NOTE:
- NERD LEVEL 10 STUFF.
- THIS POST REQUIRES A ROOTED IMAGE OF ANDROID FOR PANDA BOARD OR ANY BOARD YOU ARE WORKING ON.
Oookkkkaayyy Guys so this is going to be my longest post so far and this one remained in the editing mode for like 5-6 months now phewwww . So in this post we will see how can we hook mouse control of an already connected mouse in Android. This expedition will consists of following steps:
1. Identifying event interface of the mouse.
2. Sending fake input-event packets on the device’s event interface.
3. Assigning permissions on the event interface.
Identifying event interface of the mouse:
Event interface assigned for the connected mouse device can be found by parsing the output of the file at : “/proc/bus/input/devices”. The key is to look for that ‘Handler’ tag with which there is one ‘mouseX’ interface and one “eventX” interface present. Following is the java code snippet (present in the android app layer code) for identifying the event interface of the first connected mouse with the device.public static String findMouseEventIfc(final Context parent)
{
String splitTag = "H: Handlers=mouse";
String evIfc = "";
String temp = readFile("/proc/bus/input/devices", true);
int pos = temp.indexOf(splitTag);
if(pos > 0)
{
String parts[] = temp.split(splitTag); // we should atleast 2 substrings. can //be more then 1 in case more then 1 mice are connected to the device.
if(parts.length > 1)
{
temp = parts[1];
int start = temp.indexOf("event");
int end = temp.indexOf("\n");
evIfc = ((String) temp.subSequence(start, end)).trim();
Log.i(“tag”, "Mouse Event Interface located at : " + evIf);
}
}
else
{
Log.i(“tag”, "No Mouse Connected with the device.");
}
return evIfc.trim();
}
Sending fake input-event packets on the device’s event interface:
Once we have the name of the event interface for the connected mouse, we can send the fake input-event packets on this event interface (located inside /dev/input/) to control the mouse movement on the device.Following code snippet written in C (present at the NDK layer of the app) sends the fake input-events to move the mouse pointer to (x,y) coordinate on the screen.
NOTE: You will need a rooted device in order to write these input-event packets on the event interface.
void moveCursor(int mouseIfcHandle, int x, int y)
{
printf("-- > Injecting Mouse Events (x,y) (%d,%d) \n", x, y);
struct input_event event_x, event_y, event_end;
memset(&event_x, 0, sizeof(event_x));
memset(&event_y, 0, sizeof(event_y));
memset(&event_end, 0, sizeof(event_end));
gettimeofday(&event_x.time, NULL);
event_x.type = EV_REL;
event_x.code = REL_X;
event_x.value = x; //First lets reset the x-axis
gettimeofday(&event_y.time, NULL);
event_y.type = EV_REL;
event_y.code = REL_Y;
event_y.value = y; //First lets reset the y-axis
gettimeofday(&event_end.time, NULL);
event_end.type = EV_SYN;
event_end.code = SYN_REPORT;
event_end.value = 0;
int ret1, ret2, ret3;
ret1 = write(mouseIfcHandle, &event_x, sizeof(event_x)); // Move the mouse on x-axis.
ret2 = write(mouseIfcHandle, &event_y, sizeof(event_y)); // Move the mouse on y-axis.
ret3 = write(mouseIfcHandle, &event_end, sizeof(event_end)); // Show move
fsync (mouseIfcHandle);
printf("-- > x-Injected Bytes: %d || y-Injected Bytes: %d || sync-Injected Bytes: %d \n", ret1, ret2, ret3);
}
Assigning permissions on the event interface:
This is probably the toughest part, In android the device nodes created by the input subsystem are read only, i.e. you can not write fake input-events on them unless you grant rights on these nodes.Now in order to grant access on these devices we need to run the “chmod 777 /dev/input/*” as root on the device, running this command inside your C/C++ code i.e. using
system(“chmod 777 /dev/input/*”)
or inside your java code i.e. using
Runtime.getRuntime().exec("chmod 777 /dev/input/*")
will yield nothing as these commands will still be running inside the dalvik virtual machine, from inside which we can’t grant permissions on any other subsystem’s nodes. So we will have to either write a startup script or a daemon (i.e. Linux program) which is run by the root at device startup and then that script or the daemon grants rights on the nodes created by input subsystem.
