev / cpuset / foreground / boost / mems 0
mkdir / dev / cpuset / background
write / dev / cpuset / background / cpus 0
write / dev / cpuset / background / mems 0
# system-background is for system tasks that should only run on
# little cores, not on bigs
# to be used only by init, so don't change system-bg permissions
mkdir / dev / cpuset / system-background
write / dev / cpuset / system-background / cpus 0
write / dev / cpuset / system-background / mems 0
mkdir / dev / cpuset / top-app
write / dev / cpuset / top-app / cpus 0
write / dev / cpuset / top-app / mems 0
# change permissions for all cpusets we'll touch at runtime
chown system system / dev / cpuset
chown system system / dev / cpuset / foreground
chown system system / dev / cpuset / foreground / boost
chown system system / dev / cpuset / background
chown system system / dev / cpuset / system-background
chown system system / dev / cpuset / top-app
chown system system / dev / cpuset / tasks
chown system system / dev / cpuset / foreground / tasks
chown system system / dev / cpuset / foreground / boost / tasks
chown system system / dev / cpuset / background / tasks
chown system system / dev / cpuset / system-background / tasks
chown system system / dev / cpuset / top-app / tasks
# set system-background to 0775 so SurfaceFlinger can touch it
chmod 0775 / dev / cpuset / system-background
chmod 0664 / dev / cpuset / foreground / tasks
chmod 0664 / dev / cpuset / foreground / boost / tasks
chmod 0664 / dev / cpuset / background / tasks
chmod 0664 / dev / cpuset / system-background / tasks
chmod 0664 / dev / cpuset / top-app / tasks
chmod 0664 / dev / cpuset / tasks
# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.
