| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the wilco_dtc_supportd daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| # Start the wilco_dtc_supportd daemon, which is responsible for collecting |
| # telemetry and diagnostics information, and communicating with the wilco_dtc |
| # daemon. |
| start on starting wilco_dtc_dispatcher |
| stop on stopped wilco_dtc_dispatcher |
| |
| respawn |
| # If the job respawns 3 times in 10 seconds, stop trying. |
| respawn limit 3 10 |
| |
| expect fork |
| |
| pre-start script |
| # Make sure the vsock module is loaded. |
| modprobe -q vhost-vsock |
| |
| # Make sure the wilco modules are loaded. |
| modprobe -q wilco_ec || true |
| modprobe -q wilco_ec_events || true |
| modprobe -q wilco_ec_telemetry || true |
| |
| # Create a directory for gRPC socket files - see the comment about the jailing |
| # parameters below. |
| mkdir -p -m 755 /run/wilco_dtc/grpc_sockets |
| |
| # Create a directory for observing VPD fields files - see the comment about |
| # the jailing parameters below. |
| # NOTE: VPD fields files are readable only by wilco_dtc group. Exposing these |
| # files to other users would cause a privacy issue. |
| VPD_FIELDS_DIR=/run/wilco_dtc/vpd_fields |
| mkdir -p -m 550 "${VPD_FIELDS_DIR}" |
| |
| # Copy certain VPD fields from the cache into internal directory. |
| # Serial Number: |
| vpd_get_value "serial_number" > "${VPD_FIELDS_DIR}"/serial_number || true |
| vpd_get_value "model_name" > "${VPD_FIELDS_DIR}"/model_name || true |
| vpd_get_value "asset_id" > "${VPD_FIELDS_DIR}"/asset_id || true |
| vpd_get_value "sku_number" > "${VPD_FIELDS_DIR}"/sku_number || true |
| vpd_get_value "uuid_id" > "${VPD_FIELDS_DIR}"/uuid_id || true |
| vpd_get_value "mfg_data" > "${VPD_FIELDS_DIR}"/mfg_data || true |
| vpd_get_value "ActivateData" > "${VPD_FIELDS_DIR}"/ActivateData || true |
| vpd_get_value "system_id" > "${VPD_FIELDS_DIR}"/system_id || true |
| |
| chown -R wilco_dtc:wilco_dtc /run/wilco_dtc/ |
| end script |
| |
| # Used jailing parameters: |
| # -e: new network namespace; |
| # -i: exit after forking; |
| # -l: new IPC namespace; |
| # -n: the no_new_privs bit; |
| # -p: new PID namespace; |
| # -r: remount /proc readonly; |
| # -t: a new tmpfs filesystem for /tmp; |
| # -v: new VFS namespace; |
| # --uts: new UTS/hostname namespace; |
| # -u, -g: user account and group; |
| # --mount-dev: a new /dev mount; |
| # --profile: minimalistic mount namespace; |
| # -k /run: a new tmpfs filesystem for /run, with the subsequent parameters |
| # mounting specific files into this directory; |
| # -b /run/wilco_dtc/grpc_sockets: shared directory with gRPC socket files, |
| # some of which are owned by wilco_dtc_supportd and some by the wilco_dtc |
| # daemon (note: no other daemon will use this directory); |
| # -b /run/wilco_dtc/vpd_fields: read-only directory with VPD fields value |
| # files; |
| # -b /run/dbus: shared socket file for talking with the D-Bus daemon; |
| # -b /dev/vhost-vsock: allow vhost-vsock access to start vsock gRPC server; |
| # -k /sys: a new tmpfs filesystem for /sys, with the subsequent parameters |
| # mounting specific files into this directory; |
| # -b /sys/class: symlinks to /sys/devices, categorized by device type; |
| # -b /sys/devices: files with devices details exposed by the kernel; |
| # -b /sys/firmware: files with details about ACPI, VPD, DMI/SMBIOS, etc.; |
| # -b /dev/wilco_event0: file with EC events; |
| # -b /dev/wilco_telem0: file with EC telemetry data; |
| # -b /sys/devices/system/cpu: files with CPU C-status information; |
| # -b /proc/diskstats: file with disk statistics; |
