Merge changes I443e733f,If1e89a67,I0481d87a

Options are modifiers to services.  They affect how and when init

runs the service.

`capabilities <capability> [ <capability>\* ]`

> Set capabilities when exec'ing this service. 'capability' should be a Linux

  capability without the "CAP\_" prefix, like "NET\_ADMIN" or "SETPCAP". See

  http://man7.org/linux/man-pages/man7/capabilities.7.html for a list of Linux

  capabilities.

`class <name> [ <name>\* ]`

> Specify class names for the service.  All services in a

  named class may be started or stopped together.  A service

  is in the class "default" if one is not specified via the

  class option. Additional classnames beyond the (required) first

  one are used to group services.

  The `animation` class should include all services necessary for both

  boot animation and shutdown animation. As these services can be

  launched very early during bootup and can run until the last stage

  of shutdown, access to /data partition is not guaranteed. These

  services can check files under /data but it should not keep files opened

  and should work when /data is not available.

`console [<console>]`

> This service needs a console. The optional second parameter chooses a

  specific console instead of the default. The default "/dev/console" can

> This service will not automatically start with its class.

  It must be explicitly started by name.

`setenv <name> <value>`

> Set the environment variable _name_ to _value_ in the launched process.

`socket <name> <type> <perm> [ <user> [ <group> [ <seclabel> ] ] ]`

> Create a unix domain socket named /dev/socket/_name_ and pass its fd to the

  launched process.  _type_ must be "dgram", "stream" or "seqpacket".  User and

  group default to 0.  'seclabel' is the SELinux security context for the

  socket.  It defaults to the service security context, as specified by

  seclabel or computed based on the service executable file security context.

  For native executables see libcutils android\_get\_control\_socket().

`file <path> <type>`

> Open a file path and pass its fd to the launched process. _type_ must be

  "r", "w" or "rw".  For native executables see libcutils

  android\_get\_control\_file().

`user <username>`

> Change to 'username' before exec'ing this service.

  Currently defaults to root.  (??? probably should default to nobody)

  As of Android M, processes should use this option even if they

  require Linux capabilities.  Previously, to acquire Linux

  capabilities, a process would need to run as root, request the

  capabilities, then drop to its desired uid.  There is a new

  mechanism through fs\_config that allows device manufacturers to add

  Linux capabilities to specific binaries on a file system that should

  be used instead. This mechanism is described on

  <http://source.android.com/devices/tech/config/filesystem.html>.  When

  using this new mechanism, processes can use the user option to

  select their desired uid without ever running as root.

  As of Android O, processes can also request capabilities directly in their .rc

  files. See the "capabilities" option below.

`group <groupname> [ <groupname>\* ]`

> Change to 'groupname' before exec'ing this service.  Additional

  groupnames beyond the (required) first one are used to set the

  supplemental groups of the process (via setgroups()).

  Currently defaults to root.  (??? probably should default to nobody)

`capabilities <capability> [ <capability>\* ]`

> Set capabilities when exec'ing this service. 'capability' should be a Linux

  capability without the "CAP\_" prefix, like "NET\_ADMIN" or "SETPCAP". See

  http://man7.org/linux/man-pages/man7/capabilities.7.html for a list of Linux

  capabilities.

`interface <interface name> <instance name>`

> Associates this service with a list of the HIDL services that it provides. The interface name

  must be a fully-qualified name and not a value name. This is used to allow hwservicemanager to

  lazily start services.

  For example: interface vendor.foo.bar@1.0::IBaz default

`setrlimit <resource> <cur> <max>`

> This applies the given rlimit to the service. rlimits are inherited by child

  processes, so this effectively applies the given rlimit to the process tree

  started by this service.

  It is parsed similarly to the setrlimit command specified below.

`ioprio <class> <priority>`

> Sets the IO priority and IO priority class for this service via the SYS_ioprio_set syscall.

  _class_ must be one of "rt", "be", or "idle". _priority_ must be an integer in the range 0 - 7.

`seclabel <seclabel>`

> Change to 'seclabel' before exec'ing this service.

  Primarily for use by services run from the rootfs, e.g. ueventd, adbd.

  Services on the system partition can instead use policy-defined transitions

  based on their file security context.

