diagnostics/init/wilco_dtc_supportd.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2018 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description    "Start the wilco_dtc_supportd daemon"
 author         "chromium-os-dev@chromium.org"

 # Start the wilco_dtc_supportd daemon, which is responsible for collecting
 # telemetry and diagnostics information, and communicating with the wilco_dtc
 # daemon.
 start on starting wilco_dtc_dispatcher
 stop on stopped wilco_dtc_dispatcher

 respawn
 # If the job respawns 3 times in 10 seconds, stop trying.
 respawn limit 3 10

 expect fork

 # Force gRPC to use the native resolver instead of ares.
 # TODO(crbug.com/1044665): Remove once gRPC doesn't use ares resolver for vsock.
 env GRPC_DNS_RESOLVER=native


 # Allow VMODULE_ARG env variable to be sent to the job. If VLOG_PARAMS is set
 # (unset by default), it will be set as a parameter to --vmodule.
 import VMODULE_ARG
 env VMODULE_ARG=

 pre-start script
   # Make sure the vsock module is loaded.
   modprobe -q vhost-vsock

   # Make sure the wilco modules are loaded.
   modprobe -q wilco_ec || true
   modprobe -q wilco_ec_events || true
   modprobe -q wilco_ec_telemetry || true

   # Create a directory for gRPC socket files - see the comment about the jailing
   # parameters below.
   mkdir -p -m 755 /run/wilco_dtc/grpc_sockets

   # Create a directory for observing VPD fields files - see the comment about
   # the jailing parameters below.
   # NOTE: VPD fields files are readable only by wilco_dtc group. Exposing these
   # files to other users would cause a privacy issue.
   VPD_FIELDS_DIR=/run/wilco_dtc/vpd_fields
   mkdir -p -m 550 "${VPD_FIELDS_DIR}"

   # Copy certain VPD fields from the cache into internal directory.
   # Serial Number:
   vpd_get_value "serial_number" > "${VPD_FIELDS_DIR}"/serial_number || true
   vpd_get_value "model_name" > "${VPD_FIELDS_DIR}"/model_name || true
   vpd_get_value "asset_id" > "${VPD_FIELDS_DIR}"/asset_id || true
   vpd_get_value "sku_number" > "${VPD_FIELDS_DIR}"/sku_number || true
   vpd_get_value "uuid_id" > "${VPD_FIELDS_DIR}"/uuid_id || true
   vpd_get_value "mfg_date" > "${VPD_FIELDS_DIR}"/mfg_date || true
   vpd_get_value "ActivateDate" > "${VPD_FIELDS_DIR}"/ActivateDate || true
   vpd_get_value "system_id" > "${VPD_FIELDS_DIR}"/system_id || true

