sync vendor

proprietary/system_ext/etc/init/hw/vendor_init_as_system.rc

@@ -1,303 +0,0 @@
-on early-fs
-    start vold
-
-on post-fs
-    restorecon_recursive /metadata
-    mkdir /metadata/vold
-    chmod 0700 /metadata/vold
-    mkdir /metadata/password_slots 0771 root system
-    mkdir /metadata/bootstat 0750 system log
-    mkdir /metadata/ota 0700 root system
-    mkdir /metadata/ota/snapshots 0700 root system
-
-    mkdir /metadata/apex 0700 root system
-    mkdir /metadata/apex/sessions 0700 root system
-
-on post-fs-data
-    mark_post_data
-
-    # Start checkpoint before we touch data
-    exec - system system -- /system/bin/vdc checkpoint prepareCheckpoint
-
-    # We chown/chmod /data again so because mount is run as root + defaults
-    chown system system /data
-    chmod 0771 /data
-    # We restorecon /data in case the userdata partition has been reset.
-    restorecon /data
-
-    # Make sure we have the device encryption key.
-    installkey /data
-
-    # Start bootcharting as soon as possible after the data partition is
-    # mounted to collect more data.
-    mkdir /data/bootchart 0755 shell shell
-    bootchart start
-
-    # Load fsverity keys. This needs to happen before apexd, as post-install of
-    # APEXes may rely on keys.
-    exec -- /system/bin/fsverity_init
-
-    # Make sure that apexd is started in the default namespace
-    enter_default_mount_ns
-
-    # /data/apex is now available. Start apexd to scan and activate APEXes.
-    #
-    # To handle userspace reboots as well as devices that use FDE, make sure
-    # that apexd is started cleanly here (set apexd.status="") and that it is
-    # restarted if it's already running.
-    #
-    # /data/apex uses encryption=None because direct I/O support is needed on
-    # APEX files, but some devices don't support direct I/O on encrypted files.
-    # Also, APEXes are public information, similar to the system image.
-    # /data/apex/decompressed and /data/apex/ota_reserved override this setting;
-    # they are encrypted so that files in them can be hard-linked into
-    # /data/rollback which is encrypted.
-    mkdir /data/apex 0755 root system encryption=None
-    mkdir /data/apex/active 0755 root system
-    mkdir /data/apex/backup 0700 root system
-    mkdir /data/apex/decompressed 0755 root system encryption=Require
-    mkdir /data/apex/hashtree 0700 root system
-    mkdir /data/apex/sessions 0700 root system
-    mkdir /data/app-staging 0751 system system encryption=DeleteIfNecessary
-    mkdir /data/apex/ota_reserved 0700 root system encryption=Require
-    setprop apexd.status ""
-    restart apexd
-
-    # Avoid predictable entropy pool. Carry over entropy from previous boot.
-    copy /data/system/entropy.dat /dev/urandom
-
-    # create basic filesystem structure
-    mkdir /data/misc 01771 system misc
-    mkdir /data/misc/recovery 0770 system log
-    copy /data/misc/recovery/ro.build.fingerprint /data/misc/recovery/ro.build.fingerprint.1
-    chmod 0440 /data/misc/recovery/ro.build.fingerprint.1
-    chown system log /data/misc/recovery/ro.build.fingerprint.1
-    write /data/misc/recovery/ro.build.fingerprint ${ro.build.fingerprint}
-    chmod 0440 /data/misc/recovery/ro.build.fingerprint
-    chown system log /data/misc/recovery/ro.build.fingerprint
-    mkdir /data/misc/recovery/proc 0770 system log
-    copy /data/misc/recovery/proc/version /data/misc/recovery/proc/version.1
-    chmod 0440 /data/misc/recovery/proc/version.1
-    chown system log /data/misc/recovery/proc/version.1
-    copy /proc/version /data/misc/recovery/proc/version
-    chmod 0440 /data/misc/recovery/proc/version
-    chown system log /data/misc/recovery/proc/version
-    mkdir /data/misc/bluedroid 02770 bluetooth bluetooth
-    # Fix the access permissions and group ownership for 'bt_config.conf'
-    chmod 0660 /data/misc/bluedroid/bt_config.conf
-    chown bluetooth bluetooth /data/misc/bluedroid/bt_config.conf
-    mkdir /data/misc/bluetooth 0770 bluetooth bluetooth
-    mkdir /data/misc/bluetooth/logs 0770 bluetooth bluetooth
-    mkdir /data/misc/keystore 0700 keystore keystore
-    mkdir /data/misc/gatekeeper 0700 system system
-    mkdir /data/misc/keychain 0771 system system
-    mkdir /data/misc/net 0750 root shell
-    mkdir /data/misc/radio 0770 system radio
-    mkdir /data/misc/sms 0770 system radio
-    mkdir /data/misc/carrierid 0770 system radio
-    mkdir /data/misc/apns 0770 system radio
