diff --git a/aosp/art/build/apex/art.rc b/aosp/art/build/apex/art.rc
new file mode 100644
index 0000000000000000000000000000000000000000..c126813bedd5faf46a30f6041458434a35991ee3
--- /dev/null
+++ b/aosp/art/build/apex/art.rc
@@ -0,0 +1,55 @@
+# Copyright (C) 2023 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# A service that handles dexopt. See art/artd/README.md. It's a lazy service
+# that is started and stopped dynamically as needed.
+service artd /apex/com.android.art/bin/artd
+    interface aidl artd
+    disabled  # Prevents the service from automatically starting at boot.
+    oneshot  # Prevents the service from automatically restarting each time it is stopped.
+    class core
+    user artd
+    group artd
+    capabilities DAC_OVERRIDE FOWNER CHOWN
+
+# Same as above, but for Pre-reboot Dexopt. It runs in a chroot environment that
+# is set up by dexopt_chroot_setup. It's a lazy service that is started and
+# stopped dynamically as needed.
+service artd_pre_reboot /apex/com.android.art/bin/art_exec --chroot=/mnt/pre_reboot_dexopt -- /apex/com.android.art/bin/artd --pre-reboot
+    interface aidl artd_pre_reboot
+    disabled  # Prevents the service from automatically starting at boot.
+    oneshot  # Prevents the service from automatically restarting each time it is stopped.
+    class core
+    user artd
+    group artd
+    capabilities DAC_OVERRIDE FOWNER CHOWN SYS_CHROOT
+    seclabel u:r:artd:s0
+
+# A service that sets up the chroot environment for Pre-reboot Dexopt. See
+# art/dexopt_chroot_setup/README.md. It's a lazy service that is started and
+# stopped dynamically as needed.
+service dexopt_chroot_setup /apex/com.android.art/bin/dexopt_chroot_setup
+    interface aidl dexopt_chroot_setup
+    disabled  # Prevents the service from automatically starting at boot.
+    oneshot  # Prevents the service from automatically restarting each time it is stopped.
+    class core
+    user artd
+    group artd
+
+# Run at boot in Android U and later.
+service art_boot /apex/com.android.art/bin/art_boot
+    disabled  # Started explicitly from system/core/rootdir/init.rc
+    oneshot
+    class core
+    user root
diff --git a/aosp/external/perfetto/heapprofd.rc b/aosp/external/perfetto/heapprofd.rc
new file mode 100644
index 0000000000000000000000000000000000000000..b057a23489b522712a11923216baf280fe69820c
--- /dev/null
+++ b/aosp/external/perfetto/heapprofd.rc
@@ -0,0 +1,53 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+service heapprofd /system/bin/heapprofd
+    class late_start
+    disabled
+    socket heapprofd stream 0666 root root
+    user nobody
+    group nobody readproc
+    # By default, this  daemon is idle. When profiling an app, we should unwind
+    # as fast as possible in the interest of the app being profiled.
+    task_profiles ProcessCapacityHigh
+    onrestart exec_background - nobody shell -- /system/bin/heapprofd --cleanup-after-crash
+    # DAC_READ_SEARCH is denied by SELinux on user builds because the SELinux
+    # permission is userdebug_or_eng only.
+    capabilities KILL
+
+# Allow to start a second heapprofd. We can use that one to profile the
+# primary one. See src/memory/profiling/README.md.
+service heapprofd_secondary /system/bin/heapprofd
+    disabled
+    oneshot
+    socket heapprofd stream 0666 root root
+    user nobody
+    group nobody readproc
+    # By default, this  daemon is idle. When profiling an app, we should unwind
+    # as fast as possible in the interest of the app being profiled.
+    task_profiles ProcessCapacityHigh
+    # DAC_READ_SEARCH is denied by SELinux on user builds because the SELinux
+    # permission is userdebug_or_eng only.
+    capabilities KILL
+
+on property:persist.heapprofd.enable=1
+    start heapprofd
+
+on property:traced.lazy.heapprofd=1
+    start heapprofd
+
+on property:persist.heapprofd.enable="" && property:traced.lazy.heapprofd=""
+    stop heapprofd
+
+on property:persist.heapprofd.enable=0
+    setprop persist.heapprofd.enable ""
diff --git a/aosp/external/perfetto/perfetto.rc b/aosp/external/perfetto/perfetto.rc
new file mode 100644
index 0000000000000000000000000000000000000000..c2c09e119956cb75cdeb50cf77233d76be904058
--- /dev/null
+++ b/aosp/external/perfetto/perfetto.rc
@@ -0,0 +1,157 @@
+# Copyright (C) 2017 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+service traced /system/bin/traced
+    class late_start
+    disabled
+    socket traced_consumer stream 0666 root root
+    socket traced_producer stream 0666 root root
+    user nobody
+    group nobody
+    task_profiles ProcessCapacityHigh
+
+service traced_probes /system/bin/traced_probes
+    class late_start
+    disabled
+    user nobody
+    # Despite the "log" group below, traced_probes is allowed to read log
+    # only on userdebug/eng via selinux (see traced_probes.te).