   chown -R wilco_dtc:wilco_dtc /run/wilco_dtc/
 end script

 # Used jailing parameters:
 #   -e: new network namespace;
 #   -i: exit after forking;
 #   -l: new IPC namespace;
 #   -n: the no_new_privs bit;
 #   -p: new PID namespace;
 #   -r: remount /proc readonly;
 #   -t: a new tmpfs filesystem for /tmp;
 #   -v: new VFS namespace;
 #   --uts: new UTS/hostname namespace;
 #   -u, -g: user account and group;
 #   --mount-dev: a new /dev mount;
 #   --profile: minimalistic mount namespace;
 #   -k /run: a new tmpfs filesystem for /run, with the subsequent parameters
 #       mounting specific files into this directory;
 #   -b /run/wilco_dtc/grpc_sockets: shared directory with gRPC socket files,
 #       some of which are owned by wilco_dtc_supportd and some by the wilco_dtc
 #       daemon (note: no other daemon will use this directory);
 #   -b /run/wilco_dtc/vpd_fields: read-only directory with VPD fields value
 #       files;
 #   -b /run/dbus: shared socket file for talking with the D-Bus daemon;
 #   -b /dev/vhost-vsock: allow vhost-vsock access to start vsock gRPC server;
 #   -k /sys: a new tmpfs filesystem for /sys, with the subsequent parameters
 #       mounting specific files into this directory;
 #   -b /sys/class: symlinks to /sys/devices, categorized by device type;
 #   -b /sys/devices: files with devices details exposed by the kernel;
 #   -b /sys/firmware: files with details about ACPI, VPD, DMI/SMBIOS, etc.;
 #   -b /dev/wilco_event0: file with EC events;
 #   -b /dev/wilco_telem0: file with EC telemetry data;
 #   -b /sys/devices/system/cpu: files with CPU C-status information;
 #   -b /proc/diskstats: file with disk statistics;
 #   -b /proc/cpuinfo: file with CPU information;
 #   -b /proc/vmstat: file with virtual memory statistics;
 #   -b /sys/class/backlight/intel_backlight: files with LCD brightness data;
 #   -b /sys/class/net: files with WLAN and Ethernet information;
 #   -b /sys/devices/pci0000:00/0000:00:1f.6/net/: files with onboard Ethernet information;
 #   -b /sys/devices/pci0000:00/0000:00:14.3/net/: files with onboard WLAN information;
 #   -b /sys/class/power_supply/AC: files with charger information;
 #   -b /sys/class/power_supply/wilco-charger: files with charger information;
 #   -b /sys/class/power_supply/wacom_battery_0: files with battery information;
 #   -b /dev/shm: shared memory files for using IPC shared memory buffers for
 #                talking with the browser over Mojo bridge;
 #   -S: apply seccomp filters.
 script
   # Evaluate which directories are present for binding. Do this without starting
   # subshells, to avoid breaking upstart's PID tracking.
   set --
   if [ -e /sys/class/power_supply/BAT0 ]; then
     set -- "$@" -b /sys/class/power_supply/BAT0
   fi
   if [ -e /sys/devices/platform/coretemp.0 ]; then
     set -- "$@" -b /sys/devices/platform/coretemp.0
   fi
   if [ -e /sys/devices/virtual/hwmon ]; then
     set -- "$@" -b /sys/devices/virtual/hwmon
   fi
   if [ -e /sys/devices/virtual/thermal ]; then
     set -- "$@" -b /sys/devices/virtual/thermal
   fi
   if [ -e /sys/firmware/dmi/tables ]; then
     set -- "$@" -b /sys/firmware/dmi/tables
   fi
   if [ -e /dev/wilco_event0 ]; then
     set -- "$@" -b /dev/wilco_event0
   fi
   if [ -e /dev/wilco_telem0 ]; then
     set -- "$@" -b /dev/wilco_telem0
   fi
   if [ -e /sys/devices/system/cpu ]; then
     set -- "$@" -b /sys/devices/system/cpu
   fi
   if [ -e /proc/diskstats ]; then
     set -- "$@" -b /proc/diskstats
   fi
   if [ -e /proc/cpuinfo ]; then
     set -- "$@" -b /proc/cpuinfo
   fi
   if [ -e /proc/vmstat ]; then
     set -- "$@" -b /proc/vmstat
   fi
   if [ -e /sys/class/backlight/intel_backlight ]; then
     set -- "$@" -b /sys/class/backlight/intel_backlight
   fi
   if [ -e /sys/class/net ]; then
     set -- "$@" -b /sys/class/net
   fi
   if [ -e /sys/devices/pci0000:00/0000:00:1f.6/net ]; then
     set -- "$@" -b /sys/devices/pci0000:00/0000:00:1f.6/net
   fi
   if [ -e /sys/devices/pci0000:00/0000:00:14.3/net ]; then
     set -- "$@" -b /sys/devices/pci0000:00/0000:00:14.3/net
   fi
   if [ -e /sys/class/power_supply/AC ]; then
     set -- "$@" -b /sys/class/power_supply/AC
   fi
   if [ -e /sys/class/power_supply/wilco-charger ]; then
     set -- "$@" -b /sys/class/power_supply/wilco-charger
   fi
   if [ -e /sys/class/power_supply/wacom_battery_0 ]; then
     set -- "$@" -b /sys/class/power_supply/wacom_battery_0
   fi

   exec minijail0 -e -i -l -n -p -r -t -v --uts \
     -u wilco_dtc -g wilco_dtc \
     --mount-dev \
     --profile=minimalistic-mountns \
     -k 'tmpfs,/run,tmpfs,MS_NODEV|MS_NOSUID|MS_NOEXEC,mode=755,size=10M' \
     -b /run/wilco_dtc/grpc_sockets,,1 \
     -b /run/wilco_dtc/vpd_fields \
     -b /run/dbus \
     -b /dev/vhost-vsock,,1 \
     -k 'tmpfs,/sys,tmpfs,MS_NODEV|MS_NOSUID|MS_NOEXEC,mode=755,size=10M' \
     -b /sys/class/hwmon \
     -b /sys/class/thermal \
     -b /dev/shm,,1 \
     "$@" \
     -S /usr/share/policy/wilco_dtc_supportd-seccomp.policy \
     -- /usr/bin/wilco_dtc_supportd --vmodule="${VMODULE_ARG}"
 end script

 # Wait for daemon to claim its D-Bus name before transitioning to started.
 post-start exec minijail0 -u wilco_dtc -g wilco_dtc /usr/bin/gdbus \
     wait --system --timeout 15 org.chromium.WilcoDtcSupportd
	# Copyright 2018 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Start the wilco_dtc_supportd daemon"
	author "chromium-os-dev@chromium.org"