Here comes the most frustrating part, the startup scripts of android i.e. init.rc & init.<specific-hardware>.rc are present inside the kernel+ramdisk image, and this image is extracted at every boot time. So if you access the init.rc or init.omap4pandaboard.rc file through adb shell and add your startup script, it will have no affect as your modified file will be over written the next time you boot the device. So what do we do then. Well that's the most sexy part :) , If the kernel Image is is in our way to execute our script then we will bring the image to our side and transform it Hooooahhahahhaa (Evil laughter).
So, we will modify Kernel+ram disk image (without recompiling the kernel source) in order to start the daemon or write start up scripts. Following are the 2 steps which will be further required to assign permissions on event interfaces:
1. Modify Kernel + Ramdisk image to start up the daemon on bootup.
2. Write daemon to grant permissions on the nodes created by the input subsystem.
Modify Kernel + Ramdisk image:
In order to modify your Android’s kernel + Ram Disk image you will first have to place your SD-Card (containing the Android OS) in the card reader and wait for the different partitions in it to be mounted.Once all partitions are mounted, look for the partition called 'boot', open it and compress the uInitrd image file, copy it to your machine inside any folder for instance /home/junaid/android_k+rd/, Then unstitch the kernel+RamDisk Image in the android_k+rd/fs/ drectory, These step can be done by using following commands (Assuming the sd-card got mounted on /dev/sdb):
1. dd bs=1 skip=64 if=/mnt/uInitrd of=/home/junaid/android_k+rd/initrd.gz
OR
2. gunzip /mnt/uInitrd of=/home/junaid/android_k+rd/initrd.gz
3. cd /home/junaid/android_k+rd/initrd.gz
4. mkdir fs
5. cd fs
6. cpio -id < ../initrd
Now you can open the startup script present inside the fs/ directory and make changes in them. In order to run the daemon at startup, we will place an entry inside the init.omap4pandaboard.rc file i.e. add following lines in it :
service rightsprivileger /system/bin/rightsprivileger
class main
user root
oneshot
Here, I am assuming the daemon binary has the name 'rightsprivileger' and will be placed at /system/bin/ (by using the adb shell). Moreover we will have to replace the following line inside init.rc file :
mount ext4 /dev/block/mmcblk0p2 /system ro
with
mount ext4 /dev/block/mmcblk0p2 /system rw
Above change will mount the /system/ in Read-Write mode.
(Complete init.rc & init.omap4pandaboard.rc files are mentioned at the bottom of this document for reference)
Now that we have made required changes, we need to re-stitch the Kernel+RamDisk Header and replace the uInitrd image inside the mounted boot/ with this new & updated one. Follow these steps to re-stitch the Kernel+Ramdisk image:
1. cd fs
2. find ./ | cpio -H newc -o > ../newinitrd
3. cd ..
4. gzip newinitrd
5. mkimage -A arm -O linux -C gzip -T ramdisk -n "My Android Ramdisk Image" -d newinitrd.gz uInitrd-new
Now copy the uInitrd-new file in the boot/ drive, remove the old uInitrd and rename uInitrd-new to uInitrd.
Write daemon:
Following simple program will be enough to create a daemon which grant rights to the nodes created by input subsystem:#include <stdio.h>
#include <unistd.h>
#include <sys/time.h>
int main()
{
char command1[128]={0};
char command2[128]={0};
sprintf(command1,"mkdir /dev/MouseCtrl_Up"); // Tag to show that the daemon is up.
sprintf(command2,"chmod 777 /dev/input/*");
int retCommand1 = system(command1);
while(1)
{
int retCommand2 = system(command2);
sleep(60);
}
return 0;
}
This program has to be created with the android’s stand alone toolchain present inside the android-ndk package, simple ARM toolchain won’t be enough as Android uses its own application binary interface i.e. androideabi. Once compiled, place it inside /system/bin/ by running
(on a running android device before modifying the Kernel Image)
1. adb push <your-binary-path> /system/bin/
Or
Simply copy the binary in the mounted SD card inside /system/bin/ folder (if you can locate it).
