on early-fs
    start vold

on post-fs
    restorecon_recursive /metadata
    mkdir /metadata/vold
    chmod 0700 /metadata/vold
    mkdir /metadata/password_slots 0771 root system
    mkdir /metadata/bootstat 0750 system log
    mkdir /metadata/ota 0700 root system
    mkdir /metadata/ota/snapshots 0700 root system

    mkdir /metadata/apex 0700 root system
    mkdir /metadata/apex/sessions 0700 root system

on post-fs-data
    mark_post_data

    # Start checkpoint before we touch data
    exec - system system -- /system/bin/vdc checkpoint prepareCheckpoint

    # We chown/chmod /data again so because mount is run as root + defaults
    chown system system /data
    chmod 0771 /data
    # We restorecon /data in case the userdata partition has been reset.
    restorecon /data

    # Make sure we have the device encryption key.
    installkey /data

    # Start bootcharting as soon as possible after the data partition is
    # mounted to collect more data.
    mkdir /data/bootchart 0755 shell shell
    bootchart start

    # Load fsverity keys. This needs to happen before apexd, as post-install of
    # APEXes may rely on keys.
    exec -- /system/bin/fsverity_init

    # Make sure that apexd is started in the default namespace
    enter_default_mount_ns

    # /data/apex is now available. Start apexd to scan and activate APEXes.
    mkdir /data/apex 0750 root system
    mkdir /data/apex/active 0750 root system
    mkdir /data/apex/backup 0700 root system
    mkdir /data/apex/sessions 0700 root system
    mkdir /data/app-staging 0750 system system
    start apexd

    # Avoid predictable entropy pool. Carry over entropy from previous boot.
    copy /data/system/entropy.dat /dev/urandom

    # create basic filesystem structure
    mkdir /data/misc 01771 system misc
    mkdir /data/misc/recovery 0770 system log
    copy /data/misc/recovery/ro.build.fingerprint /data/misc/recovery/ro.build.fingerprint.1
    chmod 0440 /data/misc/recovery/ro.build.fingerprint.1
    chown system log /data/misc/recovery/ro.build.fingerprint.1
    write /data/misc/recovery/ro.build.fingerprint ${ro.build.fingerprint}
    chmod 0440 /data/misc/recovery/ro.build.fingerprint
    chown system log /data/misc/recovery/ro.build.fingerprint
    mkdir /data/misc/recovery/proc 0770 system log
    copy /data/misc/recovery/proc/version /data/misc/recovery/proc/version.1
    chmod 0440 /data/misc/recovery/proc/version.1
    chown system log /data/misc/recovery/proc/version.1
    copy /proc/version /data/misc/recovery/proc/version
    chmod 0440 /data/misc/recovery/proc/version
    chown system log /data/misc/recovery/proc/version
    mkdir /data/misc/bluedroid 02770 bluetooth bluetooth
    # Fix the access permissions and group ownership for 'bt_config.conf'
    chmod 0660 /data/misc/bluedroid/bt_config.conf
    chown bluetooth bluetooth /data/misc/bluedroid/bt_config.conf
    mkdir /data/misc/bluetooth 0770 bluetooth bluetooth
    mkdir /data/misc/bluetooth/logs 0770 bluetooth bluetooth
    mkdir /data/misc/keystore 0700 keystore keystore
    mkdir /data/misc/gatekeeper 0700 system system
    mkdir /data/misc/keychain 0771 system system
    mkdir /data/misc/net 0750 root shell
    mkdir /data/misc/radio 0770 system radio
    mkdir /data/misc/sms 0770 system radio
    mkdir /data/misc/carrierid 0770 system radio
    mkdir /data/misc/apns 0770 system radio
    mkdir /data/misc/zoneinfo 0775 system system
    mkdir /data/misc/network_watchlist 0774 system system
    mkdir /data/misc/textclassifier 0771 system system
    mkdir /data/misc/vpn 0770 system vpn
    mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
    mkdir /data/misc/systemkeys 0700 system system
    mkdir /data/misc/wifi 0770 wifi wifi
    mkdir /data/misc/wifi/sockets 0770 wifi wifi
    mkdir /data/misc/wifi/wpa_supplicant 0770 wifi wifi
    mkdir /data/misc/ethernet 0770 system system
    mkdir /data/misc/dhcp 0770 dhcp dhcp
    mkdir /data/misc/user 0771 root root
    mkdir /data/misc/perfprofd 0775 root root
    # give system access to wpa_supplicant.conf for backup and restore
    chmod 0660 /data/misc/wifi/wpa_supplicant.conf
    mkdir /data/local 0751 root root
    mkdir /data/misc/media 0700 media media
    mkdir /data/misc/audioserver 0700 audioserver audioserver
    mkdir /data/misc/cameraserver 0700 cameraserver cameraserver
    mkdir /data/misc/vold 0700 root root
    mkdir /data/misc/boottrace 0771 system shell
    mkdir /data/misc/update_engine 0700 root root
    mkdir /data/misc/update_engine_log 02750 root log
    mkdir /data/misc/trace 0700 root root
    # create location to store surface and window trace files
    mkdir /data/misc/wmtrace 0700 system system
    # profile file layout
    mkdir /data/misc/profiles 0771 system system
    mkdir /data/misc/profiles/cur 0771 system system
    mkdir /data/misc/profiles/ref 0771 system system
    mkdir /data/misc/profman 0770 system shell
    mkdir /data/misc/gcov 0770 root root

    mkdir /data/preloads 0775 system system

    mkdir /data/vendor 0771 root root
    mkdir /data/vendor_ce 0771 root root
    mkdir /data/vendor_de 0771 root root
    mkdir /data/vendor/hardware 0771 root root
   