| # -b /proc/cpuinfo: file with CPU information; |
| # -b /proc/vmstat: file with virtual memory statistics; |
| # -b /sys/class/backlight/intel_backlight: files with LCD brightness data; |
| # -b /sys/class/net: files with WLAN and Ethernet information; |
| # -b /sys/devices/pci0000:00/0000:00:1f.6/net/: files with onboard Ethernet information; |
| # -b /sys/devices/pci0000:00/0000:00:14.3/net/: files with onboard WLAN information; |
| # -b /sys/class/power_supply/AC: files with charger information; |
| # -b /sys/class/power_supply/wilco-charger: files with charger information; |
| # -b /sys/class/power_supply/wacom_battery_0: files with battery information; |
| # -b /dev/shm: shared memory files for using IPC shared memory buffers for |
| # talking with the browser over Mojo bridge; |
| # -S: apply seccomp filters. |
| script |
| # Evaluate which directories are present for binding. Do this without starting |
| # subshells, to avoid breaking upstart's PID tracking. |
| set -- |
| if [ -e /sys/class/power_supply/BAT0 ]; then |
| set -- "$@" -b /sys/class/power_supply/BAT0 |
| fi |
| if [ -e /sys/devices/platform/coretemp.0 ]; then |
| set -- "$@" -b /sys/devices/platform/coretemp.0 |
| fi |
| if [ -e /sys/devices/virtual/hwmon ]; then |
| set -- "$@" -b /sys/devices/virtual/hwmon |
| fi |
| if [ -e /sys/devices/virtual/thermal ]; then |
| set -- "$@" -b /sys/devices/virtual/thermal |
| fi |
| if [ -e /sys/firmware/dmi/tables ]; then |
| set -- "$@" -b /sys/firmware/dmi/tables |
| fi |
| if [ -e /dev/wilco_event0 ]; then |
| set -- "$@" -b /dev/wilco_event0 |
| fi |
| if [ -e /dev/wilco_telem0 ]; then |
| set -- "$@" -b /dev/wilco_telem0 |
| fi |
| if [ -e /sys/devices/system/cpu ]; then |
| set -- "$@" -b /sys/devices/system/cpu |
| fi |
| if [ -e /proc/diskstats ]; then |
| set -- "$@" -b /proc/diskstats |
| fi |
| if [ -e /proc/cpuinfo ]; then |
| set -- "$@" -b /proc/cpuinfo |
| fi |
| if [ -e /proc/vmstat ]; then |
| set -- "$@" -b /proc/vmstat |
| fi |
| if [ -e /sys/class/backlight/intel_backlight ]; then |
| set -- "$@" -b /sys/class/backlight/intel_backlight |
| fi |
| if [ -e /sys/class/net ]; then |
| set -- "$@" -b /sys/class/net |
| fi |
| if [ -e /sys/devices/pci0000:00/0000:00:1f.6/net ]; then |
| set -- "$@" -b /sys/devices/pci0000:00/0000:00:1f.6/net |
| fi |
| if [ -e /sys/devices/pci0000:00/0000:00:14.3/net ]; then |
| set -- "$@" -b /sys/devices/pci0000:00/0000:00:14.3/net |
| fi |
| if [ -e /sys/class/power_supply/AC ]; then |
| set -- "$@" -b /sys/class/power_supply/AC |
| fi |
| if [ -e /sys/class/power_supply/wilco-charger ]; then |
| set -- "$@" -b /sys/class/power_supply/wilco-charger |
| fi |
| if [ -e /sys/class/power_supply/wacom_battery_0 ]; then |
| set -- "$@" -b /sys/class/power_supply/wacom_battery_0 |
| fi |
| |
| exec minijail0 -e -i -l -n -p -r -t -v --uts \ |
| -u wilco_dtc -g wilco_dtc \ |
| --mount-dev \ |
| --profile=minimalistic-mountns \ |
| -k 'tmpfs,/run,tmpfs,MS_NODEV|MS_NOSUID|MS_NOEXEC,mode=755,size=10M' \ |
| -b /run/wilco_dtc/grpc_sockets,,1 \ |
| -b /run/wilco_dtc/vpd_fields \ |
| -b /run/dbus \ |
| -b /dev/vhost-vsock,,1 \ |
| -k 'tmpfs,/sys,tmpfs,MS_NODEV|MS_NOSUID|MS_NOEXEC,mode=755,size=10M' \ |
| -b /sys/class/hwmon \ |
| -b /sys/class/thermal \ |
| -b /dev/shm,,1 \ |
| "$@" \ |
| -S /usr/share/policy/wilco_dtc_supportd-seccomp.policy \ |
| -- /usr/bin/wilco_dtc_supportd |
| end script |
| |
| # Wait for daemon to claim its D-Bus name before transitioning to started. |
| post-start exec minijail0 -u wilco_dtc -g wilco_dtc /usr/bin/gdbus \ |
| wait --system --timeout 15 org.chromium.WilcoDtcSupportd |
| |