	# Start the wilco_dtc_supportd daemon, which is responsible for collecting
	# telemetry and diagnostics information, and communicating with the wilco_dtc
	# daemon.
	start on starting wilco_dtc_dispatcher
	stop on stopped wilco_dtc_dispatcher

	respawn
	# If the job respawns 3 times in 10 seconds, stop trying.
	respawn limit 3 10

	expect fork

	# Force gRPC to use the native resolver instead of ares.
	# TODO(crbug.com/1044665): Remove once gRPC doesn't use ares resolver for vsock.
	env GRPC_DNS_RESOLVER=native


	# Allow VMODULE_ARG env variable to be sent to the job. If VLOG_PARAMS is set
	# (unset by default), it will be set as a parameter to --vmodule.
	import VMODULE_ARG
	env VMODULE_ARG=

	pre-start script
	# Make sure the vsock module is loaded.
	modprobe -q vhost-vsock

	# Make sure the wilco modules are loaded.
	modprobe -q wilco_ec \|\| true
	modprobe -q wilco_ec_events \|\| true
	modprobe -q wilco_ec_telemetry \|\| true

	# Create a directory for gRPC socket files - see the comment about the jailing
	# parameters below.
	mkdir -p -m 755 /run/wilco_dtc/grpc_sockets

	# Create a directory for observing VPD fields files - see the comment about
	# the jailing parameters below.
	# NOTE: VPD fields files are readable only by wilco_dtc group. Exposing these
	# files to other users would cause a privacy issue.
	VPD_FIELDS_DIR=/run/wilco_dtc/vpd_fields
	mkdir -p -m 550 "${VPD_FIELDS_DIR}"

	# Copy certain VPD fields from the cache into internal directory.
	# Serial Number:
	vpd_get_value "serial_number" > "${VPD_FIELDS_DIR}"/serial_number \|\| true
	vpd_get_value "model_name" > "${VPD_FIELDS_DIR}"/model_name \|\| true
	vpd_get_value "asset_id" > "${VPD_FIELDS_DIR}"/asset_id \|\| true
	vpd_get_value "sku_number" > "${VPD_FIELDS_DIR}"/sku_number \|\| true
	vpd_get_value "uuid_id" > "${VPD_FIELDS_DIR}"/uuid_id \|\| true
	vpd_get_value "mfg_date" > "${VPD_FIELDS_DIR}"/mfg_date \|\| true
	vpd_get_value "ActivateDate" > "${VPD_FIELDS_DIR}"/ActivateDate \|\| true
	vpd_get_value "system_id" > "${VPD_FIELDS_DIR}"/system_id \|\| true

