init.rc

# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#

import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.trace.rc
import /init.bt.rc
import /init.carrier.rc

on early-init
    # Set init and its forked children's oom_adj.
    write /proc/1/oom_adj -16

    # Set the security context for the init process.
    # This should occur before anything else (e.g. ueventd) is started.
    setcon u:r:init:s0

    start ueventd

# Configure SEAndroid booleans and enforcing mode    
     setsebool android_cts=1
     setsebool debugfs=1

# create mountpoints
    mkdir /mnt 0775 root system
    mkdir /mnt_1 0775 root system

    mkdir /mnt_1/sdcard_1 0775 system system    
    mkdir /mnt_1/sdcard_2 0775 system system    
    mkdir /mnt_1/sdcard_3 0775 system system
    mkdir /mnt_1/extSdCard 0775 system system   
    mkdir /data_1 0770 system system    
    mkdir /data_2 0770 system system    
    mkdir /data_3 0770 system system

# Allow system UID to setenforce and set booleans.
    chown system system /selinux/enforce
    chown system system /sys/fs/selinux/enforce
    chown -R system system /selinux/booleans
    chown -R system system /sys/fs/selinux/booleans
    chown system system /selinux/commit_pending_bools
    chown system system /sys/fs/selinux/commit_pending_bools

on init

sysclktz 0

loglevel 3

# Vibetonz
    export VIBE_PIPE_PATH /dev/pipes
    mkdir /dev/pipes 0771 shell shell
    restorecon /dev/pipes

# setup the global environment
    export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
    export LD_LIBRARY_PATH /vendor/lib:/system/lib
    export ANDROID_BOOTLOGO 1
    export ANDROID_ROOT /system
    export ANDROID_ASSETS /system/app
    export ANDROID_DATA /data
    export ANDROID_STORAGE /storage
    export ASEC_MOUNTPOINT /mnt/asec
    export LOOP_MOUNTPOINT /mnt/obb
 # TODO: replace it with device's DEXPREOPT_BOOT_JARS
   export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/framework2.jar:/system/framework/telephony-common.jar:/system/framework/mms-common.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar:/system/framework/sec_edm.jar:/system/framework/seccamera.jar:/system/framework/scrollpause.jar:/system/framework/stayrotation.jar:/system/framework/smartfaceservice.jar:/system/framework/abt-persistence.jar:/system/framework/secocsp.jar:/system/framework/sc.jar

# for audit message
    chown system system /proc/avc_msg
    chmod 0660 /proc/avc_msg

# Backward compatibility
    symlink /system/etc /etc
    symlink /sys/kernel/debug /d

# Right now vendor lives on the same filesystem as system,
# but someday that may change.
    symlink /system/vendor /vendor

# Create cgroup mount point for cpu accounting
    mkdir /acct
    mount cgroup none /acct cpuacct
    mkdir /acct/uid

    mkdir /system
    mkdir /data 0771 system system
    mkdir /cache 0770 system cache
    mkdir /config 0500 root root
    mkdir /efs 0771 system radio
    mkdir /preload 0771 system system
    

    # See storage config details at http://source.android.com/tech/storage/
    mkdir /mnt/shell 0750 shell shell
    mkdir /storage 0050 root sdcard_r

    # Directory for putting things only root should see.
    mkdir /mnt/secure 0700 root root
    # Create private mountpoint so we can MS_MOVE from staging
    mount tmpfs tmpfs /mnt/secure mode=0700,uid=0,gid=0

    # Directory for staging bindmounts
    mkdir /mnt/secure/staging 0700 root root
    resturecon -R /mnt/secure/staging

    # Directory-target for where the secure container
    # imagefile directory will be bind-mounted
    mkdir /mnt/secure/asec  0700 root root
    restorecon -R /mnt/secure/asec

    # Secure container public mount points.
    mkdir /mnt/asec  0700 root system
    mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
    restorecon -R /mnt/asec

    # Filesystem image public mount points.
    mkdir /mnt/obb 0700 root system
    mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
    restorecon -R /mnt/obb

    write /proc/sys/kernel/panic_on_oops 1
    write /proc/sys/kernel/hung_task_timeout_secs 0
    write /proc/cpu/alignment 4
    write /proc/sys/kernel/sched_latency_ns 10000000
    write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
    write /proc/sys/kernel/sched_compat_yield 1
    write /proc/sys/kernel/sched_child_runs_first 0
    write /proc/sys/kernel/randomize_va_space 2
    write /proc/sys/kernel/kptr_restrict 2
    write /proc/sys/kernel/dmesg_restrict 1
    write /proc/sys/vm/mmap_min_addr 32768
    write /proc/sys/kernel/sched_rt_runtime_us 950000
    write /proc/sys/kernel/sched_rt_period_us 1000000

