# Copyright 2017 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

description   "Start the U2FHID emulation daemon"
author        "chromium-os-dev@chromium.org"

# TODO(crbug.com/770150) also start on device policy creation/update for OOBE.
start on started trunksd
stop on stopping system-services
respawn
# if the job respawns 3 times in 10 seconds, stop trying.
respawn limit 3 10
# Do not respawn if we exited on purpose (e.g. service disabled).
normal exit 0

# Directory containing (u2f|g2f|verbose).force files.
env FORCE_DIR=/var/lib/u2f/force

pre-start script
  mkdir -p /var/lib/whitelist
  # Settings override.
  mkdir -p -m 0700 "${FORCE_DIR}"
end script

# -e creates Network namespace.
# -p creates PID namespace.
# -l creates IPC namespace.
# -r remounts /proc read-only.
# -v enters new mount namespace (allows to change mounts inside jail).
# -n prevents that execve gains privileges.
# --uts creates a new UTS namespace.
# -c 0 don't need any capability.
# -P creates a pivot_root at the target folder.
# -b /,/ mounts / read-only.
# -b /run,/run mount read-only, required for D-Bus.
# -b /dev,/dev required to access /dev/uhid.
# -b ...,/var to read device policies from /var/lib/whitelist/policy.
# -u u2f change user.
# -G inherit u2f supplementary groups (ie policy-readers)
# -g bluetooth change group to access /dev/uhid.
script
  force_enabled() {
    [ -f "${FORCE_DIR}/$1.force" ]
  }

  ARGS=""
  force_enabled u2f && ARGS="${ARGS} --force_u2f"
  force_enabled g2f && ARGS="${ARGS} --force_g2f"
  force_enabled user_keys && ARGS="${ARGS} --user_keys"
  force_enabled allowlist_data && ARGS="${ARGS} --g2f_allowlist_data"
  force_enabled verbose && ARGS="${ARGS} --verbose"

  # u2fd needs access /dev/uhid to create a new virtual USBHID device.
  exec minijail0 -e -p -l -r -v -n --uts -c 0 -Kslave                \
               --profile=minimalistic-mountns                        \
               -k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC'    \
               -k 'tmpfs,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC'    \
               -k '/run/daemon-store/u2f,/run/daemon-store/u2f,none,MS_BIND|MS_REC'  \
               -b /dev/uhid                                          \
               -b /run/dbus                                          \
               -b /var/lib/whitelist                                 \
               -b /var/lib/metrics,,1                                \
               -u u2f -G -g bluetooth -- /usr/bin/u2fd ${ARGS}
end script