chown root net_bw_acct / proc / net / xt_qtaguid / ctrl
chown root net_bw_stats / proc / net / xt_qtaguid / stats
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
chmod 0644 / dev / xt_qtaguid
# Create location for fs_mgr to store abbreviated output from filesystem
# checker programs.
mkdir / dev / fscklogs 0770 root system
# pstore / ramoops previous console log
mount pstore pstore / sys / fs / pstore
chown system log / sys / fs / pstore / console-ramoops
chmod 0440 / sys / fs / pstore / console-ramoops
chown system log / sys / fs / pstore / pmsg-ramoops-0
chmod 0440 / sys / fs / pstore / pmsg-ramoops-0
# enable armv8_deprecated instruction hooks
write / proc / sys / abi / swp 1
# Linux's execveat () syscall may construct paths containing / dev / fd
# expecting it to point to / proc / self / fd
symlink / proc / self / fd / dev / fd
export DOWNLOAD_CACHE $ {ro.device.cache_dir}
# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40
# Healthd can trigger a full boot from charger mode by signaling this
# property when the power button is held.
on property: sys.boot_from_charger_mode = 1
class_stop charger
trigger late-init
# Load properties from / system / + / factory after fs mount.
on load_system_props_action
load_system_props
on load_persist_props_action
load_persist_props
start logd
start logd-reinit
# Indicate to fw loaders that the relevant mounts are up.
on firmware_mounts_complete
rm /dev/.booting
# Mount filesystems and start core system services.
on late-init
trigger early-fs
# Mount fstab in init. {$ Device} .rc by mount_all command. Optional parameter
# '--early' can be specified to skip entries with 'latemount'.
# / system and / vendor must be mounted by the end of the fs stage,
# while / data is optional.
trigger fs
trigger post-fs
# Load properties from / system / + / factory after fs mount. Place
# this in another action
# issued fs triggers have completed.
trigger load_system_props_action
# Mount fstab in init. {$ Device} .rc by mount_all with '--late' parameter
# to only mount entries with 'latemount'. This is needed if '--early' is
# specified in the previous mount_all command on the fs stage.
# With / system mounted and properties form / system + / factory available,
# some services can be started.
trigger late-fs
# Now we can mount / data. File encryption requires keymaster to decrypt
# / data, which in turn can only be loaded when system properties are present.
trigger post-fs-data
# Load persist properties and override properties (if enabled) from / data.
trigger load_persist_props_action
# Remove a file to wake up anything waiting for firmware.
trigger firmware_mounts_complete
trigger early-boot
trigger boot
on post-fs
start logd
# once everything is setup, no need to modify /
mount rootfs rootfs / ro remount
# Mount shared so changes propagate into child namespaces
mount rootfs rootfs / shared rec
# Mount default storage into root namespace
mount none / mnt / runtime / default / storage slave bind rec
# Make sure / sys / kernel / debug (if present) is labeled properly
restorecon_recursive / sys / kernel / debug
# We chown / chmod / cache again so because mount is run as root + defaults
chown system cache / cache
chmod 0770 / cache
# We restorecon / cache in case the cache partition has been reset.
restorecon_recursive / cache
# Create / cache / recovery in case it's not there. It'll also fix the odd
# permissions if created by the recovery system.
mkdir / cache / recovery 0770 system cache
# Backup / restore mechanism uses the cache partition
mkdir / cache / backup_stage 0700 system system
mkdir / cache / backup 0700 system system
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log / proc / vmallocinfo
chmod 0440 / proc / vmallocinfo
chown root log / proc / slabinfo
chmod 0440 / proc / slabinfo
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system / proc / kmsg
chmod 0440 / proc / kmsg
chown root system / proc / sysrq-trigger
chmod 0220 / proc / sysrq-trigger
chown system log / proc / last_kmsg
chmod 0440 / proc / last_kmsg
# make the selinux kernel policy world-readable
chmod 0444 / sys / fs / selinux / policy
# create the lost + found directories, so as to enforce our permissions
mkdir / cache / lost + found 0770 root root
on post-fs-data
# We chown / chmod / data again so because mount is run as root + defaults
chown system system / data
chmod 0771 / data
# We restorecon / data in case the userdata partition has been reset.
restorecon / data
# Start debuggerd to make debugging early-boot crashes easier.
start debuggerd
start debuggerd64
# Make sure we have the device encryption key.
start vold
installkey / data
# Start bootcharting as soon as possible after the data partition is
# mounted to collect more data.
mkdir / data / bootchart 0755 shell shell
bootchart_init
# Avoid predictable entropy pool. Carry over entropy from previous boot.
copy /data/system/entropy.dat / dev / urandom
# create basic filesystem structure
mkdir / data / misc 01771 system misc
mkdir / data / misc / bluedroid 02,770 bluetooth net_bt_stack
# Fix the access permissions and group ownership for 'bt_config.conf'
chmod 0660 /data/misc/bluedroid/bt_config.conf
chown bluetooth net_bt_stack /data/misc/bluedroid/bt_config.conf
mkdir / data / misc / bluetooth 0770 bluetooth net_bt_stack
mkdir / data / misc / bluetooth / logs 0770 bluetooth net_bt_stack
mkdir / data / misc / keystore 0700 keystore keystore
mkdir / data / misc / gatekeeper 0700 system system
mkdir / data / misc / keychain 0771 system system
mkdir / data / misc / net 0750 root shell
mkdir / data / misc / radio 0770 system radio
mkdir / data / misc / sms 0770 system radio
mkdir / data / misc / zoneinfo 0775 system system
mkdir / data / misc / vpn 0770 system vpn
mkdir / data / misc / shared_relro 0771 shared_relro shared_relro
mkdir / data / misc / systemkeys 0700 system system
mkdir / data / misc / wifi 0770 wifi wifi
mkdir / data / misc / wifi / sockets 0770 wifi wifi
mkdir / data / misc / wifi / wpa_supplicant 0770 wifi wifi
mkdir / data / misc / ethernet 0770 system system
mkdir / data / misc / dhcp 0770 dhcp dhcp
mkdir / data / misc / user 0771 root root
mkdir / data / misc / perfprofd 0775 root root
# give system access to wpa_supplicant.conf for backup and restore
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir / data / local 0751 root root