Once daemon has been written and placed inside the /system/bin directory with all its rights set i.e. (chmoded) and the custom Kernel+Ramdisk image placed in the /boot/ drive, Safely remove the sd-card from the card reader, insert it inside the Pandaboard and power it on. When the system boots you will see that the nodes inside /dev/input/ will have all the permissions set. and your android application could now send the events to move the system pointer.
Reference Links
Android Boot Sequence :
http://elinux.org/Android_Booting
Android Init Process :
http://www.androidenea.com/2009/08/init-process-and-initrc.html
Android Init Language :
https://github.com/android/platform_system_core/blob/master/init/readme.txt
Linux X86 mkbootimg program (For re-stitching the kernel+ramdisk image):
http://forum.xda-developers.com/showthread.php?t=562318
Android kernel+ram disk image’s un-stitching and stitching:
http://ask.linaro.org/questions/364/initrc-in-sd-card
Android - Running Native programs:
http://gimite.net/en/index.php?Run%20native%20executable%20in%20Android%20App
Understanding Linux input system:
http://www.kernel.org/doc/Documentation/input/input-programming.txt
http://lxr.free-electrons.com/source/include/linux/input.h?v=3.2#L26
http://docs.blackfin.uclinux.org/kernel/generated/device-drivers/re707.html
http://www.compsoc.man.ac.uk/~moz/kernelnewbies/documents/kdoc/mousedrivers/driver.html
Writing Loadable Kernel Module:
http://www.compsoc.man.ac.uk/~moz/kernelnewbies/documents/kdoc/mousedrivers/driver.html
http://tldp.org/HOWTO/Module-HOWTO/x839.html
http://stackoverflow.com/questions/4849063/cross-compile-lkm-module-for-android-platform
Reference Material
init.rc
on early-init
start ueventd
# create mountpoints
mkdir /mnt 0775 root system
mkdir /mnt/sdcard 0000 system system
on init
sysclktz 0
loglevel 3
# setup the global environment
export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
export LD_LIBRARY_PATH /vendor/lib:/system/lib
export ANDROID_BOOTLOGO 1
export ANDROID_ROOT /system
export ANDROID_ASSETS /system/app
export ANDROID_DATA /data
export EXTERNAL_STORAGE /mnt/sdcard
export ASEC_MOUNTPOINT /mnt/asec
export LOOP_MOUNTPOINT /mnt/obb
export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar:/system/framework/filterfw.jar
# Backward compatibility
symlink /system/etc /etc
symlink /sys/kernel/debug /d
# Right now vendor lives on the same filesystem as system,
# but someday that may change.
symlink /system/vendor /vendor
# Create cgroup mount point for cpu accounting
mkdir /acct
mount cgroup none /acct cpuacct
mkdir /acct/uid
# Backwards Compat (no longer there in stock ICS)
symlink /mnt/sdcard /sdcard
mkdir /system
mkdir /data 0771 system system
mkdir /cache 0770 system cache
mkdir /config 0500 root root
# Directory for putting things only root should see.
mkdir /mnt/secure 0700 root root
# Directory for staging bindmounts
mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
mkdir /mnt/secure/asec 0700 root root
# Secure container public mount points.
mkdir /mnt/asec 0700 root system
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# Filesystem image public mount points.
