Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / 8b18df9843338f79d817d4ec6e9c1bfc239dc009 / . / camera / common / init / cros-camera-algo.conf
blob: 99f036da1aa8e7ccd8f010a82a4505a8c74cc1d0 [file] [log] [blame]
# Copyright 2017 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Start camera algorithm service"
author "chromium-os-dev@chromium.org"
start on starting system-services
stop on stopping system-services
expect fork
respawn
respawn limit 10 5
env CHROOT_PATH=/run/camera
env SECCOMP_POLICY_FILE=/usr/share/policy/cros-camera-algo.policy
pre-start script
set -x
# Create directory for mounting /dev/urandom in chroot
mkdir -p "${CHROOT_PATH}"/dev
# Create directory for binding camera configs in chroot
mkdir -p "${CHROOT_PATH}"/etc/camera
# Run the board-specific setup hooks, if any.
sh /etc/camera/setup-hooks-algo.sh || true
end script
post-start script
# Run the board-specific hooks, if any.
sh /etc/camera/post-start-hooks-algo.sh || true
end script
script
# Start constructing minijail0 args...
args=""
# Enter a new mount, network, PID, IPC and cgroup namespace.
args="$args -v -e -p -l -N"
# Change user and group to arc-camera.
args="$args -u arc-camera -g arc-camera"
# Set -i to fork and daemonize an init-like process that Upstart will track
# as the service.
args="$args -i"
# Chroot and mount /usr, /proc, /dev/urandom, and /run/camera.
args="$args -P ${CHROOT_PATH} -k /usr,/usr,none,0x1000"
args="$args -k /proc,/proc,proc,MS_NOSUID|MS_NODEV|MS_NOEXEC"
args="$args -k /dev/urandom,/dev/urandom,none,0x1001"
args="$args -b /run/camera,,1"
args="$args -b /tmp,,1"
args="$args -b /var/cache/camera,,1"
# Mount /run/chromeos-config/v1 for access to chromeos-config.
args="$args -b /run/chromeos-config/v1"
# Mount /dev/log for logging
args="$args -b /dev/log"
# Set RLIMIT_NICE(=13) to 40,40
args="$args -R 13,40,40"
# Only mount /etc/camera if it exists.
if [ -d /etc/camera ]; then
args="$args -b /etc/camera,/etc/camera"
fi
# Drop privileges and set seccomp filter.
args="$args -n -S ${SECCOMP_POLICY_FILE}"
args="$args -- /usr/bin/cros_camera_algo"
exec minijail0 $args
end script