【Android7.1.2源码解析系列】init.rc全流程注释
来源:互联网 发布:可视化布局系统 源码 编辑:程序博客网 时间:2024/06/13 07:03
# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#
# 分析开始
# 第一步,导入其他的rc文件,这里先不管这些rc文件的内容,只对init.rc文件进行分析
import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.${ro.zygote}.rc
import /init.trace.rc
# 第二步,动作片段1,在early-init触发器被触发时运行以下的命令
# 这里说明一下,early-init触发器不是init语法当中原本定义的触发器,但是可以在init.c的代码当中对此触发器进行触发
on early-init
# Set init and its forked children's oom_adj.
# 直译,设置init进程以及它的子进程的oom_adj(内存清理优先级设置为最低,可以保证init永远不会被内存清理清除掉)
write /proc/1/oom_score_adj -1000
# Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
# 直译,在mmap/mprotect调用时对可执行性严格支持SELinux检查
write /sys/fs/selinux/checkreqprot 0
# Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started.
# 直译,设置init进程的安全上下文
# 这应该在任何程序(比如ueventd)开启前发生。
setcon u:r:init:s0
# Set the security context of /adb_keys if present.
# 直译,设置/adb_keys的安全上下文
restorecon /adb_keys
start ueventd
# create mountpoints
# 直译,创建挂载点
mkdir /mnt 0775 root system
# 第三部分,动作片段2,在init触发器被触发时调用以下命令
on init
# 设置系统时钟
sysclktz 0
# 设置日志等级
loglevel 3
# Backward compatibility
# 直译,增强兼容性
# 将system/etc链接到/etc,将sys/kernel/debug链接到/d
symlink system/etc /etc
symlink sys/kernel/debug /d
# Right now vendor lives on the same filesystem as system,
# but someday that may change.
# 直译,现在vendor和系统存在于同一个文件系统,不过也许某天会改变
symlink system/vendor /vendor
# Create cgroup mount point for cpu accounting
# 直译,为cpu的计算创建挂载点
mkdir /acct
mount cgroup none /acct cpuacct
mkdir /acct/uid
# Create cgroup mount point for memory
# 直译,为内存创建挂载点
mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
mkdir /sys/fs/cgroup/memory 0750 root system
mount cgroup none /sys/fs/cgroup/memory memory
write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/tasks
chmod 0660 /sys/fs/cgroup/memory/tasks
mkdir /sys/fs/cgroup/memory/sw 0750 root system
write /sys/fs/cgroup/memory/sw/memory.swappiness 100
write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/sw/tasks
chmod 0660 /sys/fs/cgroup/memory/sw/tasks
# 创建system、data、cache、config文件夹
mkdir /system
mkdir /data 0771 system system
mkdir /cache 0770 system cache
mkdir /config 0500 root root
# See storage config details at http://source.android.com/tech/storage/
# 直译,在http://source.android.com/tech/storage/查看更多的存储配置信息
# 创建存储目录
mkdir /mnt/shell 0700 shell shell
mkdir /mnt/media_rw 0700 media_rw media_rw
mkdir /storage 0751 root sdcard_r
# Directory for putting things only root should see.
# 直译,一个只有root用户可见的用来放置文件的目录
mkdir /mnt/secure 0700 root root
# Directory for staging bindmounts
# 直译,用于绑定挂载的目录
mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
# 包文件目录---安全文件的包含者---的目标目录会被绑定挂载
mkdir /mnt/secure/asec 0700 root root
# Secure container public mount points.
# 安全文件包含者的公共挂载点
mkdir /mnt/asec 0700 root system
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# Filesystem image public mount points.
# 文件系统包的公共挂载点
mkdir /mnt/obb 0700 root system
mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
# memory control cgroup
# 内存控制组
mkdir /dev/memcg 0700 root system
mount cgroup none /dev/memcg memory
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
write /proc/sys/net/unix/max_dgram_qlen 300
write /proc/sys/kernel/sched_rt_runtime_us 950000
write /proc/sys/kernel/sched_rt_period_us 1000000
# reflect fwmark from incoming packets onto generated replies
# 直译,将fwmark从输入的包中映射到生成的依赖中
write /proc/sys/net/ipv4/fwmark_reflect 1
write /proc/sys/net/ipv6/fwmark_reflect 1
# set fwmark on accepted sockets
# 直译,设置fwmark到可接受的socket
write /proc/sys/net/ipv4/tcp_fwmark_accept 1
# Create cgroup mount points for process groups
# 直译,为进程组创建控制组的挂载节点
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
chown system system /dev/cpuctl
chmod 0660 /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0666 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
write /dev/cpuctl/cpu.rt_runtime_us 800000
write /dev/cpuctl/cpu.rt_period_us 1000000
mkdir /dev/cpuctl/bg_non_interactive
chown system system /dev/cpuctl/bg_non_interactive/tasks
chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
# 5.0 %
# 5.0加入
# 重设cpu运行数据
write /dev/cpuctl/bg_non_interactive/cpu.shares 52
write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.