  If not specified and no transition is defined in policy, defaults to the init context.

`keycodes <keycode> [ <keycode>\* ]`

> Sets the keycodes that will trigger this service. If all of the keys corresponding to the passed

  keycodes are pressed at once, the service will start. This is typically used to start the

  bugreport service.

`memcg.limit_in_bytes <value>`

> Sets the child's memory.limit_in_bytes to the specified value (only if memcg is mounted),

  which must be equal or greater than 0.

`memcg.soft_limit_in_bytes <value>`

> Sets the child's memory.soft_limit_in_bytes to the specified value (only if memcg is mounted),

  which must be equal or greater than 0.

`memcg.swappiness <value>`

> Sets the child's memory.swappiness to the specified value (only if memcg is mounted),

  which must be equal or greater than 0.

`namespace <pid|mnt>`

> Enter a new PID or mount namespace when forking the service.

`oneshot`

> Do not restart the service when it exits.

`class <name> [ <name>\* ]`

> Specify class names for the service.  All services in a

  named class may be started or stopped together.  A service

  is in the class "default" if one is not specified via the

  class option. Additional classnames beyond the (required) first

  one are used to group services.

`animation class`

> 'animation' class should include all services necessary for both

  boot animation and shutdown animation. As these services can be

  launched very early during bootup and can run until the last stage

  of shutdown, access to /data partition is not guaranteed. These

  services can check files under /data but it should not keep files opened

  and should work when /data is not available.

`onrestart`

> Execute a Command (see below) when service restarts.

`writepid <file> [ <file>\* ]`

> Write the child's pid to the given files when it forks. Meant for

  cgroup/cpuset usage. If no files under /dev/cpuset/ are specified, but the

  system property 'ro.cpuset.default' is set to a non-empty cpuset name (e.g.

  '/foreground'), then the pid is written to file /dev/cpuset/_cpuset\_name_/tasks.

`oom_score_adjust <value>`

> Sets the child's /proc/self/oom\_score\_adj to the specified value,

  which must range from -1000 to 1000.

`override`

> Indicates that this service definition is meant to override a previous definition for a service

  with the same name. This is typically meant for services on /odm to override those defined on

  /vendor. The last service definition that init parses with this keyword is the service definition

  will use for this service. Pay close attention to the order in which init.rc files are parsed,

  since it has some peculiarities for backwards compatibility reasons. The 'imports' section of

  this file has more details on the order.

`priority <priority>`

> Scheduling priority of the service process. This value has to be in range

  -20 to 19. Default priority is 0. Priority is set via setpriority().

`namespace <pid|mnt>`

> Enter a new PID or mount namespace when forking the service.

`oom_score_adjust <value>`

> Sets the child's /proc/self/oom\_score\_adj to the specified value,

  which must range from -1000 to 1000.

`memcg.swappiness <value>`

> Sets the child's memory.swappiness to the specified value (only if memcg is mounted),

  which must be equal or greater than 0.

`rlimit <resource> <cur> <max>`

> This applies the given rlimit to the service. rlimits are inherited by child

  processes, so this effectively applies the given rlimit to the process tree

  started by this service.

  It is parsed similarly to the setrlimit command specified below.

`memcg.soft_limit_in_bytes <value>`

> Sets the child's memory.soft_limit_in_bytes to the specified value (only if memcg is mounted),

  which must be equal or greater than 0.

`seclabel <seclabel>`

> Change to 'seclabel' before exec'ing this service.

  Primarily for use by services run from the rootfs, e.g. ueventd, adbd.

  Services on the system partition can instead use policy-defined transitions

  based on their file security context.

  If not specified and no transition is defined in policy, defaults to the init context.

`memcg.limit_in_bytes <value>`

> Sets the child's memory.limit_in_bytes to the specified value (only if memcg is mounted),

  which must be equal or greater than 0.

`setenv <name> <value>`

> Set the environment variable _name_ to _value_ in the launched process.

`shutdown <shutdown_behavior>`

> Set shutdown behavior of the service process. When this is not specified,

  "shutdown critical" will be killed. When the service tagged with "shutdown critical"

  is not running when shut down starts, it will be started.