# MTP permission
	chmod 0660 /dev/usb_mtp_gadget
	chown system system /dev/usb_mtp_gadget

# Image Version info for SUA
    chmod 0660 /sys/class/android_usb/android0/f_mass_storage/sua_version_info
    chown system system /sys/class/android_usb/android0/f_mass_storage/sua_version_info

# Create cgroup mount points for process groups
    mkdir /dev/cpuctl
    mount cgroup none /dev/cpuctl cpu
    chown system system /dev/cpuctl
    chown system system /dev/cpuctl/tasks
    chmod 0660 /dev/cpuctl/tasks
    write /dev/cpuctl/cpu.shares 1024
    write /dev/cpuctl/cpu.rt_runtime_us 950000
    write /dev/cpuctl/cpu.rt_period_us 1000000

    mkdir /dev/cpuctl/apps
    chown system system /dev/cpuctl/apps/tasks
    chmod 0666 /dev/cpuctl/apps/tasks
    write /dev/cpuctl/apps/cpu.shares 1024
    write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
    write /dev/cpuctl/apps/cpu.rt_period_us 1000000

    mkdir /dev/cpuctl/apps/bg_non_interactive
    chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
    chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
    # 5.0 %
    write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
    write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000

# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
    chmod 0644 /dev/xt_qtaguid

on fs
# mount mtd partitions
    # Mount /system rw first to give the filesystem a chance to save a checkpoint
    mount yaffs2 mtd@system /system
    mount yaffs2 mtd@system /system ro remount
    mount yaffs2 mtd@userdata /data nosuid nodev
    mount yaffs2 mtd@cache /cache nosuid nodev

on post-fs
    # once everything is setup, no need to modify /
    mount rootfs rootfs / ro remount

    # After mount, attempt to reload policy
    # setprop selinux.reload_policy 1

    # mount shared so changes propagate into child namespaces
    mount rootfs rootfs / shared rec
    mount tmpfs tmpfs /mnt/secure private rec

    # We chown/chmod /cache again so because mount is run as root + defaults
    chown system cache /cache
    chmod 0770 /cache
    # We restorecon /cache in case the cache partition has been reset.
    restorecon /cache

    # This may have been created by the recovery system with odd permissions
    chown system cache /cache/recovery
    chmod 0770 /cache/recovery
    # This may have been created by the recovery system with the wrong context.
    restorecon /cache/recovery

    #change permissions on vmallocinfo so we can grab it from bugreports
    chown root log /proc/vmallocinfo
    chmod 0440 /proc/vmallocinfo

    chown root log /proc/slabinfo
    chmod 0440 /proc/slabinfo

    #change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
    chown root system /proc/kmsg
    chmod 0440 /proc/kmsg
    chown root system /proc/sysrq-trigger
    chmod 0220 /proc/sysrq-trigger
    chown system log /proc/last_kmsg
    chmod 0440 /proc/last_kmsg

    # create the lost+found directories, so as to enforce our permissions
    mkdir /cache/lost+found 0770 root root
    restorecon /cache/lost+found

    # ko files for exfat
    insmod /system/lib/modules/exfat_core.ko
    insmod /system/lib/modules/exfat_fs.ko

on post-fs-data
    # We chown/chmod /data again so because mount is run as root + defaults
    chown system system /data
    chmod 0771 /data
    # We restorecon /data in case the userdata partition has been reset.
    restorecon /data
    restorecon /data/lost+found

    # Create dump dir and collect dumps.
    # Do this before we mount cache so eventually we can use cache for
    # storing dumps on platforms which do not have a dedicated dump partition.
    mkdir /data/dontpanic 0750 root log

    # Collect apanic data, free resources and re-arm trigger
    copy /proc/apanic_console /data/dontpanic/apanic_console
    chown root log /data/dontpanic/apanic_console
    chmod 0640 /data/dontpanic/apanic_console

    copy /proc/apanic_threads /data/dontpanic/apanic_threads
    chown root log /data/dontpanic/apanic_threads
    chmod 0640 /data/dontpanic/apanic_threads

    write /proc/apanic_console 1

    # create basic filesystem structure
    mkdir /data/misc 01771 system misc
    mkdir /data/misc/audit 02755 audit system
    mkdir /data/misc/adb 02750 system shell
    mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
    mkdir /data/misc/bluetooth 0770 system system
    mkdir /data/misc/gpsone_d 0770 system gps
    mkdir /data/misc/keystore 0700 keystore keystore
    mkdir /data/misc/location 0770 gps gps
    mkdir /data/misc/keychain 0771 system system
    mkdir /data/misc/radio 0771 radio radio
    mkdir /data/misc/sms 0770 system radio
    mkdir /data/misc/vpn 0770 system vpn
    mkdir /data/misc/systemkeys 0700 system system
    # give system access to wpa_supplicant.conf for backup and restore
    mkdir /data/misc/wifi 0770 wifi wifi
    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
    mkdir /data/local 0751 root root