mkdir /mnt/obb 0700 root system
mount tmpfs tmpfs /mnt/obb mode=0755,gid=1000
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
# Create cgroup mount points for process groups
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
chown system system /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0777 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
mkdir /dev/cpuctl/fg_boost
chown system system /dev/cpuctl/fg_boost/tasks
chmod 0777 /dev/cpuctl/fg_boost/tasks
write /dev/cpuctl/fg_boost/cpu.shares 1024
mkdir /dev/cpuctl/bg_non_interactive
chown system system /dev/cpuctl/bg_non_interactive/tasks
chmod 0777 /dev/cpuctl/bg_non_interactive/tasks
# 5.0 %
write /dev/cpuctl/bg_non_interactive/cpu.shares 52
# Allow everybody to read the xt_qtaguid resource tracking misc dev.
# This is needed by any process that uses socket tagging.
chmod 0644 /dev/xt_qtaguid
on fs
# mount mmc partitions
# mmcblk0p1: /boot
mount ext4 /dev/block/mmcblk0p2 /system rw
mount ext4 /dev/block/mmcblk0p3 /cache
# mmcblk0p4: extended partition container
mount ext4 /dev/block/mmcblk0p5 /data
# mmcblk0p6: /sdcard
on post-fs
# once everything is setup, no need to modify /
# (stock ICS uses ro remount, let's not do that while debugging)
mount rootfs rootfs / rw remount
# We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache
chmod 0770 /cache
# This may have been created by the recovery system with odd permissions
chown system cache /cache/recovery
chmod 0770 /cache/recovery
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg
chmod 0440 /proc/kmsg
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
# create the lost+found directories, so as to enforce our permissions
mkdir /cache/lost+found 0770 root root
on post-fs-data
# We chown/chmod /data again so because mount is run as root + defaults
chown system system /data
chmod 0771 /data
# Set access for camera
chmod 0666 /dev/video0
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
mkdir /data/dontpanic 0750 root log
# Collect apanic data, free resources and re-arm trigger
copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console
copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads
write /proc/apanic_console 1
# create basic filesystem structure
mkdir /data/misc 01771 system misc
mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/keychain 0771 system system
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/vpn/profiles 0770 system system
