pax-pwn/firmware/tree/startup/init.rc

on fs 

sysclktz 0

loglevel 3

# setup the global environment
	export PATH /bin:/sbin:/usr/sbin:/usr/bin:/base/bin:/base/sbin:/opt/bin
	export GCONV_PATH /lib/gconv
	export DISPLAY :0.0


	symlink /startup/bin /bin
	symlink /startup/sbin /sbin

	mkdir /tmp
	mount tmpfs tmpfs /tmp
	mkdir /tmp/run
	mkdir /tmp/lock
	chmod 1777 /tmp/lock
	
	mkdir /var
	symlink /tmp /var/tmp
	symlink /tmp/run /var/run
	symlink /tmp/lock /var/lock
	
	mkdir /base
	loadimg mtd@base /base

	mkdir /data
	copy /proc/mtd /startup/mtd
	chmod 0444 /startup/mtd

	check_and_mount_data

	
on early-boot
	# create POSIX shared memory folder
	mkdir /dev/shm
	chmod 0777 /dev/shm
	mount tmpfs tmpfs /dev/shm
	
	# restrict file permission under /usr/bin
	chmod 750 /usr/bin/modemd
	chmod 750 /usr/bin/pedd
	chmod 750 /usr/bin/ipservice
	chown root MAINAPP /usr/bin/crashd
	chmod 750 /usr/bin/crashd
	chown root root /usr/bin/devinfo
	chmod 755 /usr/bin/devinfo
	chown root MAINAPP /usr/bin/installer
	chmod 750 /usr/bin/installer
	chmod 750 /usr/bin/keyman
	# logcat, let it 755
	chown root MAINAPP /usr/bin/runapp
	chmod 750 /usr/bin/runapp
	chmod 750 /usr/bin/servicemanager
	chown root MAINAPP /usr/bin/tm
	chmod 750 /usr/bin/tm
	chown root MAINAPP /usr/bin/systemservice
	chmod 750 /usr/bin/systemservice
	chown root MAINAPP /usr/bin/ts_calibrate
	chmod 750 /usr/bin/ts_calibrate
	chown root MAINAPP /usr/bin/xcbd
	chmod 750 /usr/bin/xcbd
	
	# ./captoi sys_ptrace
	setcap 0x00080000 /bin/gdbserver
	# ./captoi dac_override setgid setuid setfcap chown
	setcap 0x800000c3 /usr/bin/installer
	# ./captoi setgid setuid
	setcap 0x000000c0 /usr/bin/runapp
	# ./captoi setgid setuid
	setcap 0x000000c0 /bin/xlogin
	# ./captoi net_admin net_raw sys_boot sys_time sys_admin
	setcap 0x02603000 /usr/bin/tm
	# ./captoi sys_admin sys_ptrace
	setcap 0x00280000 /usr/bin/crashd
    # ./captoi net_admin net_raw sys_boot sys_time sys_admin
	setcap 0x02603000 /usr/bin/systemservice
    # ./captoi sys_boot sys_time
	setcap 0x02400000 /usr/bin/xcbd
	

	mkdir /data/tombstones
	chmod 770 /data/tombstones
	chown MAINAPP MAINAPP /data/tombstones
	
	mkdir /data/security
	chmod 600 /data/security
	chown root root /data/security

	symlink /base/lib /lib
	symlink /data/etc /etc
	symlink /data/opt /opt
	symlink /lib/gconv /usr/lib/gconv
	write /proc/sys/kernel/randomize_va_space 2

	write /proc/sys/net/ipv4/tcp_keepalive_time 30
	write /proc/sys/net/ipv4/tcp_keepalive_intvl 15
	write /proc/sys/net/ipv4/tcp_keepalive_probes 5

	setprop ro.pukmode 2

on boot
# basic network init
    ifup lo
    hostname localhost
    domainname localdomain

#   mount usbfs
	mkdir /dev/bus/usb
	mount usbfs none /dev/bus/usb devmode=0666

#u disk mount
	mkdir /mnt
	mount tmpfs tmpfs /mnt noatime noexec nosuid size=16k
	chown MAINAPP MAINAPP /mnt