    #icd
    exec icd_check
    chown system system /dev/icd
    chmod 0644 /dev/icd
    write /dev/icdr 0
    chown system system /dev/icdr
    chmod 0644 /dev/icdr
    chown system system /dev/tzic

    # For security reasons, /data/local/tmp should always be empty.
    # Do not place files or directories in /data/local/tmp
    mkdir /data/local/tmp 0771 shell shell
    mkdir /data/data 0771 system system
    mkdir /data/app-private 0771 system system
    mkdir /data/app-asec 0700 root root
    mkdir /data/app-lib 0771 system system
    mkdir /data/app 0771 system system
    mkdir /data/property 0700 root root
    mkdir /data/ssh 0750 root shell
    mkdir /data/ssh/empty 0700 root root

    # SA, System SW, SAMSUNG create log directory
    mkdir /data/log 0775 system log
    chown system log /data/log
    mkdir /data/anr 0775 system system
    chown system system /data/anr
    chmod 0775 /data/log
    chmod 0775 /data/anr
    restorecon /data/log
    restorecon /data/anr
	
    #container mount points
    mkdir /data/.container_1 0771 system system
    mkdir /data/.container_2 0771 system system
    mkdir /data/.container_3 0771 system system

    restorecon /data/.container_1
    restorecon /data/.container_2
    restorecon /data/.container_3

    # create dalvik-cache, so as to enforce our permissions
    mkdir /data/dalvik-cache 0771 system system

    # create resource-cache and double-check the perms
    mkdir /data/resource-cache 0771 system system
    chown system system /data/resource-cache
    chmod 0771 /data/resource-cache

    # create the lost+found directories, so as to enforce our permissions
    mkdir /data/lost+found 0770 root root
    restorecon /data/lost+found

    # create directory for DRM plug-ins - give drm the read/write access to
    # the following directory.
    mkdir /data/drm 0770 drm drm

    # time daemon offset dir
    mkdir /data/time 0700 system system
    restorecon /data/time

    # /data/backup 
    mkdir /data/backup 0700 system system
    restorecon /data/backup

    # obb dir for restorecon
    mkdir /data/media/obb 0775 media_rw media_rw
    restorecon /data/media/obb

#[ SEC_MM_DRM

    # [ save OMA DB, when upgrading from GB to ICS
    # belows will be removed at KLP
    mkdir /data/system/databases 0771 system system
    copy /data/data/com.sec.android.providers.drm/databases/drmdatabase.db /data/system/databases/drmdatabase.db
    chown system system /data/system/databases/drmdatabase.db
    chmod 0774 /data/system/databases/drmdatabase.db
    # ]

    # DRM directory creation
    mkdir /system/etc/security/.drm 0775
    chown root root /system/etc/security/.drm
    chmod 0775 /system/etc/security/.drm

    # Added for Playready DRM Support
    mkdir /data/data/.drm 0775
    chown drm system /data/data/.drm
    chmod 0775 /data/data/.drm
    mkdir /data/data/.drm/.playready 0775
    chown drm system /data/data/.drm/.playready
    chmod 0775 /data/data/.drm/.playready

    # Added drm folder to copy drm plugins
    mkdir /system/lib/drm 0775
    chown root root /system/lib/drm
    chmod 0775 /system/lib/drm

    # DivX DRM
    mkdir /efs/.files 0775
    mkdir /efs/.files/.dx1 0775
    mkdir /efs/.files/.dm33 0775
    mkdir /efs/.files/.mp301 0775
    chown media system /efs/.files/.dx1
    chown media system /efs/.files/.dm33
    chown media system /efs/.files/.mp301
    chmod 0775 /efs/.files/.dx1
    chmod 0775 /efs/.files/.dm33
    chmod 0775 /efs/.files/.mp301
#]

    # efs  
    mkdir /efs/drm 0770
    chown drm system /efs/drm
    chmod 0770 /efs/drm
    mkdir /efs/drm/playready 0775
    chown drm system /efs/drm/playready
    chmod 0775 /efs/drm/playready
    mkdir /efs/imei 0775 radio radio
    restorecon -R /efs

    # Separate location for storing security policy files on data
    mkdir /data/security 0700 system system

    # If there is no fs-post-data action in the init.<device>.rc file, you
    # must uncomment this line, otherwise encrypted filesystems
    # won't work.
    # Set indication (checked by vold) that we have finished this action
    #setprop vold.post_fs_data_done 1

# Permissions for Camera
    chown system radio /sys/class/camera/rear/rear_camfw
    chown system radio /sys/class/camera/rear/rear_camtype
    chown system media_rw /sys/class/camera/rear/rear_checkApp
    chown system radio /sys/class/camera/flash/rear_flash
    chown system radio /sys/class/camera/front/front_camfw
    chown system radio /sys/class/camera/front/front_camtype