+    group nobody readproc log readtracefs
+    task_profiles ProcessCapacityHigh
+    # Clean up procfs configuration even if traced_probes crashes
+    # unexpectedly.
+    onrestart exec_background - nobody shell -- /system/bin/traced_probes --cleanup-after-crash
+    file /dev/kmsg w
+
+on property:persist.device_config.global_settings.sys_traced=1
+    setprop persist.traced.enable 1
+
+on property:persist.device_config.global_settings.sys_traced=0
+    setprop persist.traced.enable 0
+
+on property:debug.atrace.user_initiated=1
+    stop traced_probes
+
+on property:persist.traced.enable=1 && property:debug.atrace.user_initiated=""
+    start traced_probes
+
+on property:persist.traced.enable=1
+    # Trace files need to be:
+    # - Written by either uid:shell or uid:statsd.
+    # - Read by shell and incidentd.
+    mkdir /data/misc/perfetto-traces 0773 root shell
+
+    # Traces in this directory are only accessed by dumpstate (read+unlink) and
+    # by the bug reporting UI (ls+getattr).
+    mkdir /data/misc/perfetto-traces/bugreport 0773 root shell
+
+    # Traces in this directory are only accessed by system server
+    mkdir /data/misc/perfetto-traces/profiling 0773 root shell
+
+    # This directory allows shell to save configs file in a place where the
+    # perfetto cmdline client can read then. /data/local/tmp/ isn't safe because
+    # too many other domains can write into that. See b/170404111.
+    mkdir /data/misc/perfetto-configs 0775 root shell
+
+    start traced
+    start traced_probes
+
+on property:persist.traced.enable=0
+    stop traced
+    stop traced_probes
+
+# Reset the Perfetto guard rail state on boot:
+on post-fs-data
+    rm /data/misc/perfetto-traces/.guardraildata
+
+#############################################################################
+#  mm_events - Arms a perfetto trace config that is triggered
+#              on memory pressure (kmem_activity trigger)
+#############################################################################
+
+service mm_events /system/bin/mm_events
+    class late_start
+    disabled
+    oneshot
+    user nobody
+    group nobody
+
+on property:persist.mm_events.enabled=true && property:persist.traced.enable=1
+    restart mm_events   # Restart to reset backoff interval
+
+on property:persist.mm_events.enabled=false
+    stop mm_events
+
+#############################################################################
+#  perfetto_trace_on_boot - Starts a perfetto trace on boot
+#############################################################################
+#
+# There are two separate actions (a trigger action and a start action) to make
+# sure that perfetto_trace_on_boot is started only once on boot (otherwise,
+# whenever persist.debug.perfetto.boottrace=1 is set, perfetto_trace_on_boot
+# would start immediately).
+#
+# persist.debug.perfetto.boottrace=1 can be manually set after boot (to record
+# a trace on the next reboot) and we don't want to immediately start a trace
+# when setting the debug property. So we turn "ro.persistent_properties.ready"
+# into a trigger, and then check whether we should start tracing when the
+# trigger fires.
+on perfetto_maybe_trace_on_boot && property:persist.debug.perfetto.boottrace=1 && property:persist.traced.enable=1
+    setprop persist.debug.perfetto.boottrace ""
+    rm /data/misc/perfetto-traces/boottrace.perfetto-trace
+    # Set by traced after listen()ing on the consumer socket. Without this,
+    # perfetto could try to connect to traced before traced is ready to listen.
+    wait_for_prop sys.trace.traced_started 1
+    start perfetto_trace_on_boot
+
+on property:ro.persistent_properties.ready=true
+    trigger perfetto_maybe_trace_on_boot
+
+service perfetto_trace_on_boot /system/bin/perfetto -c /data/misc/perfetto-configs/boottrace.pbtxt --txt -o /data/misc/perfetto-traces/boottrace.perfetto-trace
+    disabled
+    gentle_kill
+    oneshot
+    user shell
+    group nobody
+
+# This is meant to stop the boot tracing.
+# To use this, add a trigger with mode STOP_TRACING in the configuration used in perfetto_trace_on_boot.
+# Then create a new config which contains `activate_triggers: <trigger name>` where <trigger name> is
+# the name specified in configuration used in perfetto_trace_on_boot.
+on property:sys.boot_completed=1 && property:init.svc.perfetto_trace_on_boot=running
+    exec -- /system/bin/perfetto -c /data/misc/perfetto-configs/stopboottracetrigger.pbtxt --txt
+
+# Forcefully enable select userspace (atrace) tracing categories early into the
+# userspace boot. This is primarily for capturing zygote events without waiting
+# for perfetto daemons or the /data partition.