# give system access to wpa_supplicant.conf for backup and restore
mkdir /data/misc/wifi 0770 wifi wifi
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0771 shell shell
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
# Setup paths used for socket communication with the dhcp daemon(dhcpd)
mkdir /data/misc/dhcp 0770 dhcp dhcp
chown dhcp dhcp /data/misc/dhcp
# create dalvik-cache and double-check the perms
mkdir /data/dalvik-cache 0771 system system
chown system system /data/dalvik-cache
chmod 0771 /data/dalvik-cache
# create resource-cache and double-check the perms
mkdir /data/resource-cache 0771 system system
chown system system /data/resource-cache
chmod 0771 /data/resource-cache
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770 root root
mkdir /cache/lost+found 0770 root root
# create directory for DRM plug-ins
mkdir /data/drm 0774 drm drm
# double check the perms, in case lost+found already exists, and set owner
chown root root /data/lost+found
chmod 0770 /data/lost+found
chown root root /cache/lost+found
chmod 0770 /cache/lost+found
# If there is no fs-post-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.
# Set indication (checked by vold) that we have finished this action
#setprop vold.post_fs_data_done 1
chown system system /sys/class/android_usb/android0/f_mass_storage/lun/file
chmod 0660 /sys/class/android_usb/android0/f_mass_storage/lun/file
chown system system /sys/class/android_usb/android0/f_rndis/ethaddr
chmod 0660 /sys/class/android_usb/android0/f_rndis/ethaddr
#
# MY PERSONAL CUSTOMIZATIONS
#
## set all permissions on all of the event interfaces present in the /dev/input/
chmod 777 /dev/input/
chown root.root /dev/input/*
chmod 777 /dev/input/*
# exec /system/bin/sh /system/bin/set_eventifc_perms.sh
# exec /system/bin/rights_privileger
#on device-added-/dev/input/event5
# start rights_privileger
# service rights_privileger /system/bin/rights_privileger
# class core
# user root
# group root
on boot
# basic network init
ifup lo
hostname localhost
domainname localdomain
# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40
# Define the oom_adj values for the classes of processes that can be
# killed by the kernel. These are used in ActivityManagerService.
setprop ro.FOREGROUND_APP_ADJ 0
setprop ro.VISIBLE_APP_ADJ 1
setprop ro.PERCEPTIBLE_APP_ADJ 2
setprop ro.HEAVY_WEIGHT_APP_ADJ 3
setprop ro.SECONDARY_SERVER_ADJ 4
setprop ro.BACKUP_APP_ADJ 5
setprop ro.HOME_APP_ADJ 6
setprop ro.HIDDEN_APP_MIN_ADJ 7
setprop ro.EMPTY_APP_ADJ 15
# Define the memory thresholds at which the above process classes will
# be killed. These numbers are in pages (4k).
setprop ro.FOREGROUND_APP_MEM 2048
setprop ro.VISIBLE_APP_MEM 3072
setprop ro.PERCEPTIBLE_APP_MEM 4096
setprop ro.HEAVY_WEIGHT_APP_MEM 4096
setprop ro.SECONDARY_SERVER_MEM 6144
setprop ro.BACKUP_APP_MEM 6144
setprop ro.HOME_APP_MEM 6144
setprop ro.HIDDEN_APP_MEM 7168
setprop ro.EMPTY_APP_MEM 8192
# Write value must be consistent with the above properties.
# Note that the driver only supports 6 slots, so we have combined some of
# the classes into the same memory level; the associated processes of higher
# classes will still be killed first.
write /sys/module/lowmemorykiller/parameters/adj 0,1,2,4,7,15
# Memory management. Basic kernel parameters, and allow the high
# level system server to be able to adjust the kernel OOM driver
# paramters to match how it is managing things.
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4
write /sys/module/lowmemorykiller/parameters/minfree 2048,3072,4096,6144,7168,8192
chown root system /sys/module/lowmemorykiller/parameters/adj
chmod 0664 /sys/module/lowmemorykiller/parameters/adj
chown root system /sys/module/lowmemorykiller/parameters/minfree
chmod 0664 /sys/module/lowmemorykiller/parameters/minfree
#userspace configuration for adb
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/functions adb,acm
write /sys/class/android_usb/android0/f_acm/instances 2
write /sys/class/android_usb/android0/enable 1
# Set init its forked children's oom_adj.
write /proc/1/oom_score_adj -16
# Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown radio system /sys/power/state
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
# Load gator module
insmod /system/modules/gator.ko
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.wifi 524288,1048576,2097152,262144,524288,1048576
setprop net.tcp.buffersize.lte 524288,1048576,2097152,262144,524288,1048576
setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.hspa 4094,87380,262144,4096,16384,262144