`socket <name> <type> <perm> [ <user> [ <group> [ <seclabel> ] ] ]`

> Create a unix domain socket named /dev/socket/_name_ and pass its fd to the

  launched process.  _type_ must be "dgram", "stream" or "seqpacket".  User and

  group default to 0.  'seclabel' is the SELinux security context for the

  socket.  It defaults to the service security context, as specified by

  seclabel or computed based on the service executable file security context.

  For native executables see libcutils android\_get\_control\_socket().

`user <username>`

> Change to 'username' before exec'ing this service.

  Currently defaults to root.  (??? probably should default to nobody)

  As of Android M, processes should use this option even if they

  require Linux capabilities.  Previously, to acquire Linux

  capabilities, a process would need to run as root, request the

  capabilities, then drop to its desired uid.  There is a new

  mechanism through fs\_config that allows device manufacturers to add

  Linux capabilities to specific binaries on a file system that should

  be used instead. This mechanism is described on

  <http://source.android.com/devices/tech/config/filesystem.html>.  When

  using this new mechanism, processes can use the user option to

  select their desired uid without ever running as root.

  As of Android O, processes can also request capabilities directly in their .rc

  files. See the "capabilities" option below.

`writepid <file> [ <file>\* ]`

> Write the child's pid to the given files when it forks. Meant for

  cgroup/cpuset usage. If no files under /dev/cpuset/ are specified, but the

  system property 'ro.cpuset.default' is set to a non-empty cpuset name (e.g.

  '/foreground'), then the pid is written to file /dev/cpuset/_cpuset\_name_/tasks.

Triggers

--------

        {"console",     {0,     1,    &Service::ParseConsole}},

        {"critical",    {0,     0,    &Service::ParseCritical}},

        {"disabled",    {0,     0,    &Service::ParseDisabled}},

        {"file",        {2,     2,    &Service::ParseFile}},

        {"group",       {1,     NR_SVC_SUPP_GIDS + 1, &Service::ParseGroup}},

        {"interface",   {2,     2,    &Service::ParseInterface}},

        {"ioprio",      {2,     2,    &Service::ParseIoprio}},

        {"priority",    {1,     1,    &Service::ParsePriority}},

        {"keycodes",    {1,     kMax, &Service::ParseKeycodes}},

        {"memcg.limit_in_bytes",

                        {1,     1,    &Service::ParseMemcgLimitInBytes}},

        {"memcg.soft_limit_in_bytes",

                        {1,     1,    &Service::ParseMemcgSoftLimitInBytes}},

        {"memcg.swappiness",

                        {1,     1,    &Service::ParseMemcgSwappiness}},

        {"namespace",   {1,     2,    &Service::ParseNamespace}},

        {"oneshot",     {0,     0,    &Service::ParseOneshot}},

        {"onrestart",   {1,     kMax, &Service::ParseOnrestart}},

        {"override",    {0,     0,    &Service::ParseOverride}},

        {"oom_score_adjust",

                        {1,     1,    &Service::ParseOomScoreAdjust}},

        {"memcg.swappiness",

                        {1,     1,    &Service::ParseMemcgSwappiness}},

        {"memcg.soft_limit_in_bytes",

                        {1,     1,    &Service::ParseMemcgSoftLimitInBytes}},

        {"memcg.limit_in_bytes",

                        {1,     1,    &Service::ParseMemcgLimitInBytes}},

        {"namespace",   {1,     2,    &Service::ParseNamespace}},

        {"override",    {0,     0,    &Service::ParseOverride}},

        {"priority",    {1,     1,    &Service::ParsePriority}},

        {"rlimit",      {3,     3,    &Service::ParseProcessRlimit}},

        {"seclabel",    {1,     1,    &Service::ParseSeclabel}},

        {"setenv",      {2,     2,    &Service::ParseSetenv}},

        {"shutdown",    {1,     1,    &Service::ParseShutdown}},

        {"socket",      {3,     6,    &Service::ParseSocket}},

        {"file",        {2,     2,    &Service::ParseFile}},

        {"user",        {1,     1,    &Service::ParseUser}},

        {"writepid",    {1,     kMax, &Service::ParseWritepid}},

    };