-    mkdir /data/misc/zoneinfo 0775 system system
-    mkdir /data/misc/network_watchlist 0774 system system
-    mkdir /data/misc/textclassifier 0771 system system
-    mkdir /data/misc/vpn 0770 system vpn
-    mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
-    mkdir /data/misc/systemkeys 0700 system system
-    mkdir /data/misc/wifi 0770 wifi wifi
-    mkdir /data/misc/wifi/sockets 0770 wifi wifi
-    mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
-    mkdir /data/misc/ethernet 0770 system system
-    mkdir /data/misc/dhcp 0770 dhcp dhcp
-    mkdir /data/misc/user 0771 root root
-    mkdir /data/misc/perfprofd 0775 root root
-    # give system access to wpa_supplicant.conf for backup and restore
-    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
-    mkdir /data/local 0751 root root
-    mkdir /data/misc/media 0700 media media
-    mkdir /data/misc/audioserver 0700 audioserver audioserver
-    mkdir /data/misc/cameraserver 0700 cameraserver cameraserver
-    mkdir /data/misc/vold 0700 root root
-    mkdir /data/misc/boottrace 0771 system shell
-    mkdir /data/misc/update_engine 0700 root root
-    mkdir /data/misc/update_engine_log 02750 root log
-    mkdir /data/misc/trace 0700 root root
-    # create location to store surface and window trace files
-    mkdir /data/misc/wmtrace 0700 system system
-    # create location to store accessibility trace files
-    mkdir /data/misc/a11ytrace 0700 system system
-    # profile file layout
-    mkdir /data/misc/profiles 0771 system system
-    mkdir /data/misc/profiles/cur 0771 system system
-    mkdir /data/misc/profiles/ref 0771 system system
-    mkdir /data/misc/profman 0770 system shell
-    mkdir /data/misc/gcov 0770 root root
-    mkdir /data/misc/installd 0700 root root
-    mkdir /data/misc/apexdata 0711 root root
-    mkdir /data/misc/apexrollback 0700 root root
-    mkdir /data/misc/appcompat/ 0700 system system
-    mkdir /data/misc/snapshotctl_log 0755 root root
-    # create location to store pre-reboot information
-    mkdir /data/misc/prereboot 0700 system system
-    # directory used for on-device refresh metrics file.
-    mkdir /data/misc/odrefresh 0777 system system
-    # directory used for on-device signing key blob
-    mkdir /data/misc/odsign 0710 root system
-    # directory used for odsign metrics
-    mkdir /data/misc/odsign/metrics 0770 root system
-
-    mkdir /data/preloads 0775 system system encryption=None
-
-    mkdir /data/vendor 0771 root root
-    mkdir /data/vendor/hardware 0771 root root
-   
-    # For security reasons, /data/local/tmp should always be empty.
-    # Do not place files or directories in /data/local/tmp
-    mkdir /data/local/tmp 0771 shell shell
-    mkdir /data/local/traces 0777 shell shell
-    # mkdir /data/data 0771 system system
-    mkdir /data/app-private 0771 system system
-    mkdir /data/app-ephemeral 0771 system system
-    mkdir /data/app-asec 0700 root root
-    mkdir /data/app-lib 0771 system system
-    mkdir /data/app 0771 system system
-    mkdir /data/property 0700 root root
-    mkdir /data/tombstones 0771 system system
-    mkdir /data/vendor/tombstones 0771 root root
-    mkdir /data/vendor/tombstones/wifi 0771 wifi wifi
-
-    # create dalvik-cache, so as to enforce our permissions
-    mkdir /data/dalvik-cache 0771 root root
-    # create the A/B OTA directory, so as to enforce our permissions
-    mkdir /data/ota 0771 root root
-
-    # create the OTA package directory. It will be accessed by GmsCore (cache
-    # group), update_engine and update_verifier.
-    mkdir /data/ota_package 0770 system cache
-
-    # create resource-cache and double-check the perms
-    mkdir /data/resource-cache 0771 system system
-    chown system system /data/resource-cache
-    chmod 0771 /data/resource-cache
-
-    # Ensure that lost+found exists and has the correct permissions.  Linux
-    # filesystems expect this directory to exist; it's where the fsck tool puts
-    # any recovered files that weren't present in any directory.  It must be
-    # unencrypted, as fsck must be able to write to it.
-    mkdir /data/lost+found 0770 root root encryption=None
-
-    # create directory for DRM plug-ins - give drm the read/write access to
-    # the following directory.
-    mkdir /data/drm 0770 drm drm
-
-    # create directory for MediaDrm plug-ins - give drm the read/write access to
-    # the following directory.
