- The kernel starts
/linuxrc as passed via the kernel parameter read from DTS rdinit=/linuxrc, which is a symlink to /bin/busybox.
- busybox, running as an init process, parses
/etc/inittab.
- As part of sysinit loaded from the inittab, fstab filesystems are mounted. At this time, no writable unprotected persistent filesystems are available.
- The last inittab entry at the sysinit level starts
/etc/init.d/rcS.
- /etc/init.d/rcS flattened:
# First create shadow which became the main system shadow file
cp -f /etc/shadow_security /tmp/shadow
# Source configuration from /etc/profile and /etc/profile.d
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/apps/bin:/usr/apps/sbin:/usr/apps/usr/bin:/usr/apps/usr/sbin"
export LD_LIBRARY_PATH="/lib:/lib32:/usr/lib:/usr/lib32:/usr/apps/lib:/usr/apps/lib32:/usr/apps/usr/lib:/usr/apps/usr/lib32"
export PS1="[\u@\h \w] \# "
export EDITOR='/bin/vi'
export env_adb_device_name_prefix="ingenic"
export env_adb_device_use_diffrent_name="y"
umask 022
# Then all services form /etc/init.d/S??* are run, ignoring dangling symlinks (if any). Scripts named "*.sh" are sourced for speed with `. $name`, otherwise are called as `$name start`
start-stop-daemon -S -b -m -p "/var/run/mdev.pid" -x /sbin/mdev -- -df
# initialize /dev/urandom (long script, skipped for simplicity)
mkdir -p /var/run/dbus /var/lock/subsys /tmp/dbus
dbus-uuidgen --ensure || (dbus-daemon --system && touch /var/lock/subsys/dbus-daemon)
mkdir -p /run/network
/sbin/ifup -a
rm -f /etc/dropbear & mkdir -p /etc/dropbear
umask 077 || start-stop-daemon -S -q -p /var/run/dropbear.pid --exec /sbin/dropbear -- -R
# At last `seed.sh` sourced
. /bin/seed.sh
- /bin/seed.sh flattened:
insmod /lib/modules/soc_security.ko
# Mount user data unprotected persistent rw partition
mkdir -p "/usr/data"
fsck -y -t ext4 "/dev/mmcblk0p10"
mount -t ext4 -o sync,data=ordered,barrier=1 "/dev/mmcblk0p10" "/usr/data"
# Upgrade check and upgrade procedure via upgbox is skipped for simplicity
# All files and dirs from "/usr/data/clean_list" are removed with `rm -rf`, then the list file is removed too
ulimit -c unlimited
mkdir -p /usr/data/core
echo "|/bin/core_helper %e" > /proc/sys/kernel/core_pattern
# Decrypt s/n & MAC
dd if="/dev/mmcblk0p2" of=/tmp/sn_mac.bin bs=1 skip=4 count=$(printf "%d" "0x$(head -c4 "/dev/mmcblk0p2")")
base64 -d /tmp/sn_mac.bin /tmp/sn_mac.signed
cmd_sc src=/tmp/sn_mac.signed dst=/tmp/params || halt
chmod 644 /tmp/params
rm -rf /tmp/sn_mac.bin
rm -rf /tmp/sn_mac.signed
# Mount deplibs squashfs
cmd_sc -v src="/dev/mmcblk0p7" || halt
losetup -o 2048 /dev/loop0 "/dev/mmcblk0p7"
mount -t squashfs /dev/loop0 "/usr/deplibs"
# Mount apps unprotected persistent rw partition
mount -t ext4 -o sync,data=ordered,barrier=1 "/dev/mmcblk0p8" "/usr/apps"
# Decrypt Creality supplied apps
mkdir -p /tmp/apps
for app in "alchemistp nexusp onyxp quintusp thirteenthp solusp vectorp mdns"; do
cmd_sc src="/usr/apps/usr/bin/$app.bin" dst="/tmp/apps/$app" || halt
chmod 755 /tmp/apps/$app
done
# Script in V1.0.0.26 checks login permissions based on existence of "/usr/data/permission" and a companion file
# which is encrypted with the same `cmd_sc` and intended to enable root login in "/tmp/shadow".
# This functionality is not available now.
chattr +i /tmp/shadow
date -s "$(cat "/usr/apps/etc/buildtime")"
# Run system services from /usr/apps/etc/init.d/S??*, ignoring dangling symlinks (if any).
# Scripts named "*.sh" are sourced for speed with
# trap - INT QUIT TSTP
# set start
# . $name
# otherwise are called as `$name start`
# This directory is rw and can be altered!
# Run creality services from /usr/apps/etc/init.d/CS??*, ignoring dangling symlinks (if any).
# Scripts named "*.sh" are sourced for speed with
# su -c "trap - INT QUIT TSTP" creality
# su -c "set start" creality
# su -c ". $name" creality
# otherwise are called as `su -c "$name start" creality`
# This directory is rw and can be altered!