# 直译,qtaguid会限制基于组成员的特定数据权限。
# net_bw_acct记录了授权给socket拥有者进行模拟
# net_bw_stats记录了给其他app细节化的已标记的socket统计表
chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
chown root net_bw_stats /proc/net/xt_qtaguid/stats
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
# 直译,允许每个人读取xt_qtaguid资源的崩溃最小硬件指令集。
# 这是被任何使用socekt来标记的进程所需要的。
chmod 0644 /dev/xt_qtaguid
# Create location for fs_mgr to store abbreviated output from filesystem
# checker programs.
# 直译,为fs_mgr创建位置来存储来自文件系统的简略输出
mkdir /dev/fscklogs 0770 root system
# pstore/ramoops previous console log
# 直译,pstore/ramoops的有价值的控制台日志
mount pstore pstore /sys/fs/pstore
chown system log /sys/fs/pstore/console-ramoops
chmod 0440 /sys/fs/pstore/console-ramoops
# Healthd can trigger a full boot from charger mode by signaling this
# property when the power button is held.
# 直译,电池管理进程可以通过标记property:sys.boot_from_charger_mode=1来触发一个完整的开机进程
# 第四部分,动作片段3,是否是从充电模式打开
on property:sys.boot_from_charger_mode=1
class_stop charger
trigger late-init
# Load properties from /system/ + /factory after fs mount.
# 在文件系统挂载完成之后加载/system/与/factory中的所有属性
# 第五部分,动作片段4,加载/system/与/factory的属性
on load_all_props_action
load_all_props
# Indicate to fw loaders that the relevant mounts are up.
# 直译,向fw加载器表明相关的挂载已经上传
# 第六部分,动作片段5,挂载完成后移除临时的booting文件
on firmware_mounts_complete
rm /dev/.booting
# Mount filesystems and start core system services.
# 直译,挂载文件系统并且开启核心系统服务
# 第七部分,动作片段6,init的末尾,触发early-fs、fs、post-fs、post-fs-data
on late-init
trigger early-fs
trigger fs
trigger post-fs
trigger post-fs-data
# Load properties from /system/ + /factory after fs mount. Place
# this in another action so that the load will be scheduled after the prior
# issued fs triggers have completed.
# 直译,在fs挂载完成之后加载/system/和/factory的属性,将这个放到别的动作当中以至于加载动作可以在
# 优先执行的fs触发器完成后执行。
trigger load_all_props_action
# Remove a file to wake up anything waiting for firmware.
# 移除掉一个文件来唤醒所有等待firmware的程序
trigger firmware_mounts_complete
trigger early-boot
trigger boot
# 第八部分,动作片段7, 当系统安装基本完成以后进行目录的重新挂载,将目录的权限设置为用户使用时的权限
# 粘贴文件系统
on post-fs
# once everything is setup, no need to modify /
# 当所有文件都设置好之后,将根目录重挂载为只读
mount rootfs rootfs / ro remount
# mount shared so changes propagate into child namespaces
# 直译,挂载根目录为共享,所以改变可以扩展到子命名空间
mount rootfs rootfs / shared rec
# We chown/chmod /cache again so because mount is run as root + defaults
# 直译,我们修改了/cache的所有者以及他的权限,因为挂载器是运行在root与default权限下的
chown system cache /cache
chmod 0770 /cache
# We restorecon /cache in case the cache partition has been reset.
# 我们递归的重配置/cache文件夹下的所有文件的权限
restorecon_recursive /cache
# This may have been created by the recovery system with odd permissions
# 直译,这可能会在临时权限下的恢复系统创建
chown system cache /cache/recovery
chmod 0770 /cache/recovery
# change permissions on vmallocinfo so we can grab it from bugreports
# 修改vmallocinfo(内存分配信息)的权限所以我们可以通过bug报告获取它
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
# 修改slab内存分配算法的权限以至于我们可以获取bug报告
chown root log /proc/slabinfo
chmod 0440 /proc/slabinfo
# change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
# 直译,改变kmsg(系统内核日志)以及sysrq-trigger(系统响应触发器)的权限所以bug报告可以抓取内核线程的栈状态
chown root system /proc/kmsg
chmod 0440 /proc/kmsg
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
chown system log /proc/last_kmsg
chmod 0440 /proc/last_kmsg
# make the selinux kernel policy world-readable
# 直译,使得selinux的内核策略全局可读
chmod 0444 /sys/fs/selinux/policy
# create the lost+found directories, so as to enforce our permissions
# 创建lost+found的目录,以便于设置我们的权限
mkdir /cache/lost+found 0770 root root
# 第九部分,动作片段8,文件系统复制完成后,处理文件系统的数据
# 粘贴文件数据
on post-fs-data
# We chown/chmod /data again so because mount is run as root + defaults
# 直译,我们修改了/data的所有者和权限,因为挂载操作是默认运行在root状态的
chown system system /data
chmod 0771 /data
# We restorecon /data in case the userdata partition has been reset.
# 直译,一旦用户数据的分区被设置好,我们就对/data目录下的文件(夹)进行权限设置
restorecon /data
# Avoid predictable entropy pool. Carry over entropy from previous boot.
# 直译,避免避免可预见的熵池。将熵推迟到开机之前
copy /data/system/entropy.dat /dev/urandom
