hardware_verifier: add user and group entries. In order to limit the capabilities while calling hardware_verifier binary at upstart job, we add hardware_verifier user/group and invoke binary with minijail. BUG=b:147654337 TEST=emerge-$BOARD hardware_verifier Change-Id: Iaf9baab810749a11440368fc95cc7e7df17145e9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/eclass-overlay/+/2087555 Reviewed-by: Stimim Chen <stimim@chromium.org> Reviewed-by: Chun-ta Lin (ping on chat if not responsive) <itspeter@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Tested-by: Chun-ta Lin (ping on chat if not responsive) <itspeter@chromium.org> Commit-Queue: Clark Chung <ckclark@chromium.org>

commit: 251d37017b1c329a957573556168481d041e1520 [log] [tgz]
author: Clark Chung <clarkchung@google.com> Thu Mar 05 12:30:36 2020 +0800
committer: Commit Bot <commit-bot@chromium.org> Fri Mar 06 23:41:56 2020 +0000
tree: 7cc782a9a0feae33e94657b6dc1ba83de98c9120
parent: e13bdc96dd67549a44829a34ec80c1dda369b287 [diff]
diff --git a/profiles/base/accounts/group/hardware_verifier b/profiles/base/accounts/group/hardware_verifier
new file mode 100644
index 0000000..ad88e19
--- /dev/null
+++ b/profiles/base/accounts/group/hardware_verifier

@@ -0,0 +1,3 @@
+group:hardware_verifier
+gid:417
+users:hardware_verifier

diff --git a/profiles/base/accounts/user/hardware_verifier b/profiles/base/accounts/user/hardware_verifier
new file mode 100644
index 0000000..26b39ce
--- /dev/null
+++ b/profiles/base/accounts/user/hardware_verifier

@@ -0,0 +1,6 @@
+user:hardware_verifier
+uid:417
+gid:417
+gecos:standalone user for running hardware_verifier binary minijailed
+home:/dev/null
+shell:/bin/false
commit	251d37017b1c329a957573556168481d041e1520	[log] [tgz]
author	Clark Chung <clarkchung@google.com>	Thu Mar 05 12:30:36 2020 +0800
committer	Commit Bot <commit-bot@chromium.org>	Fri Mar 06 23:41:56 2020 +0000
tree	7cc782a9a0feae33e94657b6dc1ba83de98c9120
parent	e13bdc96dd67549a44829a34ec80c1dda369b287 [diff]