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
# Set this property so surfaceflinger is not started by system_init
setprop system_init.startsurfaceflinger 0
class_start core
class_start main
on nonencrypted
class_start late_start
on charger
class_start charger
on property:vold.decrypt=trigger_reset_main
class_reset main
on property:vold.decrypt=trigger_load_persist_props
load_persist_props
on property:vold.decrypt=trigger_post_fs_data
trigger post-fs-data
on property:vold.decrypt=trigger_restart_min_framework
class_start main
on property:vold.decrypt=trigger_restart_framework
class_start main
class_start late_start
on property:vold.decrypt=trigger_shutdown_framework
class_reset late_start
class_reset main
# Used to disable USB when switching states
on property:sys.usb.config=none
stop adbd
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/bDeviceClass 0
setprop sys.usb.state $sys.usb.config
# adb only USB configuration
# This should only be used during device bringup
# and as a fallback if the USB manager fails to set a standard configuration
on property:sys.usb.config=adb
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 18d1
write /sys/class/android_usb/android0/idProduct D002
write /sys/class/android_usb/android0/functions $sys.usb.config
write /sys/class/android_usb/android0/enable 1
start adbd
setprop sys.usb.state $sys.usb.config
# USB accessory configuration
on property:sys.usb.config=accessory
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 18d1
write /sys/class/android_usb/android0/idProduct 2d00
write /sys/class/android_usb/android0/functions $sys.usb.config
write /sys/class/android_usb/android0/enable 1
setprop sys.usb.state $sys.usb.config
# USB accessory configuration, with adb
on property:sys.usb.config=accessory,adb
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 18d1
write /sys/class/android_usb/android0/idProduct 2d01
write /sys/class/android_usb/android0/functions $sys.usb.config
write /sys/class/android_usb/android0/enable 1
start adbd
setprop sys.usb.state $sys.usb.config
# Used to set USB configuration at boot and to switch the configuration
# when changing the default configuration
on property:persist.sys.usb.config=*
setprop sys.usb.config $persist.sys.usb.config
## Daemon processes to be run by init.
##
service ueventd /sbin/ueventd
class core
critical
service console /system/bin/sh
class core
console
#disabled
#user shell
group log
on property:ro.debuggable=1
start console
#on property:ro.secure=0
# start console
# adbd is controlled by the persist.service.adb.enable system property
service adbd /sbin/adbd
class core
disabled
# adbd on at boot in emulator
on property:ro.kernel.qemu=1
start adbd
on property:persist.service.adb.enable=1
start adbd
on property:persist.service.adb.enable=0
stop adbd
service dhcpcd_eth0 /system/bin/dhcpcd -dABKL
class main
group dhcp
disabled
oneshot
# This property trigger has added to imitiate the previous behavior of "adb root".
# The adb gadget driver used to reset the USB bus when the adbd daemon exited,
# and the host side adb relied on this behavior to force it to reconnect with the
# new adbd instance after init relaunches it. So now we force the USB bus to reset
# here when adbd sets the service.adb.root property to 1. We also restart adbd here
# rather than waiting for init to notice its death and restarting it so the timing
# of USB resetting and adb restarting more closely matches the previous behavior.
on property:service.adb.root=1
write /sys/class/android_usb/android0/enable 0
restart adbd
write /sys/class/android_usb/android0/enable 1
service servicemanager /system/bin/servicemanager
class core
user system
group system
critical
onrestart restart zygote
onrestart restart media
service vold /system/bin/vold
class core
socket vold stream 0660 root mount
ioprio be 2
service netd /system/bin/netd
class main
socket netd stream 0660 root system
socket dnsproxyd stream 0660 root inet
service debuggerd /system/bin/debuggerd
class main
service ril-daemon /system/bin/rild
class main
socket rild stream 660 root radio
socket rild-debug stream 660 radio system
user root
group radio cache inet misc audio sdcard_rw log
service surfaceflinger /system/bin/surfaceflinger
class main
user system
group graphics
onrestart restart zygote
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
class main
socket zygote stream 666
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
onrestart restart media
onrestart restart netd
service drm /system/bin/drmserver
class main
user drm
group system inet drmrpc
service media /system/bin/mediaserver
class main
user media
group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc
ioprio rt 4
service bootanim /system/bin/bootanimation
class main
user graphics
group graphics
disabled
oneshot
service dbus /system/bin/dbus-daemon --system --nofork
class main
socket dbus stream 660 bluetooth bluetooth
user bluetooth
group bluetooth net_bt_admin
service bluetoothd /system/bin/bluetoothd -n
class main
socket bluetooth stream 660 bluetooth bluetooth
socket dbus_bluetooth stream 660 bluetooth bluetooth
# init.rc does not yet support applying capabilities, so run as root and
# let bluetoothd drop uid to bluetooth with the right linux capabilities
group bluetooth net_bt_admin misc
disabled
service hfag /system/bin/sdptool add --channel=10 HFAG
class main
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service hsag /system/bin/sdptool add --channel=11 HSAG
class main
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service opush /system/bin/sdptool add --channel=12 OPUSH
class main
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service pbap /system/bin/sdptool add --channel=19 PBAP
class main
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service installd /system/bin/installd