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
# 直译,创建回收站目录并且回收垃圾。
# 在我们挂载cache文件夹之前进行这个命令,这样我们就可以使用cache来
# 存储还没有创建一个垃圾分区的平台的垃圾。
mkdir /data/dontpanic 0750 root log
# Collect apanic data, free resources and re-arm trigger
# 直译,收集未知异常数据、空闲资源以及重用的触发器
copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console
copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads
write /proc/apanic_console 1
# create basic filesystem structure
# 直译,创建基本的文件系统结构
mkdir /data/misc 01771 system misc
mkdir /data/misc/adb 02750 system shell
mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/net 0750 root shell
mkdir /data/misc/radio 0770 system radio
mkdir /data/misc/sms 0770 system radio
mkdir /data/misc/zoneinfo 0775 system system
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/wifi 0770 wifi wifi
mkdir /data/misc/wifi/sockets 0770 wifi wifi
mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
mkdir /data/misc/ethernet 0770 system system
mkdir /data/misc/dhcp 0770 dhcp dhcp
mkdir /data/misc/user 0771 root root
# give system access to wpa_supplicant.conf for backup and restore
# 直译,授予wpa_supplicant系统权限来进行备份和重载
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0751 root root
mkdir /data/misc/media 0700 media media
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
# 直译,为了保证安全,/data/local/tmp应该永远为空。
# 不要将文件(夹)放到/data/local/tmp目录下
# 创建了data目录下app相关文件结构
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app-asec 0700 root root
mkdir /data/app-lib 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
# create dalvik-cache, so as to enforce our permissions
# 直译,创建dalvik缓存,以便于实行我们的权限
mkdir /data/dalvik-cache 0771 root root
mkdir /data/dalvik-cache/profiles 0711 system system
# create resource-cache and double-check the perms
# 直译,创建资源缓存以及双重检查权限
mkdir /data/resource-cache 0771 system system
chown system system /data/resource-cache
chmod 0771 /data/resource-cache
# create the lost+found directories, so as to enforce our permissions
# 直译,创建lost+found目录,以便于实施我们的权限
mkdir /data/lost+found 0770 root root
# create directory for DRM plug-ins - give drm the read/write access to
# the following directory.
# 直译,为DRM(数字权限管理器)插件创建目录
# 给数字权限管理器对于该目录读写的权限
mkdir /data/drm 0770 drm drm
# create directory for MediaDrm plug-ins - give drm the read/write access to
# the following directory.
# 直译,为媒体数字权限管理器插件创建目录
# 给数字权限管理器对于以下目录的读写权限
mkdir /data/mediadrm 0770 mediadrm mediadrm
mkdir /data/adb 0700 root root
# symlink to bugreport storage location
# 直译,链接将bug报告器的存储位置
symlink data/com.android.shell/files/bugreports /data/bugreports
# Separate location for storing security policy files on data
# 直译,为存储安全策略文件在/data目录下分出分区
mkdir /data/security 0711 system system
# Reload policy from /data/security if present.
# 直译,在当前从/data/security重新加载策略
setprop selinux.reload_policy 1
# Set SELinux security contexts on upgrade or policy update.
# 将SELinux的安全上下文进行升级或者策略进行升级
# 即对于/data目录下的文件(夹)进行递归
restorecon_recursive /data
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1
# 直译,如果在init过程中没有fs-post-data动作,你必须要将此行解除注释,否则
# 加密的文件系统不会工作。设置明确的标志(通过vold来检查)来明确我们已经结束了该动作
# 需要解除注释的目录:setprop vold.post_fs_data_done 1
# 第十部份,动作片段9,init完成后的开机动作
on boot
# basic network init
# 直译,基本网络初始化
ifup lo
hostname localhost
domainname localdomain
# set RLIMIT_NICE to allow priorities from 19 to -20
# 直译,设置权限限制来设置优先级由19到-20
setrlimit 13 40 40
# Memory management. Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.
# 直译,内存管理器。基本的内核参数,允许高级的系统服务来调整内核内存溢出驱动器参数
# 来匹配管理程序的方式
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4
chown root system /sys/module/lowmemorykiller/parameters/adj
chmod 0220 /sys/module/lowmemorykiller/parameters/adj
chown root system /sys/module/lowmemorykiller/parameters/minfree
chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
# Tweak background writeout
# 直译,微调后台输出
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
# Permissions for System Server and daemons.
# 直译,系统服务和守护进程的权限
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown system system /sys/power/autosleep