# Permissions for NCM
	chmod 0660 /sys/class/android_usb/android0/terminal_version
	chown system system /sys/class/android_usb/android0/terminal_version

on boot
    mount debugfs /sys/kernel/debug /sys/kernel/debug
# Vibetonz
    chmod 0660 /dev/tspdrv
    chown root shell /dev/tspdrv

# basic network init
    ifup lo
    hostname localhost
    domainname localdomain

# set RLIMIT_NICE to allow priorities from 19 to -20
    setrlimit 13 40 40

# Memory management.  Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.
    write /proc/sys/vm/overcommit_memory 1
    write /proc/sys/vm/min_free_order_shift 4
    chown root system /sys/module/lowmemorykiller/parameters/adj
    chmod 0664 /sys/module/lowmemorykiller/parameters/adj
    chown root system /sys/module/lowmemorykiller/parameters/minfree
    chmod 0664 /sys/module/lowmemorykiller/parameters/minfree

    # Tweak background writeout
    write /proc/sys/vm/dirty_expire_centisecs 200
    write /proc/sys/vm/dirty_background_ratio  5

    # Permissions for System Server and daemons.
    chown radio system /sys/android_power/state
    chown radio system /sys/android_power/request_state
    chown radio system /sys/android_power/acquire_full_wake_lock
    chown radio system /sys/android_power/acquire_partial_wake_lock
    chown radio system /sys/android_power/release_wake_lock
    chown system system /sys/power/autosleep
    chown system system /sys/power/state
    chown system system /sys/power/wakeup_count
    chown radio system /sys/power/wake_lock
    chown radio system /sys/power/wake_unlock
    chmod 0660 /sys/power/state
    chmod 0660 /sys/power/wake_lock
    chmod 0660 /sys/power/wake_unlock

# SEC DVFS sysfs node
    chown radio system /sys/power/cpufreq_max_limit
    chown radio system /sys/power/cpufreq_min_limit
    chown radio system /sys/power/cpufreq_table
    chown radio system /sys/class/kgsl/kgsl-3d0/max_pwrlevel
    chmod 664 /sys/power/cpufreq_max_limit
    chmod 664 /sys/power/cpufreq_min_limit
    chmod 664 /sys/power/cpufreq_table
    chmod 664 /sys/class/kgsl/kgsl-3d0/max_pwrlevel

    chown radio system /sys/devices/system/cpu/cpufreq/ondemand/enable_turbo_mode
    chmod 664 /sys/devices/system/cpu/cpufreq/ondemand/enable_turbo_mode

    chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
    chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
    chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
    chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
    chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
    chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
    chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
    chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration

    chown system system  /sys/class/mdnie/mdnie/lcdtype
    chown system system  /sys/class/mdnie/mdnie/lcd_power
    chown system media_rw /sys/class/mdnie/mdnie/scenario
    chown system system /sys/class/mdnie/mdnie/tuning
    chown system media_rw /sys/class/mdnie/mdnie/outdoor
    chown system system  /sys/class/mdnie/mdnie/mdnie_temp
    chown system system /sys/class/mdnie/mdnie/mode
    chown system system /sys/class/mdnie/mdnie/negative
    chown system media_rw /sys/class/mdnie/mdnie/playspeed
    chown system system /sys/class/lcd/panel/window_type
    chown radio system /sys/class/lcd/panel/power_reduce
    chown system media_rw /sys/class/mdnie/mdnie/accessibility 
    chown radio system /sys/class/lcd/panel/siop_enable
    chown radio system /sys/class/lcd/panel/temperature

# Adjust YUV to RGB Conversion
	chown system media_rw /sys/class/graphics/fb0/csc_cfg
	chmod 0660 /sys/class/graphics/fb0/csc_cfg

# Dynamic FPS
    chown radio system  /sys/class/lcd/panel/fps_change
    chmod 0664 /sys/class/lcd/panel/fps_change

# Auto Brightness
    chown system system  /sys/class/backlight/panel/auto_brightness
    chmod 0660 /sys/class/backlight/panel/auto_brightness

    # Assume SMP uses shared cpufreq policy for all CPUs
    chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
    chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq

    chown radio system /sys/class/sec/sec_touchkey/touch_sensitivity
    chown radio system /sys/class/sec/sec_touchkey/touchkey_firm_update
    chown system radio /sys/class/sec/tsp/cmd
    chown system radio /sys/class/sec/sec_touchkey/glove_mode
    chown system radio /sys/class/sec/sec_touchkey/flip_mode

 #For hover control from secureinput   
    chown system radio /sys/class/input/input3/proximity_enables