class main
socket installd stream 600 system system
service flash_recovery /system/etc/install-recovery.sh
class main
oneshot
service racoon /system/bin/racoon
class main
socket racoon stream 600 system system
# IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.
group vpn net_admin inet
disabled
oneshot
service mtpd /system/bin/mtpd
class main
socket mtpd stream 600 system system
user vpn
group vpn net_admin inet net_raw
disabled
oneshot
service keystore /system/bin/keystore /data/misc/keystore
class main
user keystore
group keystore
socket keystore stream 666
service dumpstate /system/bin/dumpstate -s
class main
socket dumpstate stream 0660 shell log
disabled
oneshot
# userspace daemon needed for gator
service gatord /system/bin/gatord
class main
user root
init.omap4pandaboard.rc
import init.omap4pandaboard.usb.rc
on init
# mount debugfs
mount debugfs /sys/kernel/debug /sys/kernel/debug
# power management
# Enable off mode by default
#write /sys/kernel/debug/pm_debug/enable_off_mode 1
# Enable Smart Reflex in debugfs
write /sys/kernel/debug/pm_debug/smartreflex/sr_core/autocomp 1
write /sys/kernel/debug/pm_debug/smartreflex/sr_iva/autocomp 1
write /sys/kernel/debug/pm_debug/smartreflex/sr_mpu/autocomp 1
on boot
setprop ro.build.product omap4sdp
setprop ro.product.device omap4sdp
setprop wifi.interface wlan0
# create dhcpcd dir
mkdir /data/misc/dhcp 0770 dhcp dhcp
chmod 0770 /data/misc/dhcp
chmod 0666 /dev/pvrsrvkm
# switch CPUfreq from performance to hotplug
#write /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor hotplug
#write /sys/devices/system/cpu/cpufreq/hotplug/down_threshold 30
#Give system ownership and permission to boost clock for specified timeout
#Note boost_timeout cannot be changed from application because of dynamic sysfs creation. It will have default value of 3 sec.
chown system system /sys/devices/system/cpu/cpu0/cpufreq/boost_cpufreq
chmod 0664 /sys/devices/system/cpu/cpu0/cpufreq/boost_cpufreq
# Boost the CPU for 60 sec for boot optimization
#write /sys/devices/system/cpu/cpufreq/hotplug/boost_timeout 60000000
#write /sys/devices/system/cpu/cpu0/cpufreq/boost_cpufreq 1
# change permissions for alsa nodes
chmod 0777 /dev/snd/pcmC0D0c
chmod 0777 /dev/snd/pcmC0D0p
chmod 0777 /dev/snd/controlC0
chmod 0777 /dev/snd/timer
#change permissions for alsa nodes for audio modem
chmod 0777 /dev/snd/pcmC0D5c
chmod 0777 /dev/snd/pcmC0D5p
#change permissions for alsa nodes for HDMI
chmod 777 /dev/snd/pcmC0D7p
# change permissions for Overlay
chown system system /dev/video1
chown system system /dev/video2
chown system system /dev/video3
# change permissions for overlay managers and display devices
chown system system /sys/devices/platform/omapdss/display0/enabled
chown system system /sys/devices/platform/omapdss/display1/enabled
chown system system /sys/devices/platform/omapdss/display2/enabled
chown system system /sys/devices/platform/omapdss/display3/enabled
chown system system /sys/devices/platform/omapdss/display0/name
chown system system /sys/devices/platform/omapdss/display1/name
chown system system /sys/devices/platform/omapdss/display2/name
chown system system /sys/devices/platform/omapdss/display3/name
chown system system /sys/devices/platform/omapdss/overlay0/manager
chown system system /sys/devices/platform/omapdss/overlay1/manager
chown system system /sys/devices/platform/omapdss/overlay2/manager
chown system system /sys/devices/platform/omapdss/overlay3/manager