chown system system /sys/power/state
chown system system /sys/power/wakeup_count
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
# Assume SMP uses shared cpufreq policy for all CPUs
# 将标准管理器使用的cpu序列分享策略使用到所有的CPU
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
# Define default initial receive window size in segments.
# 直译,定义段中默认的初始化接收窗口大小
setprop net.tcp.default_init_rwnd 60
class_start core
# 第十一部分,动作片段10,触发器为未加密,打开main和late_start组
on nonencrypted
class_start main
class_start late_start
# 第十二部分,动作片段11,判断vold.decrypt的值来开启默认加密片段
on property:vold.decrypt=trigger_default_encryption
start defaultcrypto
# 第十三部分,动作片段12,判断vold.decrypt的值来开启surfaceflinger(界面管理器)和encrypt(加密器)
on property:vold.decrypt=trigger_encryption
start surfaceflinger
start encrypt
# 第十四部分,动作片段13,传递init程序的日志等级的变化
on property:sys.init_log_level=*
loglevel ${sys.init_log_level}
# 第十五部分,动作片段14,充电时开启充电组的服务
on charger
class_start charger
# 第十六部分,动作片段15,依然是判断vold.decrypt的值
on property:vold.decrypt=trigger_reset_main
class_reset main
# 第十七部分,动作片段16,还是判断vold.decrypt的值来加载存留属性
on property:vold.decrypt=trigger_load_persist_props
load_persist_props
# 第十八部分,动作片段17,判断是否为复制文件系统数据
on property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data
# 第十九部分,动作片段18,还是判断设备加密情况
on property:vold.decrypt=trigger_restart_min_framework
class_start main
# 第二十部分,动作片段19.判断加密情况
on property:vold.decrypt=trigger_restart_framework
class_start main
class_start late_start
# 第二十一部分,动作片段20,判断加密情况
on property:vold.decrypt=trigger_shutdown_framework
class_reset late_start
class_reset main
# 第二十二部分,动作片段21,当powerctl的值变化时,进行重启动作
on property:sys.powerctl=*
powerctl ${sys.powerctl}
# system server cannot write to /proc/sys files,
# and chown/chmod does not work for /proc/sys/ entries.
# So proxy writes through init.
# 直译,系统服务不可以写入到/proc/sys文件中,
# 并且chown和chmod不可以在/proc/sys/实体中运行。
# 所以采用代理在初始化过程中写入。
# 第二十三部分,动作片段22,写入系统中的额外数据
on property:sys.sysctl.extra_free_kbytes=*
write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
# "tcp_default_init_rwnd" Is too long!
# 直译,"tcp_default_init_rwnd"太长了
# 将最新的tcp的初始化值写入到对应文件当中
# 第二十四部分,动作片段23,写入tcp初始值
on property:sys.sysctl.tcp_def_init_rwnd=*
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
## Daemon processes to be run by init.
##
## 直译,被init所启动的守护进程
# 接下来主要是服务的部分,与动作不同,服务是多个条件下运行一个程序,动作是在一个条件下运行多个命令
# 第二十五部分,服务片段1,设置守护进程
service ueventd /sbin/ueventd
class core
critical
seclabel u:r:ueventd:s0
# 第二十六部分,服务片段2,设置日志进程
service logd /system/bin/logd
class core
socket logd stream 0666 logd logd
socket logdr seqpacket 0666 logd logd
socket logdw dgram 0222 logd logd
seclabel u:r:logd:s0
# 第二十七部分,服务片段3,设置电量进程
service healthd /sbin/healthd
class core
critical
seclabel u:r:healthd:s0
# 第二十八部分,服务片段4,设置控制台进程
service console /system/bin/sh
class core
console
disabled
# user shell
group shell log
seclabel u:r:shell:s0
# 第二十九部分,动作片段24,判断debug标志来打开控制台进程
on property:ro.debuggable=1
start console
# adbd is controlled via property triggers in init.<platform>.usb.rc
# 第三十部分,服务片段5,设置adb进程
service adbd /sbin/adbd --root_seclabel=u:r:su:s0
class core
socket adbd stream 660 system system
disabled
seclabel u:r:adbd:s0
# adbd on at boot in emulator
# 第三十一部分,动作片段25,在仿真器中adb会在开机时启动
on property:ro.kernel.qemu=1
start adbd
# 第三十二部分,服务片段6,设置lmkd进程(low memory killer)
service lmkd /system/bin/lmkd
class core
critical
socket lmkd seqpacket 0660 system system
# 第三十三部分,服务片段7,设置servicemanager进程,framework层运行的各个服务的管理者
service servicemanager /system/bin/servicemanager
class core
user system
group system
critical
onrestart restart healthd
onrestart restart zygote
onrestart restart media
onrestart restart surfaceflinger
onrestart restart drm
# 第三十四部分,服务片段8,设置vold进程(管理外部存储器)
service vold /system/bin/vold
class core
socket vold stream 0660 root mount
ioprio be 2
# 第三十五部分,服务片段9,设置netd进程
service netd /system/bin/netd
class main
socket netd stream 0660 root system
socket dnsproxyd stream 0660 root inet
socket mdns stream 0660 root system
socket fwmarkd stream 0660 root inet
# 第三十六部分,服务片段10,设置debuggerd进程
service debuggerd /system/bin/debuggerd
class main
# 第三十七部分,服务片段11,设置debuggerd64进程
service debuggerd64 /system/bin/debuggerd64
class main
# 第三十八部分,服务片段12,设置ril-daemon进程(ril的守护进程,守护了通话服务)
service ril-daemon /system/bin/rild
class main
socket rild stream 660 root radio
socket rild-debug stream 660 radio system
user root
group radio cache inet misc audio log
# 第三十九部分,服务片段13,设置surfaceflinger进程(用以控制android手机界面)
service surfaceflinger /system/bin/surfaceflinger
class core
# user system
group graphics drmrpc
onrestart restart zygote
# 第四十部分,服务片段14,设置drm进程,digital rights manager
service drm /system/bin/drmserver
class main
user drm
group drm system inet drmrpc
# 第四十一部分,服务片段15,设置media进程
service media /system/bin/mediaserver
class main
user media
group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
ioprio rt 4
# 第四十二部分,服务片段16,设置defaultcrypto进程
# One shot invocation to deal with encrypted volume.
# 直译,单次运行处理加密声音
service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
disabled
oneshot
# vold会设置vold.decrypt来启动trigger_restart_framework或者trigger_restart_min_framework
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption) or trigger_restart_min_framework (other encryption)
# One shot invocation to encrypt unencrypted volumes
# 直译,单次运行以解密声音
# 第四十三部分,服务片段17,设置encrypt进程
service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
disabled
oneshot
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption)
# 第四十四部分,服务片段18,设置bootanim进程
service bootanim /system/bin/bootanimation
class core
user graphics
group graphics audio
disabled
oneshot
# 第四十五部分,服务片段19,设置installd进程
service installd /system/bin/installd
class main
socket installd stream 600 system system
# 第四十六部分,服务片段20,设置flash_recovery进程
service flash_recovery /system/bin/install-recovery.sh
class main
seclabel u:r:install_recovery:s0
oneshot
# 第四十七部分,服务片段21,设置racoon进程(udp?)
service racoon /system/bin/racoon
class main
socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
group vpn net_admin inet
disabled
oneshot
# 第四十八部分,服务片段22,设置mtpd进程(媒体传输协议)
service mtpd /system/bin/mtpd
class main
socket mtpd stream 600 system system
user vpn
group vpn net_admin inet net_raw
disabled
oneshot
# 第四十九部分,服务片段23,设置keystore进程
service keystore /system/bin/keystore /data/misc/keystore
class main
user keystore
group keystore drmrpc
# 第五十部分,服务片段24,设置dumpstate进程
service dumpstate /system/bin/dumpstate -s
class main
socket dumpstate stream 0660 shell log
disabled
oneshot
# 第五十一部分,服务片段25,设置mdnsd进程
service mdnsd /system/bin/mdnsd
class main
user mdnsr
group inet net_raw
socket mdnsd stream 0660 mdnsr inet
disabled
oneshot
# 第五十二部分,服务片段26,设置pre-recovery进程
service pre-recovery /system/bin/uncrypt
class main
disabled
oneshot
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#
# 分析开始
# 第一步,导入其他的rc文件,这里先不管这些rc文件的内容,只对init.rc文件进行分析
import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.${ro.zygote}.rc
import /init.trace.rc
# 第二步,动作片段1,在early-init触发器被触发时运行以下的命令
# 这里说明一下,early-init触发器不是init语法当中原本定义的触发器,但是可以在init.c的代码当中对此触发器进行触发
on early-init
# Set init and its forked children's oom_adj.
# 直译,设置init进程以及它的子进程的oom_adj(内存清理优先级设置为最低,可以保证init永远不会被内存清理清除掉)
write /proc/1/oom_score_adj -1000
# Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
# 直译,在mmap/mprotect调用时对可执行性严格支持SELinux检查
write /sys/fs/selinux/checkreqprot 0
# Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started.
