diagnostics: Add healthd_ec to cros_ec-access
This CL adds a new healthd_ec user and adds it to the cros_ec-access group in order
to allow secure ec info retrieval.
BUG=chromium:978615
TEST=emerge-nami diagnostics
Change-Id: I88749773f607b5312bb9cd958d1deaac826fc58b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/eclass-overlay/+/1814405
Tested-by: Kartik Hegde <khegde@chromium.org>
Commit-Queue: Kartik Hegde <khegde@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/profiles/base/accounts/group/cros_ec-access b/profiles/base/accounts/group/cros_ec-access
index e5f127b..d88d2b8 100644
--- a/profiles/base/accounts/group/cros_ec-access
+++ b/profiles/base/accounts/group/cros_ec-access
@@ -1,6 +1,8 @@
group:cros_ec-access
gid:416
-# This group is to grant rw access to /dev/cros_ec
-# runtime_probe because the runtime_probe binary needs
-# access for probing information w/o being root
-users:runtime_probe
+# This group is to grant rw access of /dev/cros_ec to
+# runtime_probe and healthd_ec because the runtime_probe
+# and cros_healthd_helper (which is invoked by debugd and
+# runs as healthd_ec) binaries need access for probing
+# information w/o being root.
+users:runtime_probe,healthd_ec
diff --git a/profiles/base/accounts/group/healthd_ec b/profiles/base/accounts/group/healthd_ec
new file mode 100644
index 0000000..35a033f
--- /dev/null
+++ b/profiles/base/accounts/group/healthd_ec
@@ -0,0 +1,3 @@
+group:healthd_ec
+gid:20142
+users:healthd_ec
diff --git a/profiles/base/accounts/user/healthd_ec b/profiles/base/accounts/user/healthd_ec
new file mode 100644
index 0000000..33ff3aa
--- /dev/null
+++ b/profiles/base/accounts/user/healthd_ec
@@ -0,0 +1,6 @@
+user:healthd_ec
+uid:20142
+gid:20142
+gecos:User for accessing ectool within debugd.
+home:/dev/null
+shell:/bin/false