    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/class/leds/keyboard-backlight/brightness
    chown system system /sys/class/leds/lcd-backlight/brightness
    chown system system /sys/class/leds/button-backlight/brightness
    chown system system /sys/class/leds/jogball-backlight/brightness
    chown system system /sys/class/leds/red/brightness
    chown system system /sys/class/leds/green/brightness
    chown system system /sys/class/leds/blue/brightness
    chown system system /sys/class/leds/red/device/grpfreq
    chown system system /sys/class/leds/red/device/grppwm
    chown system system /sys/class/leds/red/device/blink
    chown system system /sys/class/leds/red/brightness
    chown system system /sys/class/leds/green/brightness
    chown system system /sys/class/leds/blue/brightness
    chown system system /sys/class/leds/red/device/grpfreq
    chown system system /sys/class/leds/red/device/grppwm
    chown system system /sys/class/leds/red/device/blink
    chown system system /sys/class/timed_output/vibrator/enable
    chown system system /sys/module/sco/parameters/disable_esco
    chown system system /sys/kernel/ipv4/tcp_wmem_min
    chown system system /sys/kernel/ipv4/tcp_wmem_def
    chown system system /sys/kernel/ipv4/tcp_wmem_max
    chown system system /sys/kernel/ipv4/tcp_rmem_min
    chown system system /sys/kernel/ipv4/tcp_rmem_def
    chown system system /sys/kernel/ipv4/tcp_rmem_max
    chown root radio /proc/cmdline

# Ap thermister permission
    chown system radio /sys/bus/platform/devices/apq8064-tmu/curr_temp
    chmod 664 /sys/bus/platform/devices/apq8064-tmu/curr_temp
# volume up/down key
    chown radio system /sys/class/sec/sec_key/wakeup_keys

# permission for CHARGING
   chown system radio /sys/class/power_supply/battery/batt_reset_soc
   chown system radio /sys/class/power_supply/battery/batt_slate_mode
   chown system radio /sys/class/power_supply/battery/update
   chown system radio /sys/class/power_supply/battery/factory_mode
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/call
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/video
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/music
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/browser
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/hotspot
   chown sdcard_rw sdcard_rw /sys/class/power_supply/battery/camera
   chown system radio /sys/class/power_supply/battery/talk_wcdma
   chown system radio /sys/class/power_supply/battery/talk_gsm
   chown system radio /sys/class/power_supply/battery/call
   chown system radio /sys/class/power_supply/battery/data_call
   chown system radio /sys/class/power_supply/battery/gps
   chown system radio /sys/class/power_supply/battery/wifi
   chown system radio /sys/class/power_supply/battery/lte
   chown system radio /sys/class/power_supply/battery/wc_enable

   #OTG Test
   chown system radio /sys/class/host_notify/usb_otg/booster
   chmod 0660 /sys/class/host_notify/usb_otg/booster

   #Essential node for usbservice
   mkdir /dev/bus/ 755 root root
   mkdir /dev/bus/usb 755 root root
   restorecon -R /dev/bus

   # Permissions for Led
   chown system system /sys/class/sec/led/led_r
   chown system system /sys/class/sec/led/led_g
   chown system system /sys/class/sec/led/led_b
   chown system system /sys/class/sec/led/led_pattern
   chown system system /sys/class/sec/led/led_blink
   chown system system /sys/class/sec/led/led_lowpower