	chown -R wilco_dtc:wilco_dtc /run/wilco_dtc/
	end script

	# Used jailing parameters:
	# -e: new network namespace;
	# -i: exit after forking;
	# -l: new IPC namespace;
	# -n: the no_new_privs bit;
	# -p: new PID namespace;
	# -r: remount /proc readonly;
	# -t: a new tmpfs filesystem for /tmp;
	# -v: new VFS namespace;
	# --uts: new UTS/hostname namespace;
	# -u, -g: user account and group;
	# --mount-dev: a new /dev mount;
	# --profile: minimalistic mount namespace;
	# -k /run: a new tmpfs filesystem for /run, with the subsequent parameters
	# mounting specific files into this directory;
	# -b /run/wilco_dtc/grpc_sockets: shared directory with gRPC socket files,
	# some of which are owned by wilco_dtc_supportd and some by the wilco_dtc
	# daemon (note: no other daemon will use this directory);
	# -b /run/wilco_dtc/vpd_fields: read-only directory with VPD fields value
	# files;
	# -b /run/dbus: shared socket file for talking with the D-Bus daemon;
	# -b /dev/vhost-vsock: allow vhost-vsock access to start vsock gRPC server;
	# -k /sys: a new tmpfs filesystem for /sys, with the subsequent parameters
	# mounting specific files into this directory;
	# -b /sys/class: symlinks to /sys/devices, categorized by device type;
	# -b /sys/devices: files with devices details exposed by the kernel;
	# -b /sys/firmware: files with details about ACPI, VPD, DMI/SMBIOS, etc.;
	# -b /dev/wilco_event0: file with EC events;
	# -b /dev/wilco_telem0: file with EC telemetry data;
	# -b /sys/devices/system/cpu: files with CPU C-status information;
	# -b /proc/diskstats: file with disk statistics;
	# -b /proc/cpuinfo: file with CPU information;
	# -b /proc/vmstat: file with virtual memory statistics;
	# -b /sys/class/backlight/intel_backlight: files with LCD brightness data;
	# -b /sys/class/net: files with WLAN and Ethernet information;
	# -b /sys/devices/pci0000:00/0000:00:1f.6/net/: files with onboard Ethernet information;
	# -b /sys/devices/pci0000:00/0000:00:14.3/net/: files with onboard WLAN information;
	# -b /sys/class/power_supply/AC: files with charger information;
	# -b /sys/class/power_supply/wilco-charger: files with charger information;
	# -b /sys/class/power_supply/wacom_battery_0: files with battery information;
	# -b /dev/shm: shared memory files for using IPC shared memory buffers for
	# talking with the browser over Mojo bridge;
	# -S: apply seccomp filters.
	script
	# Evaluate which directories are present for binding. Do this without starting
	# subshells, to avoid breaking upstart's PID tracking.
	set --
	if [ -e /sys/class/power_supply/BAT0 ]; then
	set -- "$@" -b /sys/class/power_supply/BAT0
	fi
	if [ -e /sys/devices/platform/coretemp.0 ]; then
	set -- "$@" -b /sys/devices/platform/coretemp.0
	fi
	if [ -e /sys/devices/virtual/hwmon ]; then
	set -- "$@" -b /sys/devices/virtual/hwmon
	fi
	if [ -e /sys/devices/virtual/thermal ]; then
	set -- "$@" -b /sys/devices/virtual/thermal
	fi
	if [ -e /sys/firmware/dmi/tables ]; then
	set -- "$@" -b /sys/firmware/dmi/tables
	fi
	if [ -e /dev/wilco_event0 ]; then
	set -- "$@" -b /dev/wilco_event0
	fi
	if [ -e /dev/wilco_telem0 ]; then
	set -- "$@" -b /dev/wilco_telem0
	fi
	if [ -e /sys/devices/system/cpu ]; then
	set -- "$@" -b /sys/devices/system/cpu
	fi
	if [ -e /proc/diskstats ]; then
	set -- "$@" -b /proc/diskstats
	fi
	if [ -e /proc/cpuinfo ]; then
	set -- "$@" -b /proc/cpuinfo
	fi
	if [ -e /proc/vmstat ]; then
	set -- "$@" -b /proc/vmstat
	fi
	if [ -e /sys/class/backlight/intel_backlight ]; then
	set -- "$@" -b /sys/class/backlight/intel_backlight
	fi
	if [ -e /sys/class/net ]; then
	set -- "$@" -b /sys/class/net
	fi
	if [ -e /sys/devices/pci0000:00/0000:00:1f.6/net ]; then
	set -- "$@" -b /sys/devices/pci0000:00/0000:00:1f.6/net
	fi
	if [ -e /sys/devices/pci0000:00/0000:00:14.3/net ]; then
	set -- "$@" -b /sys/devices/pci0000:00/0000:00:14.3/net
	fi
	if [ -e /sys/class/power_supply/AC ]; then
	set -- "$@" -b /sys/class/power_supply/AC
	fi
	if [ -e /sys/class/power_supply/wilco-charger ]; then
	set -- "$@" -b /sys/class/power_supply/wilco-charger
	fi
	if [ -e /sys/class/power_supply/wacom_battery_0 ]; then
	set -- "$@" -b /sys/class/power_supply/wacom_battery_0
	fi

	exec minijail0 -e -i -l -n -p -r -t -v --uts \
	-u wilco_dtc -g wilco_dtc \
	--mount-dev \
	--profile=minimalistic-mountns \
	-k 'tmpfs,/run,tmpfs,MS_NODEV\|MS_NOSUID\|MS_NOEXEC,mode=755,size=10M' \
	-b /run/wilco_dtc/grpc_sockets,,1 \
	-b /run/wilco_dtc/vpd_fields \
	-b /run/dbus \
	-b /dev/vhost-vsock,,1 \
	-k 'tmpfs,/sys,tmpfs,MS_NODEV\|MS_NOSUID\|MS_NOEXEC,mode=755,size=10M' \
	-b /sys/class/hwmon \
	-b /sys/class/thermal \
	-b /dev/shm,,1 \
	"$@" \
	-S /usr/share/policy/wilco_dtc_supportd-seccomp.policy \
	-- /usr/bin/wilco_dtc_supportd --vmodule="${VMODULE_ARG}"
	end script

	# Wait for daemon to claim its D-Bus name before transitioning to started.
	post-start exec minijail0 -u wilco_dtc -g wilco_dtc /usr/bin/gdbus \
	wait --system --timeout 15 org.chromium.WilcoDtcSupportd