eclass: profiles: accounts: Add `attestation` user and group
Attestation should be able to talk to the TSS via tcsd.
BUG=chromium:348650
TEST=See CL:191727
CQ-DEPEND=CL:191756, CL:191755
Change-Id: I9c7d84385d5396056e5bf9a6e5d6b3eb3e5d2ae7
Reviewed-on: https://chromium-review.googlesource.com/191754
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Tested-by: Nam Nguyen <namnguyen@chromium.org>
Commit-Queue: Nam Nguyen <namnguyen@chromium.org>
diff --git a/profiles/base/accounts/group/attestation b/profiles/base/accounts/group/attestation
new file mode 100644
index 0000000..f0bdc7f
--- /dev/null
+++ b/profiles/base/accounts/group/attestation
@@ -0,0 +1,3 @@
+group:attestation
+gid:247
+users:attestation
diff --git a/profiles/base/accounts/group/tss b/profiles/base/accounts/group/tss
index ac2560e..799a18e 100644
--- a/profiles/base/accounts/group/tss
+++ b/profiles/base/accounts/group/tss
@@ -1,4 +1,4 @@
group:tss
gid:207
-# Only root and chaps are allowed to talk to the TPM via tcsd.
-users:root,chaps
+# Only root, chaps, and attestation are allowed to talk to the TPM via tcsd.
+users:root,chaps,attestation
diff --git a/profiles/base/accounts/user/attestation b/profiles/base/accounts/user/attestation
new file mode 100644
index 0000000..2016462
--- /dev/null
+++ b/profiles/base/accounts/user/attestation
@@ -0,0 +1,6 @@
+user:attestation
+uid:247
+gid:247
+gecos:Chromium OS attestation daemon runs as this user
+home:/dev/null
+shell:/bin/false