mkdir / data / misc / media 0700 media media
mkdir / data / misc / audioserver 0700 audioserver audioserver
mkdir / data / misc / cameraserver 0700 cameraserver cameraserver
mkdir / data / misc / vold 0700 root root
mkdir / data / misc / boottrace 0771 system shell
mkdir / data / misc / update_engine 0700 root root
mkdir / data / misc / trace 0700 root root
# profile file layout
mkdir / data / misc / profiles 0771 system system
mkdir / data / misc / profiles / cur 0771 system system
mkdir / data / misc / profiles / ref 0771 system system
mkdir / data / misc / profman 0770 system shell
# For security reasons, / data / local / tmp should always be empty.
# Do not place files or directories in / data / local / tmp
mkdir / data / local / tmp 0771 shell shell
mkdir / data / data 0771 system system
mkdir / data / app-private 0771 system system
mkdir / data / app-ephemeral 0771 system system
mkdir / data / app-asec 0700 root root
mkdir / data / app-lib 0771 system system
mkdir / data / app 0771 system system
mkdir / data / property 0700 root root
mkdir / data / tombstones 0771 system system
# create dalvik-cache, so as to enforce our permissions
mkdir / data / dalvik-cache 0771 root root
# create the A / B OTA directory, so as to enforce our permissions
mkdir / data / ota 0771 root root
# create the OTA package directory. It will be accessed by GmsCore (cache
# group), update_engine and update_verifier.
mkdir / data / ota_package 0770 system cache
# create resource-cache and double-check the perms
mkdir / data / resource-cache 0771 system system
chown system system / data / resource-cache
chmod 0771 / data / resource-cache
# create the lost + found directories, so as to enforce our permissions
mkdir / data / lost + found 0770 root root
# create directory for DRM plug-ins - give drm the read / write access to
# the following directory.
mkdir / data / drm 0770 drm drm
# create directory for MediaDrm plug-ins - give drm the read / write access to
# the following directory.
mkdir / data / mediadrm 0770 mediadrm mediadrm
mkdir / data / anr 0775 system system
# Separate location for storing security policy files on data
mkdir / data / security system system 0711
# Create all remaining / data root dirs so that they are made through init
# and get proper encryption policy installed
mkdir / data / backup 0700 system system
mkdir / data / ss 0700 system system
mkdir / data / system 0775 system system
mkdir / data / system / heapdump 0700 system system
mkdir / data / system / users 0775 system system
mkdir / data / system / theme 0755 system system
mkdir / data / system_de 0770 system system
mkdir / data / system_ce 0770 system system
mkdir / data / misc_de 01771 system misc
mkdir / data / misc_ce 01771 system misc
mkdir / data / user 0711 system system
mkdir / data / user_de 0711 system system
symlink / data / data / data / user / 0
mkdir / data / media 0770 media_rw media_rw
mkdir / data / media / obb 0770 media_rw media_rw
mkdir / data / cache 0770 system cache
mkdir / data / cache / recovery 0770 system cache
mkdir / data / cache / backup_stage 0700 system system
mkdir / data / cache / backup 0700 system system
init_user0
# Reload policy from / data / security if present.
setprop selinux.reload_policy 1
# Set SELinux security contexts on upgrade or policy update.
restorecon_recursive / data
restorecon / data / data
restorecon / data / user
restorecon / data / user / 0
# Check any timezone data in / data is newer than the copy in / system, delete if not.
exec - system system - / system / bin / tzdatacheck / system / usr / share / zoneinfo / data / misc / zoneinfo
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1
on boot
# basic network init
ifup lo
hostname localhost
domainname localdomain
# Memory management. Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.
write / proc / sys / vm / overcommit_memory 1
write / proc / sys / vm / min_free_order_shift 4
chown root system / sys / module / lowmemorykiller / parameters / adj
chmod 0664 / sys / module / lowmemorykiller / parameters / adj
chown root system / sys / module / lowmemorykiller / parameters / minfree
chmod 0664 / sys / module / lowmemorykiller / parameters / minfree
# Tweak background writeout
write / proc / sys / vm / dirty_expire_centisecs 200
write / proc / sys / vm / dirty_background_ratio 5
# Permissions for System Server and daemons.
chown radio system / sys / android_power / state
chown radio system / sys / android_power / request_state
chown radio system / sys / android_power / acquire_full_wake_lock
chown radio system / sys / android_power / acquire_partial_wake_lock
chown radio system / sys / android_power / release_wake_lock
chown system system / sys / power / autosleep
chown system system / sys / power / state
chown system system / sys / power / wakeup_count
chown radio wakelock / sys / power / wake_lock
chown radio wakelock / sys / power / wake_unlock
chmod 0660 / sys / power / state
chmod 0660 / sys / power / wake_lock
chmod 0660 / sys / power / wake_unlock
chown system system / sys / devices / system / cpu / cpufreq / interactive / timer_rate
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / timer_rate
chown system system / sys / devices / system / cpu / cpufreq / interactive / timer_slack
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / timer_slack
chown system system / sys / devices / system / cpu / cpufreq / interactive / min_sample_time
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / min_sample_time