# set RLIMIT_NICE to allow priorities from 19 to -20
	# RLIMIT_NICE 13
    setrlimit 13 40 40
	# RLIMIT_STACK 3
	setrlimit 3 2097152 2097152
	class_start core
	if property:ro.fac.prolin_debug_level=0 rm /startup/bin/*
	if property:ro.fac.prolin_debug_level=0 rm /startup/sbin/*
	if property:ro.fac.prolin_debug_level=0 umount /proc
	if property:ro.fac.prolin_debug_level=0 rm /startup/modules/*
	if property:ro.fac.prolin_debug_level=0 rmdir /startup/modules/
	if property:ro.fac.prolin_debug_level=0 rm /startup/*.rc
	if property:ro.fac.prolin_debug_level=0 rm /startup/*.sh
	if property:ro.fac.prolin_debug_level=0 rm /startup/*.prop
	if property:ro.fac.prolin_debug_level=0 rm /startup/firmware/lcd_*.rle
	if property:ro.fac.prolin_debug_level=0 rm startup/firmware/lcd.watermark	
	if property:ro.fac.prolin_debug_level=0 rm startup/firmware/lcd_readme.txt 
	if property:ro.fac.prolin_debug_level=1 rm /startup/modules/*
	if property:ro.fac.prolin_debug_level=1 rmdir /startup/modules/
	if property:ro.fac.prolin_debug_level=1 rm /startup/*.rc
	if property:ro.fac.prolin_debug_level=1 rm /startup/*.sh
	if property:ro.fac.prolin_debug_level=1 rm /startup/*.prop
	wait /tmp/.BINDER_SERVICE_MANAGER_DONE
	rm   /tmp/.BINDER_SERVICE_MANAGER_DONE
	class_start default

## Daemon processes to be run by init.

service ueventd /startup/ueventd
    critical

service console-root /bin/sh
    console
    disabled
    user root
    group root

service console-MAINAPP /bin/sh
    console
    disabled
    user MAINAPP
    group MAINAPP

on property:persist.sys.console.enable=1
  if property:ro.console=1 start console-MAINAPP
  if property:ro.console=2 start console-root

on property:persist.sys.console.enable=0
  if property:ro.console=1 stop console-MAINAPP
  if property:ro.console=2 stop console-root
Added kernel and ramdisk to firmware tree 2020-06-01 10:19:58 +02:00			`on fs`

			`sysclktz 0`

			`loglevel 3`

			`# setup the global environment`
			`export PATH /bin:/sbin:/usr/sbin:/usr/bin:/base/bin:/base/sbin:/opt/bin`
			`export GCONV_PATH /lib/gconv`
			`export DISPLAY :0.0`


			`symlink /startup/bin /bin`
			`symlink /startup/sbin /sbin`

			`mkdir /tmp`
			`mount tmpfs tmpfs /tmp`
			`mkdir /tmp/run`
			`mkdir /tmp/lock`
			`chmod 1777 /tmp/lock`

			`mkdir /var`
			`symlink /tmp /var/tmp`
			`symlink /tmp/run /var/run`
			`symlink /tmp/lock /var/lock`

			`mkdir /base`
			`loadimg mtd@base /base`

			`mkdir /data`
			`copy /proc/mtd /startup/mtd`
			`chmod 0444 /startup/mtd`

			`check_and_mount_data`


			`on early-boot`
			`# create POSIX shared memory folder`
			`mkdir /dev/shm`
			`chmod 0777 /dev/shm`
			`mount tmpfs tmpfs /dev/shm`

			`# restrict file permission under /usr/bin`
			`chmod 750 /usr/bin/modemd`
			`chmod 750 /usr/bin/pedd`
			`chmod 750 /usr/bin/ipservice`
			`chown root MAINAPP /usr/bin/crashd`
			`chmod 750 /usr/bin/crashd`
			`chown root root /usr/bin/devinfo`
			`chmod 755 /usr/bin/devinfo`
			`chown root MAINAPP /usr/bin/installer`
			`chmod 750 /usr/bin/installer`
			`chmod 750 /usr/bin/keyman`
			`# logcat, let it 755`
			`chown root MAINAPP /usr/bin/runapp`
			`chmod 750 /usr/bin/runapp`
			`chmod 750 /usr/bin/servicemanager`
			`chown root MAINAPP /usr/bin/tm`
			`chmod 750 /usr/bin/tm`
			`chown root MAINAPP /usr/bin/systemservice`
			`chmod 750 /usr/bin/systemservice`
			`chown root MAINAPP /usr/bin/ts_calibrate`
			`chmod 750 /usr/bin/ts_calibrate`
			`chown root MAINAPP /usr/bin/xcbd`
			`chmod 750 /usr/bin/xcbd`

