blob: e048a93e5300368cf0edb5c849cfdf2cbd0ce5b6 [file] [log] [blame]
# Copyright 2018 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Start rmtfs server"
author ""
env RMTFS_DEV=/dev/qcom_rmtfs_mem1
env RMTFS_DIR=/var/lib/rmtfs
env RMTFS_BOOT_DIR=/var/lib/rmtfs/boot
env SOC_DIR=/sys/devices/platform/soc@0
# qcom-rmtfs-added: One of the devices we need is ready.
# qcom-modem-added: The other device we need is ready.
# syslog: minijail bind mounts /dev/log, which won't exist until syslog starts.
# verify_fsg: is in charge of creating files in ${RMTFS_DIR}
start on started syslog and stopped verify_fsg and ((qcom-rmtfs-added and qcom-modem-added) or rmtfs-early)
stop on starting pre-shutdown
# This service handles modem file system storage requests. Other than
# the connection to the modem itself, it keeps no state. So it should
# be okay, though not preferable, to kill and restart this service.
oom score -100
expect fork
pre-start script
# Make the directory just in case something went weird with verify_fsg
mkdir -p "${RMTFS_BOOT_DIR}"
# Set restrictive permissions. We don't combine this with the mkdir -p
# above (using a "-m 0700") for two reasons:
# a) mkdir -p only applies permissions to the last dir in the chain.
# b) If the dir already exists (maybe an old version of the software
# created it) the permissions won't change.
chmod 0700 "${RMTFS_BOOT_DIR}" "${RMTFS_DIR}"
# The verify_fsg script creates things w/ root. Change to the right owner
chown rmtfs:rmtfs "${RMTFS_BOOT_DIR}" "${RMTFS_DIR}"
for f in modem_fsc modem_fsg modem_fs1 modem_fs2; do
if [ ! -f "${RMTFS_BOOT_DIR}/${f}" ]; then
touch "${RMTFS_BOOT_DIR}/${f}"
chown rmtfs:rmtfs "${RMTFS_BOOT_DIR}/${f}"
# Allow the rmtfs user to control the remoteproc sysfs state file.
chown rmtfs:rmtfs /sys/bus/platform/drivers/qcom-q6v5-mss/[0-9]*/remoteproc/remoteproc*/state
end script
# rmtfs needs CAP_NET_ADMIN to open AF_QIPCRTR socket.
# We provide read-only access to /var, so we can get a read/write bind mount
# for /var/lib/rmtfs/boot.
exec minijail0 --profile=minimalistic-mountns -inNlvr --uts \
-b "${RMTFS_DEV}",,1 -b /sys -b "${SOC_DIR}",,1 \
-k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
-b "${RMTFS_BOOT_DIR}",,1 \
-c cap_net_admin=e -u rmtfs -g rmtfs \
-S /usr/share/policy/rmtfs-seccomp.policy \
-- /usr/bin/rmtfs -so "${RMTFS_BOOT_DIR}"