Skip to content
Advertisement

Meaning of mkdir parameters in Android init.rc

I am trying to understand the following commands:

  1. mkdir /data 0770 root system
  2. mkdir /data 0770 system system
  3. mkdir /data 0770 system room

https://android.googlesource.com/platform/system/core/+/b4d65399fde02280b718e3b5b5cb1464a885c4b0/rootdir/init.rc
Line 58

mkdir is creating the directory,
/data is path,
0770 giving read write permissions to the directory,
root system I don’t know.

Advertisement

Answer

The format is

mkdir <path> [mode] [user] [group]

The path defines which directory has to be created. The mode defines the permissions for the directory. The user and group define who is the owner of the directory. The permissions are relative to the user and the group owning the directory. For example, mkdir /data 0770 root system means the /data directory is owned by the user root and the group system. The root user has read/write/execute permissions (because of the first 7) and the same holds for every user that is a member of the system group (because of the second 7). Every other user has no permissions (because of the last 0). The leading 0 has no special meaning in this case, it just signifies the beginning of an octal number.

The commands that can be used in the init.rc are defined here.

You can also inspect the user and group that owns a directory from the command line, using ls -l:

# ls -l
...
drwxrwx---  45 root system     920 1971-02-01 00:26 data

Since you mentioned security labels: These permissions are unrelated to SE Linux labels. The file permissions are considered Discretionary Access Control (DAC), whereas SE Linux labels are Mandatory Access Control (MAC).

You can inspect the SE Linux label with ls -lZ:

# ls -lZ                                                                                                                                       
...
drwxrwx--x  45 root system u:object_r:system_data_file:s0 920 1971-02-01 00:26 data

So in this case the SE Linux label would be u:object_r:system_data_file:s0. In general, the SE Linux label of a file would not be set dynamically via the init.rc. Rather, the labels are defined statically via the file_contexts file in the SE Linux policy (reference). Newly created files by default inherit the SE Linux label of their parent directory. To apply the label from the policy to a newly created file, the restorecon command can be used, as can be seen e.g. here.

Advertisement