# 直译,设置init进程的安全上下文
# 这应该在任何程序(比如ueventd)开启前发生。
setcon u:r:init:s0
# Set the security context of /adb_keys if present.
# 直译,设置/adb_keys的安全上下文
restorecon /adb_keys
start ueventd
# create mountpoints
# 直译,创建挂载点
mkdir /mnt 0775 root system
# 第三部分,动作片段2,在init触发器被触发时调用以下命令
on init
# 设置系统时钟
sysclktz 0
# 设置日志等级
loglevel 3
# Backward compatibility
# 直译,增强兼容性
# 将system/etc链接到/etc,将sys/kernel/debug链接到/d
symlink system/etc /etc
symlink sys/kernel/debug /d
# Right now vendor lives on the same filesystem as system,
# but someday that may change.
# 直译,现在vendor和系统存在于同一个文件系统,不过也许某天会改变
symlink system/vendor /vendor
# Create cgroup mount point for cpu accounting
# 直译,为cpu的计算创建挂载点
mkdir /acct
mount cgroup none /acct cpuacct
mkdir /acct/uid
# Create cgroup mount point for memory
# 直译,为内存创建挂载点
mount tmpfs none /sys/fs/cgroup mode=0750,uid=0,gid=1000
mkdir /sys/fs/cgroup/memory 0750 root system
mount cgroup none /sys/fs/cgroup/memory memory
write /sys/fs/cgroup/memory/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/tasks
chmod 0660 /sys/fs/cgroup/memory/tasks
mkdir /sys/fs/cgroup/memory/sw 0750 root system
write /sys/fs/cgroup/memory/sw/memory.swappiness 100
write /sys/fs/cgroup/memory/sw/memory.move_charge_at_immigrate 1
chown root system /sys/fs/cgroup/memory/sw/tasks
chmod 0660 /sys/fs/cgroup/memory/sw/tasks
# 创建system、data、cache、config文件夹
mkdir /system
mkdir /data 0771 system system
mkdir /cache 0770 system cache
mkdir /config 0500 root root
# See storage config details at http://source.android.com/tech/storage/
# 直译,在http://source.android.com/tech/storage/查看更多的存储配置信息
# 创建存储目录
mkdir /mnt/shell 0700 shell shell
mkdir /mnt/media_rw 0700 media_rw media_rw
mkdir /storage 0751 root sdcard_r
# Directory for putting things only root should see.
# 直译,一个只有root用户可见的用来放置文件的目录
mkdir /mnt/secure 0700 root root
# Directory for staging bindmounts
# 直译,用于绑定挂载的目录
mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
# 包文件目录---安全文件的包含者---的目标目录会被绑定挂载
mkdir /mnt/secure/asec 0700 root root
# Secure container public mount points.
# 安全文件包含者的公共挂载点
mkdir /mnt/asec 0700 root system
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# Filesystem image public mount points.
# 文件系统包的公共挂载点
mkdir /mnt/obb 0700 root system
mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
# memory control cgroup
# 内存控制组
mkdir /dev/memcg 0700 root system
mount cgroup none /dev/memcg memory
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
write /proc/sys/net/unix/max_dgram_qlen 300
write /proc/sys/kernel/sched_rt_runtime_us 950000
write /proc/sys/kernel/sched_rt_period_us 1000000
# reflect fwmark from incoming packets onto generated replies
# 直译,将fwmark从输入的包中映射到生成的依赖中
write /proc/sys/net/ipv4/fwmark_reflect 1
write /proc/sys/net/ipv6/fwmark_reflect 1
# set fwmark on accepted sockets
# 直译,设置fwmark到可接受的socket
write /proc/sys/net/ipv4/tcp_fwmark_accept 1
# Create cgroup mount points for process groups
# 直译,为进程组创建控制组的挂载节点
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
chown system system /dev/cpuctl
chmod 0660 /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0666 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
write /dev/cpuctl/cpu.rt_runtime_us 800000
write /dev/cpuctl/cpu.rt_period_us 1000000
mkdir /dev/cpuctl/bg_non_interactive
chown system system /dev/cpuctl/bg_non_interactive/tasks
chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
# 5.0 %
# 5.0加入
# 重设cpu运行数据
write /dev/cpuctl/bg_non_interactive/cpu.shares 52
write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.