# <Sensors & NFC>
# Accelerometer_sensor
    chown system radio /sys/class/sensors/accelerometer_sensor/raw_data
    chown system radio /sys/class/sensors/accelerometer_sensor/calibration
    chown system radio /sys/class/sensors/accelerometer_sensor/reactive_alert
    chown system radio /sys/class/sensors/accelerometer_sensor/vendor
    chown system radio /sys/class/sensors/accelerometer_sensor/name
# Proximity_sensor
    chown system radio /sys/class/sensors/proximity_sensor/state
    chown system radio /sys/class/sensors/proximity_sensor/raw_data
    chown system radio /sys/class/sensors/proximity_sensor/prox_avg
    chown system radio /sys/class/sensors/proximity_sensor/prox_cal
    chown system radio /sys/class/sensors/proximity_sensor/vendor
    chown system radio /sys/class/sensors/proximity_sensor/name
    chown system radio /sys/class/sensors/proximity_sensor/thresh_high
    chown system radio /sys/class/sensors/proximity_sensor/thresh_low
    chown system radio /sys/class/sensors/proximity_sensor/barcode_emul_en
# Light_sensor
    chown system radio /sys/class/sensors/light_sensor/lux
    chown system radio /sys/class/sensors/light_sensor/raw_data
    chown system radio /sys/class/sensors/light_sensor/vendor
    chown system radio /sys/class/sensors/light_sensor/name
# Gyro_sensor
    chown system radio /sys/class/sensors/gyro_sensor/power_on
    chown system radio /sys/class/sensors/gyro_sensor/power_off
    chown system radio /sys/class/sensors/gyro_sensor/temperature
    chown system radio /sys/class/sensors/gyro_sensor/selftest
    chown system radio /sys/class/sensors/gyro_sensor/selftest_dps
    chown system radio /sys/class/sensors/gyro_sensor/vendor
    chown system radio /sys/class/sensors/gyro_sensor/name
# Barometer_sensor
    chown system radio /sys/class/sensors/barometer_sensor/sea_level_pressure
    chown system radio /sys/class/sensors/barometer_sensor/vendor
    chown system radio /sys/class/sensors/barometer_sensor/name
    chown system radio /sys/class/sensors/barometer_sensor/calibration
# Magnetic_sensor
#    chown system radio /dev/akm8963
    chown system radio /sys/class/sensors/magnetic_sensor/raw_data
    chown system radio /sys/class/sensors/magnetic_sensor/vendor
    chown system radio /sys/class/sensors/magnetic_sensor/name
# uv_sensor
    chown system radio /sys/class/sensors/uv_sensor/vendor
    chown system radio /sys/class/sensors/uv_sensor/name
    chown system radio /sys/class/sensors/uv_sensor/raw_data
    chown system radio /sys/class/sensors/uv_sensor/power_on
    chown system radio /sys/class/sensors/uv_sensor/power_off
# Temphumidity_sensor
    chown system radio /sys/class/sensors/temphumidity_sensor/vendor
    chown system radio /sys/class/sensors/temphumidity_sensor/name
    chown system radio /sys/class/sensors/temphumidity_sensor/engine_ver
    chown system radio /sys/class/sensors/temphumidity_sensor/engine_ver2
    chown system radio /sys/class/sensors/temphumidity_sensor/cp_thm
    chown system radio /sys/class/sensors/temphumidity_sensor/send_accuracy
# SensorHub
    chown system radio /sys/class/sensors/ssp_sensor/enable
    chown system radio /sys/class/sensors/ssp_sensor/enable_irq
    chown system radio /sys/class/sensors/ssp_sensor/mcu_rev
    chown system radio /sys/class/sensors/ssp_sensor/mcu_name
    chown system radio /sys/class/sensors/ssp_sensor/mcu_test
    chown system radio /sys/class/sensors/ssp_sensor/mcu_reset
    chown system radio /sys/class/sensors/ssp_sensor/mcu_update
    chown system radio /sys/class/sensors/ssp_sensor/mcu_sleep_test
    chown system radio /sys/class/sensors/ssp_sensor/ori_poll_delay
    chown system radio /sys/class/sensors/ssp_sensor/mag_poll_delay
    chown system radio /sys/class/sensors/ssp_sensor/temp_humi_poll_delay
# Gesture_sensor
    chown system radio /sys/class/sensors/gesture_sensor/ir_current
    chown system radio /sys/class/sensors/gesture_sensor/selftest

# NFC_NXP
    setprop ro.nfc.port "I2C"
    chmod 0600 /dev/pn544
    chown nfc nfc /dev/pn544
    
# NFC_BROADCOM
    chmod 0600 /dev/bcm2079x
    chown nfc nfc /dev/bcm2079x
    mkdir /data/bcmnfc
    mkdir /data/bcmnfc/param
    chmod 0700 /data/bcmnfc
    chmod 0700 /data/bcmnfc/param
    chown nfc nfc /data/bcmnfc
    chown nfc nfc /data/bcmnfc/param

# Permissions for Barcode Emul
    chown system radio /sys/class/sec/sec_barcode_emul/barcode_send
    chown system radio /sys/class/sec/sec_barcode_emul/barcode_ver_check
    chown system radio /sys/class/sec/sec_barcode_emul/barcode_led_status

# Permissions for qup block
    chmod 0660 /sys/devices/platform/qup_i2c.3/qup_block
    chown system radio /sys/devices/platform/qup_i2c.3/qup_block

# Permissions for SSRM
    chmod 0664 /sys/devices/platform/sec-thermistor/temperature
    chmod 0664 /sys/class/power_supply/battery/siop_level
    chmod 0664 /sys/class/power_supply/battery/test_charge_current
    chown radio system /sys/devices/platform/sec-thermistor/temperature
    chown radio system /sys/class/power_supply/battery/siop_level
    chown radio system /sys/class/power_supply/battery/test_charge_current