+on late-init && property:ro.boot.fastboot.boottrace=enabled
+    setprop debug.atrace.tags.enableflags 802922
+
+# disable on boot complete when using textual ftrace tracing without perfetto.
+on property:sys.boot_completed=1 && property:ro.boot.fastboot.boottrace=enabled && property:init.svc.perfetto_trace_on_boot=
+    setprop debug.atrace.tags.enableflags 0
+    write /sys/kernel/debug/tracing/tracing_on 0
+    write /sys/kernel/tracing/tracing_on 0
+
+# These must be set as soon as possible for processes guarded by
+# android.sdk_sysprop_guard to find and cache the memory locations of
+# where these sysprops are stored, particularly SurfaceFlinger which starts
+# very early.
+# TODO(b/281329340): remove this when no longer needed.
+on init
+    setprop debug.perfetto.sdk_sysprop_guard_generation 0
+    setprop debug.hwui.skia_tracing_enabled false
+    setprop debug.hwui.skia_use_perfetto_track_events false
+    setprop debug.renderengine.skia_tracing_enabled false
+    setprop debug.renderengine.skia_use_perfetto_track_events false
diff --git a/aosp/external/perfetto/traced_perf.rc b/aosp/external/perfetto/traced_perf.rc
new file mode 100644
index 0000000000000000000000000000000000000000..cbf53a07c5befdb530705ce055f97a7164cd5e2e
--- /dev/null
+++ b/aosp/external/perfetto/traced_perf.rc
@@ -0,0 +1,47 @@
+# Copyright (C) 2020 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Notes:
+# * socket used for receiving /proc/pid/{maps,mem} file descriptors
+# * readproc group to stat(/proc/pid) to find out UID of processes, and read
+#   /proc/pid/cmdline.
+# * KILL capability for sending BIONIC_SIGNAL_PROFILER.
+# * DAC_READ_SEARCH capability for stack unwinding and on-device symbolization (requires
+#   opening libraries/executables for sections not already mapped in).
+# * foreground task group as unwinding based on minidebug info is a heavyweight action.
+service traced_perf /system/bin/traced_perf
+    class late_start
+    disabled
+    socket traced_perf stream 0666 root root
+    user nobody
+    group nobody readproc readtracefs
+    capabilities KILL
+    task_profiles ProcessCapacityHigh
+
+# Daemon run state:
+# * initially off
+# * |persist.traced_perf.enable| forces daemon to run unconditionally
+# * if kernel doesn't have perf_event_open LSM hooks, daemon is stopped
+# * otherwise, follow |traced.lazy.traced_perf| as an on-demand service
+on property:persist.traced_perf.enable=1
+    start traced_perf
+on property:persist.traced_perf.enable="" && property:sys.init.perf_lsm_hooks=""
+    stop traced_perf
+on property:persist.traced_perf.enable="" && property:sys.init.perf_lsm_hooks=1 && property:traced.lazy.traced_perf=1
+    start traced_perf
+on property:persist.traced_perf.enable="" && property:sys.init.perf_lsm_hooks=1 && property:traced.lazy.traced_perf=""
+    stop traced_perf
+
+on property:persist.traced_perf.enable=0
+    setprop persist.traced_perf.enable ""
diff --git a/aosp/system/core/init/service.cpp b/aosp/system/core/init/service.cpp
index 21dd64a02df1fd9f0006d85881c9dfb4ff76b30b..33286a7bb463f2109f80fab61dc4c7dde30445e8 100644
--- a/aosp/system/core/init/service.cpp
+++ b/aosp/system/core/init/service.cpp
@@ -255,7 +255,7 @@ void Service::SetProcessAttributesAndCaps(InterprocessFifo setsid_finished) {
             PLOG(FATAL) << "cannot setexeccon('" << seclabel_ << "') for " << name_;
         }
     }
-#if 0
+
     if (capabilities_) {
         if (!SetCapsForExec(*capabilities_)) {
             LOG(FATAL) << "cannot set capabilities for " << name_;
@@ -266,7 +266,7 @@ void Service::SetProcessAttributesAndCaps(InterprocessFifo setsid_finished) {
             LOG(FATAL) << "cannot drop inheritable caps for " << name_;
         }
     }
-#endif
+
 }
 
 void Service::Reap(const siginfo_t& siginfo) {
diff --git a/aosp/system/hardware/interfaces/suspend/1.0/default/android.system.suspend-service.rc b/aosp/system/hardware/interfaces/suspend/1.0/default/android.system.suspend-service.rc
new file mode 100644
index 0000000000000000000000000000000000000000..f0065f0a6b9cda73b61e52c04b4c77374f4df2d9
--- /dev/null
+++ b/aosp/system/hardware/interfaces/suspend/1.0/default/android.system.suspend-service.rc
@@ -0,0 +1,4 @@
+service system_suspend /system/bin/hw/android.system.suspend-service
+    class early_hal
+    user system
+    group system wakelock