| # Copyright 2019 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Run rtanlaytics after the system services start" |
| author "chromium-os-dev@chromium.org" |
| |
| # Stop rtanalytics if system-services are stopped or halt/reboot are started |
| stop on stopping ui |
| |
| # Environment variable for the mount point of the rtanalytics library .so |
| # component to be loaded by the executable. |
| # TODO(chromium:835974): should be capitalized as MOUNT_POINT. Note: This |
| # requires a change in the chrome.mediaPerceptionPrivate implementation. |
| import mount_point |
| |
| # Start rtanalytics with the default loglevel (INFO and above). |
| # Note: the mount point MUST be the first argument to rtanalytics_main. |
| # |
| # Below are used minijail0 arguments and their meaning: |
| # -e: process doesn't need network access |
| # -N: process doesn't need to modify control groups settings |
| # -p -r: process doesn't need to access other processes in the system |
| # -v: process doesn't need access to user mounts |
| # -l: process doesn't use SysV shared memory or IPC |
| # -u -g: run under user and group |
| # -n: process doesn't need new privileges |
| # -S: use seccomp policy restrictions |
| script |
| |
| if [ -z "${mount_point}" ]; then |
| |
| logger -t "${UPSTART_JOB}" \ |
| "Mount point not set!" |
| |
| else |
| |
| # This is the code path used in production. |
| logger -t "${UPSTART_JOB}" "Mount point: ${mount_point}" |
| # Resolves the real path. This protects us from path escapes like ../ |
| mount_point="$(realpath "${mount_point}")" |
| |
| # Only run rtanalytics_main if the mount_point path matches our expectation. |
| case "${mount_point}" in |
| /run/imageloader/*|/opt/google/rta) |
| logger -t "${UPSTART_JOB}" "Valid mount point." |
| export LD_LIBRARY_PATH="${mount_point}" |
| exec minijail0 -e -N -p -r -v -l -G -n -u rtanalytics -g rtanalytics \ |
| -S /usr/share/policy/rtanalytics.policy \ |
| "${mount_point}"/rtanalytics_main \ |
| --base_path="${mount_point}"/ \ |
| --calculator_graph_config_file=guado_autozoom |
| ;; |
| *) |
| logger -t "${UPSTART_JOB}" "Mount point invalid: ${mount_point}" |
| ;; |
| |
| esac |
| |
| fi |
| |
| end script |
| |
| # Wait for analytics process to claim its |
| # D-Bus name before transitioning to started. |
| post-start exec gdbus wait --system --timeout 15 org.chromium.MediaPerception |