# net_bw_stats grants access to other apps' detailed tagged-socket stats.
# 直译,qtaguid会限制基于组成员的特定数据权限。
# net_bw_acct记录了授权给socket拥有者进行模拟
# net_bw_stats记录了给其他app细节化的已标记的socket统计表
chown root net_bw_acct /proc/net/xt_qtaguid/ctrl
chown root net_bw_stats /proc/net/xt_qtaguid/stats
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
# 直译,允许每个人读取xt_qtaguid资源的崩溃最小硬件指令集。
# 这是被任何使用socekt来标记的进程所需要的。
chmod 0644 /dev/xt_qtaguid
# Create location for fs_mgr to store abbreviated output from filesystem
# checker programs.
# 直译,为fs_mgr创建位置来存储来自文件系统的简略输出
mkdir /dev/fscklogs 0770 root system
# pstore/ramoops previous console log
# 直译,pstore/ramoops的有价值的控制台日志
mount pstore pstore /sys/fs/pstore
chown system log /sys/fs/pstore/console-ramoops
chmod 0440 /sys/fs/pstore/console-ramoops
# Healthd can trigger a full boot from charger mode by signaling this
# property when the power button is held.
# 直译,电池管理进程可以通过标记property:sys.boot_from_charger_mode=1来触发一个完整的开机进程
# 第四部分,动作片段3,是否是从充电模式打开
on property:sys.boot_from_charger_mode=1
class_stop charger
trigger late-init
# Load properties from /system/ + /factory after fs mount.
# 在文件系统挂载完成之后加载/system/与/factory中的所有属性
# 第五部分,动作片段4,加载/system/与/factory的属性
on load_all_props_action
load_all_props
# Indicate to fw loaders that the relevant mounts are up.
# 直译,向fw加载器表明相关的挂载已经上传
# 第六部分,动作片段5,挂载完成后移除临时的booting文件
on firmware_mounts_complete
rm /dev/.booting
# Mount filesystems and start core system services.
# 直译,挂载文件系统并且开启核心系统服务
# 第七部分,动作片段6,init的末尾,触发early-fs、fs、post-fs、post-fs-data
on late-init
trigger early-fs
trigger fs
trigger post-fs
trigger post-fs-data
# Load properties from /system/ + /factory after fs mount. Place
# this in another action so that the load will be scheduled after the prior
# issued fs triggers have completed.
# 直译,在fs挂载完成之后加载/system/和/factory的属性,将这个放到别的动作当中以至于加载动作可以在
# 优先执行的fs触发器完成后执行。
trigger load_all_props_action
# Remove a file to wake up anything waiting for firmware.
# 移除掉一个文件来唤醒所有等待firmware的程序
trigger firmware_mounts_complete
trigger early-boot
trigger boot
# 第八部分,动作片段7, 当系统安装基本完成以后进行目录的重新挂载,将目录的权限设置为用户使用时的权限
# 粘贴文件系统
on post-fs
# once everything is setup, no need to modify /
# 当所有文件都设置好之后,将根目录重挂载为只读
mount rootfs rootfs / ro remount
# mount shared so changes propagate into child namespaces
# 直译,挂载根目录为共享,所以改变可以扩展到子命名空间
mount rootfs rootfs / shared rec
# We chown/chmod /cache again so because mount is run as root + defaults
# 直译,我们修改了/cache的所有者以及他的权限,因为挂载器是运行在root与default权限下的
chown system cache /cache
chmod 0770 /cache
# We restorecon /cache in case the cache partition has been reset.
# 我们递归的重配置/cache文件夹下的所有文件的权限
restorecon_recursive /cache
# This may have been created by the recovery system with odd permissions
# 直译,这可能会在临时权限下的恢复系统创建
chown system cache /cache/recovery
chmod 0770 /cache/recovery
# change permissions on vmallocinfo so we can grab it from bugreports
# 修改vmallocinfo(内存分配信息)的权限所以我们可以通过bug报告获取它
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
# 修改slab内存分配算法的权限以至于我们可以获取bug报告
chown root log /proc/slabinfo
chmod 0440 /proc/slabinfo
# change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
# 直译,改变kmsg(系统内核日志)以及sysrq-trigger(系统响应触发器)的权限所以bug报告可以抓取内核线程的栈状态
chown root system /proc/kmsg
chmod 0440 /proc/kmsg
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
chown system log /proc/last_kmsg
chmod 0440 /proc/last_kmsg
# make the selinux kernel policy world-readable
# 直译,使得selinux的内核策略全局可读
chmod 0444 /sys/fs/selinux/policy
# create the lost+found directories, so as to enforce our permissions
# 创建lost+found的目录,以便于设置我们的权限
mkdir /cache/lost+found 0770 root root
# 第九部分,动作片段8,文件系统复制完成后,处理文件系统的数据
# 粘贴文件数据
on post-fs-data
# We chown/chmod /data again so because mount is run as root + defaults
# 直译,我们修改了/data的所有者和权限,因为挂载操作是默认运行在root状态的
chown system system /data
chmod 0771 /data
# We restorecon /data in case the userdata partition has been reset.
# 直译,一旦用户数据的分区被设置好,我们就对/data目录下的文件(夹)进行权限设置
restorecon /data
# Avoid predictable entropy pool. Carry over entropy from previous boot.
# 直译,避免避免可预见的熵池。将熵推迟到开机之前
copy /data/system/entropy.dat /dev/urandom
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
# 直译,创建回收站目录并且回收垃圾。
# 在我们挂载cache文件夹之前进行这个命令,这样我们就可以使用cache来
# 存储还没有创建一个垃圾分区的平台的垃圾。
mkdir /data/dontpanic 0750 root log
# Collect apanic data, free resources and re-arm trigger
# 直译,收集未知异常数据、空闲资源以及重用的触发器
copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console
copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads
write /proc/apanic_console 1
# create basic filesystem structure
# 直译,创建基本的文件系统结构
mkdir /data/misc 01771 system misc
mkdir /data/misc/adb 02750 system shell
mkdir /data/misc/bluedroid 0770 bluetooth net_bt_stack
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/net 0750 root shell
mkdir /data/misc/radio 0770 system radio