# IR_LED
    chown system radio /sys/class/sec/sec_ir/ir_send
    chown system radio /sys/class/sec/sec_ir/ir_send_result
# Permission for HALL IC
    chown system radio /sys/class/sec/sec_key/hall_detect
# Define TCP buffer sizes for various networks
#   ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
    setprop net.tcp.buffersize.default 4096,87380,704512,4096,16384,110208
    setprop net.tcp.buffersize.wifi    524288,1048576,2560000,524288,1048576,2560000
    setprop net.tcp.buffersize.lte     524288,1048576,2560000,524288,1048576,2560000
    setprop net.tcp.buffersize.umts    4094,87380,704512,4096,16384,110208
    setprop net.tcp.buffersize.hspa    4092,87380,704512,4096,16384,262144
    setprop net.tcp.buffersize.hsupa   4092,87380,704512,4096,16384,262144
    setprop net.tcp.buffersize.hsdpa   4092,87380,704512,4096,16384,110208
    setprop net.tcp.buffersize.hspap   4092,87380,704512,4096,16384,262144
    setprop net.tcp.buffersize.edge    4093,26280,35040,4096,16384,35040
    setprop net.tcp.buffersize.gprs    4096,30000,30000,4096,8760,11680
    setprop net.tcp.buffersize.evdo    4094,87380,262144,4096,16384,262144

#wifi display
    write /proc/sys/net/core/rmem_max   1048576
    write /proc/sys/net/core/wmem_max   2097152

# Set this property so surfaceflinger is not started by system_init
    setprop system_init.startsurfaceflinger 0

# HDCP 2.x
    mkdir /data/system/hdcp2 0775 system system

# h2k permission
    chown radio system /efs/redata.bin
    chmod 0644 /efs/h2k.dat
    mkdir /data/misc/radio/hatp 0775 radio system

    class_start core
    class_start main

# SISO-ANDR-PERF :: START Change I/O scheduler to noop for booting performance
    write /sys/block/mmcblk0/queue/scheduler noop
# SISO-ANDR-PERF :: END

on nonencrypted
    class_start late_start

on charger
    class_start charger

on property:vold.decrypt=trigger_reset_main
    class_reset main

on property:vold.decrypt=trigger_load_persist_props
    load_persist_props

on property:vold.decrypt=trigger_post_fs_data
    trigger post-fs-data

on property:vold.decrypt=trigger_restart_min_framework
    class_start main

on property:vold.decrypt=trigger_restart_framework
    class_start main
    class_start late_start

on property:vold.decrypt=trigger_shutdown_framework
    class_reset late_start
    class_reset main

## Daemon processes to be run by init.
##
service ueventd /sbin/ueventd
    class core
    critical
    seclabel u:r:ueventd:s0

on property:selinux.reload_policy=1
    restart ueventd
    restart installd
    chown system system /sys/fs/selinux/enforce
    chown -R system system /sys/fs/selinux/booleans
    chown system system /sys/fs/selinux/commit_pending_bools

service console /system/bin/sh
    class core
    console
    disabled
    user shell
    group log

service auditd /system/bin/auditd -k
    class main
    seclabel u:r:auditd:s0
    disabled
    oneshot

on property:ro.debuggable=1
    start console

#2013-01-02 system profiling
service sysmon /system/bin/sysmon 
    class main
    user root
    oneshot

# adbd is controlled via property triggers in init.<platform>.usb.rc
service adbd /sbin/adbd
    class core
    socket adbd stream 660 system system
    disabled
    seclabel u:r:adbd:s0

# adbd on at boot in emulator
on property:ro.kernel.qemu=1
    start adbd


# preload mount. at time use preinstaller
on property:persist.sys.storage_preload=1
    mount ext4 /dev/block/mmcblk0p27 /preload nosuid nodev noatime wait ro
    setprop storage.preload.complete 1

on property:persist.sys.storage_preload=0
    exec /system/bin/umount /preload   




service servicemanager /system/bin/servicemanager
    class core
    user system
    group system
    critical
    onrestart restart zygote
    onrestart restart media
    onrestart restart surfaceflinger
    onrestart restart drm
    onrestart restart sensorhubservice

service vold /system/bin/vold
    class core
    socket vold stream 0660 root mount
    ioprio be 2
    socket dir_enc_report stream 0660 root mount

service netd /system/bin/netd
    class main
    socket netd stream 0660 root system
    socket dnsproxyd stream 0660 root inet
    socket mdns stream 0660 root system

service debuggerd /system/bin/debuggerd
    class main

service prepare_param /system/bin/prepare_param.sh /dev/block/platform/msm_sdcc.1/by-name/param
	class main
	user root
	group root
	oneshot

# icd
service icd /system/bin/icd
    class main
    user system
    group system log
    onrestart exec icd_check
    oneshot

service ril-daemon /system/bin/rild
    class main
    socket rild stream 660 root radio
    socket rild-debug stream 660 radio system
#FSI {Tmm] Add Start (130129)
    socket rild-cas stream 666  casdrm mmb
#FSI {Tmm] Add End (130129)
    user root
    group radio cache inet misc audio log qcom_diag sdcard_r shell sdcard_rw