-    mkdir /data/mediadrm 0770 mediadrm mediadrm
-
-    mkdir /data/anr 0775 system system
-
-    # NFC: create data/nfc for nv storage
-    mkdir /data/nfc 0770 nfc nfc
-    mkdir /data/nfc/param 0770 nfc nfc
-
-    # Create all remaining /data root dirs so that they are made through init
-    # and get proper encryption policy installed
-    mkdir /data/backup 0700 system system
-    mkdir /data/ss 0700 system system
-
-    mkdir /data/system 0775 system system
-    mkdir /data/system/dropbox 0700 system system
-    mkdir /data/system/heapdump 0700 system system
-    mkdir /data/system/users 0775 system system
-
-    # Create the parent directories of the user CE and DE storage directories.
-    # These parent directories must use encryption=None, since each of their
-    # subdirectories uses a different encryption policy (a per-user one), and
-    # encryption policies apply recursively.  These directories should never
-    # contain any subdirectories other than the per-user ones.  /data/media/obb
-    # is an exception that exists for legacy reasons.
-    mkdir /data/media 0770 media_rw media_rw encryption=None
-    mkdir /data/misc_ce 01771 system misc encryption=None
-    mkdir /data/misc_de 01771 system misc encryption=None
-    mkdir /data/system_ce 0770 system system encryption=None
-    mkdir /data/system_de 0770 system system encryption=None
-    mkdir /data/user 0711 system system encryption=None
-    mkdir /data/user_de 0711 system system encryption=None
-    mkdir /data/vendor_ce 0771 root root encryption=None
-    mkdir /data/vendor_de 0771 root root encryption=None
-    # symlink /data/data /data/user/0
-
-    # A tmpfs directory, which will contain all apps and sdk sandbox CE and DE
-    # data directory that bind mount from the original source.
-    mount tmpfs tmpfs /data_mirror nodev noexec nosuid mode=0700,uid=0,gid=1000
-    restorecon /data_mirror
-    mkdir /data_mirror/data_ce 0700 root root
-    mkdir /data_mirror/data_de 0700 root root
-    mkdir /data_mirror/misc_ce 0700 root root
-    mkdir /data_mirror/misc_de 0700 root root
-
-    # Create CE and DE data directory for default volume
-    mkdir /data_mirror/data_ce/null 0700 root root
-    mkdir /data_mirror/data_de/null 0700 root root
-    mkdir /data_mirror/misc_ce/null 0700 root root
-    mkdir /data_mirror/misc_de/null 0700 root root
-
-    # Bind mount CE and DE data directory to mirror's default volume directory.
-    # Note that because the /data mount has the "shared" propagation type, the
-    # later bind mount of /data/data onto /data/user/0 will automatically
-    # propagate to /data_mirror/data_ce/null/0 as well.
-    mount none /data/user /data_mirror/data_ce/null bind rec
-    mount none /data/user_de /data_mirror/data_de/null bind rec
-    mount none /data/misc_ce /data_mirror/misc_ce/null bind rec
-    mount none /data/misc_de /data_mirror/misc_de/null bind rec
-    
-    mkdir /data/cache 0770 system cache
-    mkdir /data/cache/recovery 0770 system cache
-    mkdir /data/cache/backup_stage 0700 system system
-    mkdir /data/cache/backup 0700 system system
-
-    # Wait for apexd to finish activating APEXes before starting more processes.
-    wait_for_prop apexd.status activated
-    perform_apex_config
-
-    # Allow apexd to snapshot and restore device encrypted apex data in the case
-    # of a rollback. This should be done immediately after DE_user data keys
-    # are loaded. APEXes should not access this data until this has been
-    # completed and apexd.status becomes "ready".
-    exec_start apexd-snapshotde
-
-    init_user0
-
-    # Set SELinux security contexts on upgrade or policy update.
-    restorecon --recursive --skip-ce /data
-
-    # Check any timezone data in /data is newer than the copy in the runtime module, delete if not.
-    exec - system system -- /system/bin/tzdatacheck /apex/com.android.runtime/etc/tz /data/misc/zoneinfo
-
-    # If there is no post-fs-data action in the init.<device>.rc file, you
-    # must uncomment this line, otherwise encrypted filesystems
-    # won't work.
-    # Set indication (checked by vold) that we have finished this action
-    setprop vold.post_fs_data_done 1
-
-    # sys.memfd_use set to false by default, which keeps it disabled
-    # until it is confirmed that apps and vendor processes don't make
-    # IOCTLs on ashmem fds any more.
-    setprop sys.use_memfd false
-
-    # Set fscklog permission
-    chown root system /dev/fscklogs/log
-    chmod 0770 /dev/fscklogs/log
-
-    ####################################
-    # post-fs-data for mtk modification
-
-    #MDDB
-    #create meta folder by vold from Android U
-#   mkdir /data/vendor_de/meta 0770 root root
-    mkdir /data/vendor_de/meta/mddb 0770 root root
-
-    #FACTORY
-#   mkdir /data/vendor_de/factory 0770 root root
-
-    #set mdlog and connsyslog permission
-    mkdir /data/mdlog 0770 system system
-    mkdir /data/connsyslog 0770 system system