u2fd/init/u2fd.conf - mirrors/cros/chromiumos/platform2 - Git at Google

 # Copyright 2017 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description   "Start the U2FHID emulation daemon"
 author        "chromium-os-dev@chromium.org"

 # TODO(crbug.com/770150) also start on device policy creation/update for OOBE.
 start on started trunksd
 stop on stopping system-services
 respawn
 # if the job respawns 3 times in 10 seconds, stop trying.
 respawn limit 3 10
 # Do not respawn if we exited on purpose (e.g. service disabled).
 normal exit 0

 # Create a 'fake' /var directory hierarchy for the chroot
 # to be able to bind mount the /var/lib/whitelist/policy file.
 env VAR_DIR=/run/u2fd_var

 # Directory containing (u2f|g2f|verbose).force files.
 env FORCE_DIR=/var/lib/u2f/force

 pre-start script
   mkdir -p "${VAR_DIR}/lib/whitelist"
   chown -R u2f "${VAR_DIR}"
   chmod -R 500 "${VAR_DIR}"
   # Settings override.
   mkdir -p -m 0700 "${FORCE_DIR}"
 end script

 # -e creates Network namespace.
 # -p creates PID namespace.
 # -l creates IPC namespace.
 # -r remounts /proc read-only.
 # -v enters new mount namespace (allows to change mounts inside jail).
 # -n prevents that execve gains privileges.
 # --uts creates a new UTS namespace.
 # -c 0 don't need any capability.
 # -P creates a pivot_root at the target folder.
 # -b /,/ mounts / read-only.
 # -b /run,/run mount read-only, required for D-Bus.
 # -b /dev,/dev required to access /dev/uhid.
 # -b ...,/var to read device policies from /var/lib/whitelist/policy.
 # -u u2f change user.
 # -G inherit u2f supplementary groups (ie policy-readers)
 # -g bluetooth change group to access /dev/uhid.
 script
   force_enabled() {
     [ -f "${FORCE_DIR}/$1.force" ]
   }

   ARGS=""
   force_enabled u2f && ARGS="${ARGS} --force_u2f"
   force_enabled g2f && ARGS="${ARGS} --force_g2f"
   force_enabled verbose && ARGS="${ARGS} --verbose"

   # If the device policy directory do not exist yet, minijail will abort while
   # mounting the files. The resulting SIGABRT will both generate crash dump and
   # trigger a spurious respawn.
   if [ ! -f /var/lib/whitelist/owner.key ]; then
     logger -t "${UPSTART_JOB}" "Exiting, no device policy"
     exit 0
   fi

   exec minijail0 -e -p -l -r -v -n --uts -c 0 -P /var/empty                 \
                -b /,/ -b /run,/run -b /dev,/dev                             \
                -b ${VAR_DIR},/var                                           \
                -b /var/lib/whitelist,/var/lib/whitelist                     \
                -u u2f -G -g bluetooth -- /usr/bin/u2fd ${ARGS}
 end script
	# Copyright 2017 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Start the U2FHID emulation daemon"
	author "chromium-os-dev@chromium.org"

	# TODO(crbug.com/770150) also start on device policy creation/update for OOBE.
	start on started trunksd
	stop on stopping system-services
	respawn
	# if the job respawns 3 times in 10 seconds, stop trying.
	respawn limit 3 10
	# Do not respawn if we exited on purpose (e.g. service disabled).
	normal exit 0

	# Create a 'fake' /var directory hierarchy for the chroot
	# to be able to bind mount the /var/lib/whitelist/policy file.
	env VAR_DIR=/run/u2fd_var

	# Directory containing (u2f\|g2f\|verbose).force files.
	env FORCE_DIR=/var/lib/u2f/force

	pre-start script
	mkdir -p "${VAR_DIR}/lib/whitelist"
	chown -R u2f "${VAR_DIR}"
	chmod -R 500 "${VAR_DIR}"
	# Settings override.
	mkdir -p -m 0700 "${FORCE_DIR}"
	end script

	# -e creates Network namespace.
	# -p creates PID namespace.
	# -l creates IPC namespace.
	# -r remounts /proc read-only.
	# -v enters new mount namespace (allows to change mounts inside jail).
	# -n prevents that execve gains privileges.
	# --uts creates a new UTS namespace.
	# -c 0 don't need any capability.
	# -P creates a pivot_root at the target folder.
	# -b /,/ mounts / read-only.
	# -b /run,/run mount read-only, required for D-Bus.
	# -b /dev,/dev required to access /dev/uhid.
	# -b ...,/var to read device policies from /var/lib/whitelist/policy.
	# -u u2f change user.
	# -G inherit u2f supplementary groups (ie policy-readers)
	# -g bluetooth change group to access /dev/uhid.
	script
	force_enabled() {
	[ -f "${FORCE_DIR}/$1.force" ]
	}

	ARGS=""
	force_enabled u2f && ARGS="${ARGS} --force_u2f"
	force_enabled g2f && ARGS="${ARGS} --force_g2f"
	force_enabled verbose && ARGS="${ARGS} --verbose"

	# If the device policy directory do not exist yet, minijail will abort while
	# mounting the files. The resulting SIGABRT will both generate crash dump and
	# trigger a spurious respawn.
	if [ ! -f /var/lib/whitelist/owner.key ]; then
	logger -t "${UPSTART_JOB}" "Exiting, no device policy"
	exit 0
	fi

	exec minijail0 -e -p -l -r -v -n --uts -c 0 -P /var/empty \
	-b /,/ -b /run,/run -b /dev,/dev \
	-b ${VAR_DIR},/var \
	-b /var/lib/whitelist,/var/lib/whitelist \
	-u u2f -G -g bluetooth -- /usr/bin/u2fd ${ARGS}
	end script