# [ SEC_PRODUCT_FEATURE_RIL_SUPPORT_DUAL_MODE
#service ril-daemon2 /system/bin/rild -dm
#    class main
#    socket rild2 stream 660 root radio
#    socket rild-debug2 stream 660 radio system
#    user root
#    group radio cache inet misc audio log qcom_diag sdcard_r shell sdcard_rw
# ]

service DR-daemon /system/bin/ddexe
    class main
    user root
    group system radio inet net_raw

service KIES-daemon /system/bin/kiesexe
    class main
    user root
    group system radio inet net_raw

service SMD-daemon /system/bin/smdexe
    class main
    user root
    group system radio inet net_raw

service DTT-daemon /system/bin/dttexe
    class main
    user root
    group system radio inet net_raw

service BCS-daemon /system/bin/connfwexe
    class main
    user root
    group system radio inet net_raw

service secril-daemon /system/bin/sec-ril
    class main
    user root
    group radio cache inet misc audio sdcard_rw diag log 

service at_distributor /system/bin/at_distributor
    class main
    user root
    group radio log
	
service diag_uart_log /system/bin/diag_uart_log
    class main
    user root
    group radio	

service mobex-daemon /system/bin/npsmobex
    class main
    user system
    group system radio inet sdcard_r sdcard_rw media_rw shell

service surfaceflinger /system/bin/surfaceflinger
    class main
    user system
    group system graphics drmrpc
    onrestart restart zygote

service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
    class main
    socket zygote stream 660 root system
    onrestart write /sys/android_power/request_state wake
    onrestart write /sys/power/state on
    onrestart restart media
    onrestart restart netd
    onrestart restart sensorhubservice
    onrestart restart gsiff_daemon

service drm /system/bin/drmserver
    class main
    user drm
# [ SEC_MM_DRM
# fix
    group system drm inet drmrpc sdcard_r sdcard_rw media_rw radio shell
# org
#    group drm system inet drmrpc
# ]

service media /system/bin/mediaserver
    class main
    user media
    group system audio camera inet net_bt net_bt_admin net_bw_acct drmrpc qcom_diag sdcard_rw sdcard_r media_rw shell lgt_gid
    ioprio rt 4

service powersnd /system/bin/samsungpowersoundplay
    class main
    user media
    group system
    disabled
    oneshot

service bootanim /system/bin/bootanimation
    class main
    user graphics
    group graphics system
    disabled
    oneshot

service installd /system/bin/installd
    class main
    socket installd stream 600 system system

service flash_recovery /system/etc/install-recovery.sh
    class main
    oneshot

service racoon /system/bin/racoon
    class main
    socket racoon stream 600 system system
    # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
    group vpn net_admin inet
    disabled
    oneshot
	
service containersetup /system/bin/containersetup
    class main
    disabled
    oneshot

service ipruleset /system/bin/ipruleset
    class main
    group vpn net_admin inet net_raw
    oneshot

service createsystemfile /system/bin/createsystemfile
    class main
    group system
    disabled
    oneshot
	
service mtpd /system/bin/mtpd
    class main
    socket mtpd stream 600 system system
    user vpn
    group vpn net_admin inet net_raw
    disabled
    oneshot

service keystore /system/bin/keystore /data/misc/keystore
    class main
    user keystore
    group keystore drmrpc
    socket keystore stream 666

service dumpstate /system/bin/dumpstate -s
    class main
    socket dumpstate stream 0660 shell log
    disabled
    oneshot

service sdumpstate /system/bin/dumpstate -P
    class main
    disabled
    oneshot

# service for TZPR provisioning version check app
service scranton_RD /system/bin/scranton_RD
    class main
    user root
    disabled
    oneshot

# start for TZPR provisioning version check app
on property:sys.qseecomd.enable=true
    start scranton_RD    

service sshd /system/bin/start-ssh
    class main
    disabled

service mdnsd /system/bin/mdnsd
    class main
    user mdnsr
    group inet net_raw
    socket mdnsd stream 0660 mdnsr inet
    disabled
    oneshot

#sensorhubservice start
    service sensorhubservice /system/bin/sensorhubservice
    class main
    user system
    group input

# Vibetonz
service immvibed /system/bin/immvibed
    class core
    user shell
    group shell
    oneshot

#icd
on property:init.svc.media=restarting
    exec icd_check
    start icd

on property:ro.dumpstate.dmesg=1
    write /proc/sys/kernel/dmesg_restrict 0

on property:init.svc.bootanim=stopped
    restorecon /data/media
    restorecon /data/media/obb
    start auditd

# SISO-ANDR-PERF :: START Changing scheduler to cfq after boot complete
on property:sys.boot_completed=1
    write /sys/block/mmcblk0/queue/scheduler cfq
# SISO-ANDR-PERF :: END