mkdir /data/misc/sms 0770 system radio
mkdir /data/misc/zoneinfo 0775 system system
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/wifi 0770 wifi wifi
mkdir /data/misc/wifi/sockets 0770 wifi wifi
mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
mkdir /data/misc/ethernet 0770 system system
mkdir /data/misc/dhcp 0770 dhcp dhcp
mkdir /data/misc/user 0771 root root
# give system access to wpa_supplicant.conf for backup and restore
# 直译,授予wpa_supplicant系统权限来进行备份和重载
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0751 root root
mkdir /data/misc/media 0700 media media
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
# 直译,为了保证安全,/data/local/tmp应该永远为空。
# 不要将文件(夹)放到/data/local/tmp目录下
# 创建了data目录下app相关文件结构
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app-asec 0700 root root
mkdir /data/app-lib 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
# create dalvik-cache, so as to enforce our permissions
# 直译,创建dalvik缓存,以便于实行我们的权限
mkdir /data/dalvik-cache 0771 root root
mkdir /data/dalvik-cache/profiles 0711 system system
# create resource-cache and double-check the perms
# 直译,创建资源缓存以及双重检查权限
mkdir /data/resource-cache 0771 system system
chown system system /data/resource-cache
chmod 0771 /data/resource-cache
# create the lost+found directories, so as to enforce our permissions
# 直译,创建lost+found目录,以便于实施我们的权限
mkdir /data/lost+found 0770 root root
# create directory for DRM plug-ins - give drm the read/write access to
# the following directory.
# 直译,为DRM(数字权限管理器)插件创建目录
# 给数字权限管理器对于该目录读写的权限
mkdir /data/drm 0770 drm drm
# create directory for MediaDrm plug-ins - give drm the read/write access to
# the following directory.
# 直译,为媒体数字权限管理器插件创建目录
# 给数字权限管理器对于以下目录的读写权限
mkdir /data/mediadrm 0770 mediadrm mediadrm
mkdir /data/adb 0700 root root
# symlink to bugreport storage location
# 直译,链接将bug报告器的存储位置
symlink data/com.android.shell/files/bugreports /data/bugreports
# Separate location for storing security policy files on data
# 直译,为存储安全策略文件在/data目录下分出分区
mkdir /data/security 0711 system system
# Reload policy from /data/security if present.
# 直译,在当前从/data/security重新加载策略
setprop selinux.reload_policy 1
# Set SELinux security contexts on upgrade or policy update.
# 将SELinux的安全上下文进行升级或者策略进行升级
# 即对于/data目录下的文件(夹)进行递归
restorecon_recursive /data
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1
# 直译,如果在init过程中没有fs-post-data动作,你必须要将此行解除注释,否则
# 加密的文件系统不会工作。设置明确的标志(通过vold来检查)来明确我们已经结束了该动作
# 需要解除注释的目录:setprop vold.post_fs_data_done 1
# 第十部份,动作片段9,init完成后的开机动作
on boot
# basic network init
# 直译,基本网络初始化
ifup lo
hostname localhost
domainname localdomain
# set RLIMIT_NICE to allow priorities from 19 to -20
# 直译,设置权限限制来设置优先级由19到-20
setrlimit 13 40 40
# Memory management. Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# parameters to match how it is managing things.
# 直译,内存管理器。基本的内核参数,允许高级的系统服务来调整内核内存溢出驱动器参数
# 来匹配管理程序的方式
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4
chown root system /sys/module/lowmemorykiller/parameters/adj
chmod 0220 /sys/module/lowmemorykiller/parameters/adj
chown root system /sys/module/lowmemorykiller/parameters/minfree
chmod 0220 /sys/module/lowmemorykiller/parameters/minfree
# Tweak background writeout
# 直译,微调后台输出
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
# Permissions for System Server and daemons.
# 直译,系统服务和守护进程的权限
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown system system /sys/power/autosleep
chown system system /sys/power/state
chown system system /sys/power/wakeup_count
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_rate
chown system system /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/timer_slack
chown system system /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/min_sample_time
chown system system /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/hispeed_freq
chown system system /sys/devices/system/cpu/cpufreq/interactive/target_loads
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/target_loads
chown system system /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/go_hispeed_load
chown system system /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/above_hispeed_delay
chown system system /sys/devices/system/cpu/cpufreq/interactive/boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse
chown system system /sys/devices/system/cpu/cpufreq/interactive/input_boost
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/input_boost
chown system system /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/boostpulse_duration
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy
# Assume SMP uses shared cpufreq policy for all CPUs
# 将标准管理器使用的cpu序列分享策略使用到所有的CPU
chown system system /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chmod 0660 /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
