| # Copyright 2017 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start the U2FHID emulation daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| # TODO(crbug.com/770150) also start on device policy creation/update for OOBE. |
| start on started trunksd |
| stop on stopping system-services |
| respawn |
| # if the job respawns 3 times in 10 seconds, stop trying. |
| respawn limit 3 10 |
| # