| # Copyright 2021 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "IPP-USB bridge daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| import BUS |
| import DEV |
| import VID |
| import PID |
| instance $BUS:$DEV |
| |
| env IPPUSB_SOCKET_DIR="/run/ippusb" |
| env IPPUSB_USER="ippusb" |
| env IPPUSB_GROUP="ippusb" |
| |
| expect fork |
| kill signal INT |
| respawn |
| |
| pre-start script |
| mkdir -p -m 0710 "${IPPUSB_SOCKET_DIR}" |
| chown "${IPPUSB_USER}:${IPPUSB_GROUP}" "${IPPUSB_SOCKET_DIR}" |
| chmod 0775 "${IPPUSB_SOCKET_DIR}" |
| end script |
| |
| pre-stop script |
| # Remove the socket before stopping ippusb_bridge so that |
| # processes can't make new connections while it is draining |
| # the existing requests. |
| rm -f "${IPPUSB_SOCKET_DIR}/${VID}-${PID}.sock" |
| end script |
| |
| exec minijail0 -ilnNprv -t -e --uts --mount-dev \ |
| -u ippusb -g ippusb -G \ |
| -S /usr/share/policy/ippusb-bridge-seccomp.policy \ |
| -P /mnt/empty \ |
| -b / \ |
| -b /proc \ |
| -b /sys \ |
| -b /dev/log \ |
| -b /dev/bus/usb \ |
| -k 'run,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -b /run/udev \ |
| -b /run/ippusb,/run/ippusb,1 \ |
| -k 'var,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \ |
| -- /usr/bin/ippusb_bridge --upstart \ |
| -d $BUS:$DEV -s $IPPUSB_SOCKET_DIR/$VID-$PID.sock |