# Define default initial receive window size in segments.
# 直译,定义段中默认的初始化接收窗口大小
setprop net.tcp.default_init_rwnd 60
class_start core
# 第十一部分,动作片段10,触发器为未加密,打开main和late_start组
on nonencrypted
class_start main
class_start late_start
# 第十二部分,动作片段11,判断vold.decrypt的值来开启默认加密片段
on property:vold.decrypt=trigger_default_encryption
start defaultcrypto
# 第十三部分,动作片段12,判断vold.decrypt的值来开启surfaceflinger(界面管理器)和encrypt(加密器)
on property:vold.decrypt=trigger_encryption
start surfaceflinger
start encrypt
# 第十四部分,动作片段13,传递init程序的日志等级的变化
on property:sys.init_log_level=*
loglevel ${sys.init_log_level}
# 第十五部分,动作片段14,充电时开启充电组的服务
on charger
class_start charger
# 第十六部分,动作片段15,依然是判断vold.decrypt的值
on property:vold.decrypt=trigger_reset_main
class_reset main
# 第十七部分,动作片段16,还是判断vold.decrypt的值来加载存留属性
on property:vold.decrypt=trigger_load_persist_props
load_persist_props
# 第十八部分,动作片段17,判断是否为复制文件系统数据
on property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data
# 第十九部分,动作片段18,还是判断设备加密情况
on property:vold.decrypt=trigger_restart_min_framework
class_start main
# 第二十部分,动作片段19.判断加密情况
on property:vold.decrypt=trigger_restart_framework
class_start main
class_start late_start
# 第二十一部分,动作片段20,判断加密情况
on property:vold.decrypt=trigger_shutdown_framework
class_reset late_start
class_reset main
# 第二十二部分,动作片段21,当powerctl的值变化时,进行重启动作
on property:sys.powerctl=*
powerctl ${sys.powerctl}
# system server cannot write to /proc/sys files,
# and chown/chmod does not work for /proc/sys/ entries.
# So proxy writes through init.
# 直译,系统服务不可以写入到/proc/sys文件中,
# 并且chown和chmod不可以在/proc/sys/实体中运行。
# 所以采用代理在初始化过程中写入。
# 第二十三部分,动作片段22,写入系统中的额外数据
on property:sys.sysctl.extra_free_kbytes=*
write /proc/sys/vm/extra_free_kbytes ${sys.sysctl.extra_free_kbytes}
# "tcp_default_init_rwnd" Is too long!
# 直译,"tcp_default_init_rwnd"太长了
# 将最新的tcp的初始化值写入到对应文件当中
# 第二十四部分,动作片段23,写入tcp初始值
on property:sys.sysctl.tcp_def_init_rwnd=*
write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd}
## Daemon processes to be run by init.
##
## 直译,被init所启动的守护进程
# 接下来主要是服务的部分,与动作不同,服务是多个条件下运行一个程序,动作是在一个条件下运行多个命令
# 第二十五部分,服务片段1,设置守护进程
service ueventd /sbin/ueventd
class core
critical
seclabel u:r:ueventd:s0
# 第二十六部分,服务片段2,设置日志进程
service logd /system/bin/logd
class core
socket logd stream 0666 logd logd
socket logdr seqpacket 0666 logd logd
socket logdw dgram 0222 logd logd
seclabel u:r:logd:s0
# 第二十七部分,服务片段3,设置电量进程
service healthd /sbin/healthd
class core
critical
seclabel u:r:healthd:s0
# 第二十八部分,服务片段4,设置控制台进程
service console /system/bin/sh
class core
console
disabled
# user shell
group shell log
seclabel u:r:shell:s0
# 第二十九部分,动作片段24,判断debug标志来打开控制台进程
on property:ro.debuggable=1
start console
# adbd is controlled via property triggers in init.<platform>.usb.rc
# 第三十部分,服务片段5,设置adb进程
service adbd /sbin/adbd --root_seclabel=u:r:su:s0
class core
socket adbd stream 660 system system
disabled
seclabel u:r:adbd:s0
# adbd on at boot in emulator
# 第三十一部分,动作片段25,在仿真器中adb会在开机时启动
on property:ro.kernel.qemu=1
start adbd
# 第三十二部分,服务片段6,设置lmkd进程(low memory killer)
service lmkd /system/bin/lmkd
class core
critical
socket lmkd seqpacket 0660 system system
# 第三十三部分,服务片段7,设置servicemanager进程,framework层运行的各个服务的管理者
service servicemanager /system/bin/servicemanager
class core
user system
group system
critical
onrestart restart healthd
onrestart restart zygote
onrestart restart media
onrestart restart surfaceflinger
onrestart restart drm
# 第三十四部分,服务片段8,设置vold进程(管理外部存储器)
service vold /system/bin/vold
class core
socket vold stream 0660 root mount
ioprio be 2
# 第三十五部分,服务片段9,设置netd进程
service netd /system/bin/netd
class main
socket netd stream 0660 root system
socket dnsproxyd stream 0660 root inet
socket mdns stream 0660 root system
socket fwmarkd stream 0660 root inet
# 第三十六部分,服务片段10,设置debuggerd进程
service debuggerd /system/bin/debuggerd
class main
# 第三十七部分,服务片段11,设置debuggerd64进程
service debuggerd64 /system/bin/debuggerd64
class main
# 第三十八部分,服务片段12,设置ril-daemon进程(ril的守护进程,守护了通话服务)
service ril-daemon /system/bin/rild
class main
socket rild stream 660 root radio
socket rild-debug stream 660 radio system
user root
group radio cache inet misc audio log
# 第三十九部分,服务片段13,设置surfaceflinger进程(用以控制android手机界面)
service surfaceflinger /system/bin/surfaceflinger
class core
# user system
group graphics drmrpc
onrestart restart zygote
# 第四十部分,服务片段14,设置drm进程,digital rights manager
service drm /system/bin/drmserver
class main
user drm
group drm system inet drmrpc
# 第四十一部分,服务片段15,设置media进程
service media /system/bin/mediaserver
class main
user media
group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
ioprio rt 4
# 第四十二部分,服务片段16,设置defaultcrypto进程
# One shot invocation to deal with encrypted volume.
# 直译,单次运行处理加密声音
service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
disabled
oneshot
# vold会设置vold.decrypt来启动trigger_restart_framework或者trigger_restart_min_framework
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption) or trigger_restart_min_framework (other encryption)
# One shot invocation to encrypt unencrypted volumes
# 直译,单次运行以解密声音
# 第四十三部分,服务片段17,设置encrypt进程
service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default
disabled
oneshot
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption)
# 第四十四部分,服务片段18,设置bootanim进程
service bootanim /system/bin/bootanimation
class core
user graphics
group graphics audio
disabled
oneshot
# 第四十五部分,服务片段19,设置installd进程
service installd /system/bin/installd
class main
socket installd stream 600 system system
# 第四十六部分,服务片段20,设置flash_recovery进程
service flash_recovery /system/bin/install-recovery.sh
class main
seclabel u:r:install_recovery:s0
oneshot
# 第四十七部分,服务片段21,设置racoon进程(udp?)
service racoon /system/bin/racoon
class main
socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
group vpn net_admin inet
disabled
oneshot
# 第四十八部分,服务片段22,设置mtpd进程(媒体传输协议)
service mtpd /system/bin/mtpd
class main
socket mtpd stream 600 system system
user vpn
group vpn net_admin inet net_raw
disabled
oneshot
# 第四十九部分,服务片段23,设置keystore进程
service keystore /system/bin/keystore /data/misc/keystore
class main
user keystore
group keystore drmrpc
# 第五十部分,服务片段24,设置dumpstate进程
service dumpstate /system/bin/dumpstate -s
class main
socket dumpstate stream 0660 shell log
disabled
oneshot
# 第五十一部分,服务片段25,设置mdnsd进程
service mdnsd /system/bin/mdnsd
class main
user mdnsr
group inet net_raw
socket mdnsd stream 0660 mdnsr inet
disabled
oneshot
# 第五十二部分,服务片段26,设置pre-recovery进程
service pre-recovery /system/bin/uncrypt
class main
disabled
oneshot
1 0
- 【Android7.1.2源码解析系列】init.rc全流程注释
- 【Android7.1.2源码解析系列】实战分析init.rc文件
- 【Android7.1.2源码解析系列】android中init.rc文件的语法
- Android7.0 init.rc流程分析
- Android7.0解析Init.rc文件
- 【Android7.1.2源码解析系列】android init目录下的Android.mk编译文件分析
- 【Android7.1.2源码解析系列】android源码阅读小tips
- Android系统init进程启动及init.rc全解析
- Android的init过程:init.rc解析流程
- Android启动流程分析(七) init.rc的解析
- Android启动流程分析(八) 解析init.rc的action
- Android启动流程分析(九) 解析init.rc的service
- framework启动流程<二> init.rc 执行过程与解析
- Android init.rc解析
- Android init.rc解析
- Android init.rc解析
- Android init.rc解析
- Android init.rc解析
- 超强、超详细Redis数据库入门教程
- 数据结构 详解
- 搞定APP版本更新控制
- 事件浅谈之事件冒泡
- linux安装流程(无图版)
- 【Android7.1.2源码解析系列】init.rc全流程注释
- Mac下打开/usr/local目录
- java程序中的效率问题
- android插件化(binder通讯)
- 机器学习
- Tomcat7.0配置,解决点击startup.bat后闪退的情况!
- 【编译原理】词法分析
- mark一下linux按日期生成log文件
- 深入研究SSL