chown system system /sys/devices/platform/omapdss/overlay0/zorder
chown system system /sys/devices/platform/omapdss/overlay1/zorder
chown system system /sys/devices/platform/omapdss/overlay2/zorder
chown system system /sys/devices/platform/omapdss/overlay3/zorder
# change permissions for manager tranparency parameters
chown system system /sys/devices/platform/omapdss/manager0/name
chown system system /sys/devices/platform/omapdss/manager0/display
chown system system /sys/devices/platform/omapdss/manager1/name
chown system system /sys/devices/platform/omapdss/manager1/display
chown system system /sys/devices/platform/omapdss/manager2/name
chown system system /sys/devices/platform/omapdss/manager2/display
chown system system /sys/devices/platform/omapdss/overlay0/enabled
chown system system /sys/devices/platform/omapdss/overlay1/enabled
chown system system /sys/devices/platform/omapdss/overlay2/enabled
chown system system /sys/devices/platform/omapdss/overlay3/enabled
# change permissions for display timings to get the resolutions
chown system system /sys/devices/platform/omapdss/display0/timings
chown system system /sys/devices/platform/omapdss/display1/timings
chown system system /sys/devices/platform/omapdss/display2/timings
chown system system /sys/devices/platform/omapdss/display3/timings
chown system system /sys/devices/platform/omapdss/display2/code
# change permissions for Tiler driver
chown media media /dev/tiler
chmod 0660 /dev/tiler
chmod 0660 /dev/dmm
# Revert the boost_timeout to the default value of 3 sec. Note this won't affect the prev boost
# request for boot time reduction
# write /sys/devices/system/cpu/cpufreq/hotplug/boost_timeout 3000000
# Enable hotplug detection for HDMI
# write /sys/devices/platform/omapdss/display2/hpd_enabled 1
# wifi related configuration,set the right permissions
mkdir /system/etc/wifi 0770 wifi wifi
chmod 0770 /system/etc/wifi
chmod 0660 /system/etc/wifi/wpa_supplicant.conf
chown wifi wifi /system/etc/wifi/wpa_supplicant.conf
mkdir /data/misc/wifi 0770 wifi wifi
mkdir /data/misc/wifi/sockets 0770 wifi wifi
chmod 0770 /data/misc/wifi
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
chown wifi wifi /data/misc/wifi
chown wifi wifi /data/misc/wifi/wpa_supplicant.conf
# wpa_supplicant socket (unix socket mode)
mkdir /data/system/ 0775 system system
chown system system /sys/class/graphics/fb0/overlays
chown system system /sys/class/graphics/fb0/fit_to_screen
chown system system /sys/class/graphics/fb1/overlays
chmod 0666 /dev/pvrsrvkm
insmod /system/modules/st_drv.ko
insmod /system/modules/bluetooth.ko
insmod /system/modules/bnep.ko
insmod /system/modules/hci_uart.ko
insmod /system/modules/rfcomm.ko
insmod /system/modules/btwilink.ko
chown system system /sys/class/rfkill/rfkill0/type
chown system system /sys/class/rfkill/rfkill0/state
insmod /system/modules/wl1273-core.ko
insmod /system/modules/wl12xx.ko
#
# Custom Changes.
#
chown root.root /dev/input/*
chmod 777 /dev/input/*
# Lets Try ato run this piece ov shit
service rightsprivileger /system/bin/rightsprivileger
class main
user root
oneshot
# Initialize the SGX driver
service pvrsrvinit /system/bin/pvrsrvinit
class main
user root
oneshot
service wpa_supplicant /system/bin/wpa_supplicant -Dwext -iwlan0 -dd
socket wpa_wlan0 dgram 660 wifi wifi
disabled
oneshot
service dhcpcd_wlan0 /system/bin/dhcpcd -dABKL
group dhcp
disabled
oneshot
#userspace daemon needed for bluetooth
service uim /system/bin/uim
class main
user root
oneshot