			`# ./captoi sys_ptrace`
			`setcap 0x00080000 /bin/gdbserver`
			`# ./captoi dac_override setgid setuid setfcap chown`
			`setcap 0x800000c3 /usr/bin/installer`
			`# ./captoi setgid setuid`
			`setcap 0x000000c0 /usr/bin/runapp`
			`# ./captoi setgid setuid`
			`setcap 0x000000c0 /bin/xlogin`
			`# ./captoi net_admin net_raw sys_boot sys_time sys_admin`
			`setcap 0x02603000 /usr/bin/tm`
			`# ./captoi sys_admin sys_ptrace`
			`setcap 0x00280000 /usr/bin/crashd`
			`# ./captoi net_admin net_raw sys_boot sys_time sys_admin`
			`setcap 0x02603000 /usr/bin/systemservice`
			`# ./captoi sys_boot sys_time`
			`setcap 0x02400000 /usr/bin/xcbd`


			`mkdir /data/tombstones`
			`chmod 770 /data/tombstones`
			`chown MAINAPP MAINAPP /data/tombstones`

			`mkdir /data/security`
			`chmod 600 /data/security`
			`chown root root /data/security`

			`symlink /base/lib /lib`
			`symlink /data/etc /etc`
			`symlink /data/opt /opt`
			`symlink /lib/gconv /usr/lib/gconv`
			`write /proc/sys/kernel/randomize_va_space 2`

			`write /proc/sys/net/ipv4/tcp_keepalive_time 30`
			`write /proc/sys/net/ipv4/tcp_keepalive_intvl 15`
			`write /proc/sys/net/ipv4/tcp_keepalive_probes 5`

			`setprop ro.pukmode 2`

			`on boot`
			`# basic network init`
			`ifup lo`
			`hostname localhost`
			`domainname localdomain`

			`# mount usbfs`
			`mkdir /dev/bus/usb`
			`mount usbfs none /dev/bus/usb devmode=0666`

			`#u disk mount`
			`mkdir /mnt`
			`mount tmpfs tmpfs /mnt noatime noexec nosuid size=16k`
			`chown MAINAPP MAINAPP /mnt`

			`# set RLIMIT_NICE to allow priorities from 19 to -20`
			`# RLIMIT_NICE 13`
			`setrlimit 13 40 40`
			`# RLIMIT_STACK 3`
			`setrlimit 3 2097152 2097152`
			`class_start core`
			`if property:ro.fac.prolin_debug_level=0 rm /startup/bin/*`
			`if property:ro.fac.prolin_debug_level=0 rm /startup/sbin/*`
			`if property:ro.fac.prolin_debug_level=0 umount /proc`
			`if property:ro.fac.prolin_debug_level=0 rm /startup/modules/*`
			`if property:ro.fac.prolin_debug_level=0 rmdir /startup/modules/`
			`if property:ro.fac.prolin_debug_level=0 rm /startup/*.rc`
			`if property:ro.fac.prolin_debug_level=0 rm /startup/*.sh`
			`if property:ro.fac.prolin_debug_level=0 rm /startup/*.prop`
			`if property:ro.fac.prolin_debug_level=0 rm /startup/firmware/lcd_*.rle`
			`if property:ro.fac.prolin_debug_level=0 rm startup/firmware/lcd.watermark`
			`if property:ro.fac.prolin_debug_level=0 rm startup/firmware/lcd_readme.txt`
			`if property:ro.fac.prolin_debug_level=1 rm /startup/modules/*`
			`if property:ro.fac.prolin_debug_level=1 rmdir /startup/modules/`
			`if property:ro.fac.prolin_debug_level=1 rm /startup/*.rc`
			`if property:ro.fac.prolin_debug_level=1 rm /startup/*.sh`
			`if property:ro.fac.prolin_debug_level=1 rm /startup/*.prop`
			`wait /tmp/.BINDER_SERVICE_MANAGER_DONE`
			`rm /tmp/.BINDER_SERVICE_MANAGER_DONE`
			`class_start default`

			`## Daemon processes to be run by init.`

			`service ueventd /startup/ueventd`
			`critical`

			`service console-root /bin/sh`
			`console`
			`disabled`
			`user root`
			`group root`

			`service console-MAINAPP /bin/sh`
			`console`
			`disabled`
			`user MAINAPP`
			`group MAINAPP`

			`on property:persist.sys.console.enable=1`
			`if property:ro.console=1 start console-MAINAPP`
			`if property:ro.console=2 start console-root`

			`on property:persist.sys.console.enable=0`
			`if property:ro.console=1 stop console-MAINAPP`
			`if property:ro.console=2 stop console-root`