chown system system / sys / devices / system / cpu / cpufreq / interactive / hispeed_freq
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / hispeed_freq
chown system system / sys / devices / system / cpu / cpufreq / interactive / target_loads
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / target_loads
chown system system / sys / devices / system / cpu / cpufreq / interactive / go_hispeed_load
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / go_hispeed_load
chown system system / sys / devices / system / cpu / cpufreq / interactive / above_hispeed_delay
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / above_hispeed_delay
chown system system / sys / devices / system / cpu / cpufreq / interactive / boost
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / boost
chown system system / sys / devices / system / cpu / cpufreq / interactive / boostpulse
chown system system / sys / devices / system / cpu / cpufreq / interactive / input_boost
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / input_boost
chown system system / sys / devices / system / cpu / cpufreq / interactive / boostpulse_duration
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / boostpulse_duration
chown system system / sys / devices / system / cpu / cpufreq / interactive / io_is_busy
chmod 0660 / sys / devices / system / cpu / cpufreq / interactive / io_is_busy
# Assume SMP uses shared cpufreq policy for all CPUs
chown system system / sys / devices / system / cpu / cpu0 / cpufreq / scaling_max_freq
chmod 0660 / sys / devices / system / cpu / cpu0 / cpufreq / scaling_max_freq
chown system system / sys / class / timed_output / vibrator / enable
chown system system / sys / class / leds / keyboard-backlight / brightness
chown system system / sys / class / leds / lcd-backlight / brightness
chown system system / sys / class / leds / button-backlight / brightness
chown system system / sys / class / leds / jogball-backlight / brightness
chown system system / sys / class / leds / red / brightness
chown system system / sys / class / leds / red / blink
chown system system / sys / class / leds / green / brightness
chown system system / sys / class / leds / green / blink
chown system system / sys / class / leds / blue / brightness
chown system system / sys / class / leds / blue / blink
chown system system / sys / class / leds / red / device / grpfreq
chown system system / sys / class / leds / red / device / grppwm
chown system system / sys / class / leds / red / device / blink
chown system system / sys / class / timed_output / vibrator / enable
chown system system / sys / module / sco / parameters / disable_esco
chown system system / sys / kernel / ipv4 / tcp_wmem_min
chown system system / sys / kernel / ipv4 / tcp_wmem_def
chown system system / sys / kernel / ipv4 / tcp_wmem_max
chown system system / sys / kernel / ipv4 / tcp_rmem_min
chown system system / sys / kernel / ipv4 / tcp_rmem_def
chown system system / sys / kernel / ipv4 / tcp_rmem_max
chown root radio / proc / cmdline
# Define default initial receive window size in segments.
setprop net.tcp.default_init_rwnd 60
class_start core
on nonencrypted
# A / B update verifier that marks a successful boot.
exec - root cache - / system / bin / update_verifier nonencrypted
class_start main
class_start late_start
on property: sys.init_log_level = *
loglevel $ {sys.init_log_level}
on charger
class_start charger
on property: vold.decrypt = trigger_reset_main
class_reset main
on property: vold.decrypt = trigger_load_persist_props
load_persist_props
start logd
start logd-reinit
on property: vold.decrypt = trigger_post_fs_data
trigger post-fs-data
on property: vold.decrypt = trigger_restart_min_framework
# A / B update verifier that marks a successful boot.
exec - root cache - / system / bin / update_verifier trigger_restart_min_framework
class_start main
on property: vold.decrypt = trigger_restart_framework
# A / B update verifier that marks a successful boot.
exec - root cache - / system / bin / update_verifier trigger_restart_framework
class_start main
class_start late_start
on property: vold.decrypt = trigger_shutdown_framework
class_reset late_start
class_reset main
on property: sys.powerctl = *
powerctl $ {sys.powerctl}
# system server cannot write to / proc / sys files,
# and chown / chmod does not work for / proc / sys / entries.
# So proxy writes through init.
on property: sys.sysctl.extra_free_kbytes = *
write / proc / sys / vm / extra_free_kbytes $ {sys.sysctl.extra_free_kbytes}
# "tcp_default_init_rwnd" Is too long!
on property: sys.sysctl.tcp_def_init_rwnd = *
write / proc / sys / net / ipv4 / tcp_default_init_rwnd $ {sys.sysctl.tcp_def_init_rwnd}
on property: security.perf_harden = 0
write / proc / sys / kernel / perf_event_paranoid 1
on property: security.perf_harden = 1
write / proc / sys / kernel / perf_event_paranoid 3
## Daemon processes to be run by init.
##
service ueventd / sbin / ueventd
class core
critical
seclabel u: r: ueventd: s0
service healthd / sbin / healthd
class core
critical
seclabel u: r: healthd: s0
group root system wakelock
service console / system / bin / sh
class core
console
disabled
user shell
group shell log readproc
seclabel u: r: shell: s0
on property: ro.debuggable = 1
# Give writes to anyone for the trace folder on debug builds.
# The folder is used to store method traces.
chmod 0773 / data / misc / trace
start console
service flash_recovery /system/bin/install-recovery.sh
class main
oneshot
disabled
# Update recovery if enabled
#on property: persist.sys.recovery_update = true
# Start flash_recovery