If a ProbeFunction subtype interacts with the hardware, you probably need to run the function in a separated minijail sandbox. For example, the generic_battery
function has the following files:
Files sandbox/generic_battery.args
and sandbox/${ARCH}/generic_battery-secomp.policy
will be installed under /etc/runtime_probe/sandbox/
in the rootfs.
When evaluating a probe config, the probe config might want to probe battery by using generic_battery
probe function. In this case, GenericBattery::Eval()
will be called. The GenericBattery::Eval()
function calls GenericBattery::InvokeHelper()
(which is inherited from ProbeFunction
base class). The helper function invokes a DBus call, calling method EvaluateProbeFunction
of debugd
. The function will start a sandboxed process (using minijail), which should be equivalent to:
# Check platform2/debugd/src/probe_tool.cc for the up-to-date version. # sandbox/generic_battery.args is a JSON serialized list. ARGS="$(jq -r .[] <"/etc/runtime_probe/sandbox/generic_battery.args")" POLICY="/etc/runtime_probe/sandbox/generic_battery-seccomp.policy" minijail0 \ -v \ -u runtime_probe -g runtime_probe \ -S "${POLICY}" \ -n \ -G \ -P /mnt/empty \ -b / \ -b /proc \ -b /dev/log \ -t \ -r \ -d \ ${ARGS} \ -- \ /usr/bin/runtime_probe_helper \ '{"generic_battery": {}}'
You can use the commands above to test it on your device. If there are permission / policy errors, you can add -L
to get more details about the violation (the blocked system call will be printed to syslog).
Checkout Sandboxing Chrome OS system services to learn more about minijail options.
/usr/bin/runtime_probe_helper
starts in the created sandbox, and the GenericBattery::EvalInHelper()
will be called, which should be the real implementation of the probe function.