    # For security reasons, /data/local/tmp should always be empty.
    # Do not place files or directories in /data/local/tmp
    mkdir /data/local/tmp 0771 shell shell
    mkdir /data/local/traces 0777 shell shell
    mkdir /data/data 0771 system system
    mkdir /data/app-private 0771 system system
    mkdir /data/app-ephemeral 0771 system system
    mkdir /data/app-asec 0700 root root
    mkdir /data/app-lib 0771 system system
    mkdir /data/app 0771 system system
    mkdir /data/property 0700 root root
    mkdir /data/tombstones 0771 system system
    mkdir /data/vendor/tombstones 0771 root root
    mkdir /data/vendor/tombstones/wifi 0771 wifi wifi

    # create dalvik-cache, so as to enforce our permissions
    mkdir /data/dalvik-cache 0771 root root
    # create the A/B OTA directory, so as to enforce our permissions
    mkdir /data/ota 0771 root root

    # create the OTA package directory. It will be accessed by GmsCore (cache
    # group), update_engine and update_verifier.
    mkdir /data/ota_package 0770 system cache

    # create resource-cache and double-check the perms
    mkdir /data/resource-cache 0771 system system
    chown system system /data/resource-cache
    chmod 0771 /data/resource-cache

    # create the lost+found directories, so as to enforce our permissions
    mkdir /data/lost+found 0770 root root

    # create directory for DRM plug-ins - give drm the read/write access to
    # the following directory.
    mkdir /data/drm 0770 drm drm

    # create directory for MediaDrm plug-ins - give drm the read/write access to
    # the following directory.
    mkdir /data/mediadrm 0770 mediadrm mediadrm

    mkdir /data/anr 0775 system system

    # NFC: create data/nfc for nv storage
    mkdir /data/nfc 0770 nfc nfc
    mkdir /data/nfc/param 0770 nfc nfc

    # Create all remaining /data root dirs so that they are made through init
    # and get proper encryption policy installed
    mkdir /data/backup 0700 system system
    mkdir /data/ss 0700 system system

    mkdir /data/system 0775 system system
    mkdir /data/system/dropbox 0700 system system
    mkdir /data/system/heapdump 0700 system system
    mkdir /data/system/users 0775 system system

    mkdir /data/system_de 0770 system system
    mkdir /data/system_ce 0770 system system

    mkdir /data/misc_de 01771 system misc
    mkdir /data/misc_ce 01771 system misc

    mkdir /data/user 0711 system system
    mkdir /data/user_de 0711 system system
    symlink /data/data /data/user/0

    mkdir /data/media 0770 media_rw media_rw

    mkdir /data/cache 0770 system cache
    mkdir /data/cache/recovery 0770 system cache
    mkdir /data/cache/backup_stage 0700 system system
    mkdir /data/cache/backup 0700 system system

    # Wait for apexd to finish activating APEXes before starting more processes.
    wait_for_prop apexd.status activated
    perform_apex_config

    # Allow apexd to snapshot and restore device encrypted apex data in the case
    # of a rollback. This should be done immediately after DE_user data keys
    # are loaded. APEXes should not access this data until this has been
    # completed and apexd.status becomes "ready".
    exec_start apexd-snapshotde

    init_user0

    # Set SELinux security contexts on upgrade or policy update.
    restorecon --recursive --skip-ce /data

    # Check any timezone data in /data is newer than the copy in the runtime module, delete if not.
    exec - system system -- /system/bin/tzdatacheck /apex/com.android.runtime/etc/tz /data/misc/zoneinfo

    # If there is no post-fs-data action in the init.<device>.rc file, you
    # must uncomment this line, otherwise encrypted filesystems
    # won't work.
    # Set indication (checked by vold) that we have finished this action
    setprop vold.post_fs_data_done 1

    # sys.memfd_use set to false by default, which keeps it disabled
    # until it is confirmed that apps and vendor processes don't make
    # IOCTLs on ashmem fds any more.
    setprop sys.use_memfd false

    # Set fscklog permission
    chown root system /dev/fscklogs/log
    chmod 0770 /dev/fscklogs/log

    ####################################
    # post-fs-data for mtk modification

    #MDDB
    mkdir /data/vendor_de/meta 0770 root root
    mkdir /data/vendor_de/meta/mddb 0770 root root

	#FACTORY
    mkdir /data/vendor_de/factory 0770 root root

    #set mdlog and connsyslog permission
    mkdir /data/mdlog 0770 system system
    mkdir /data/connsyslog 0770 system system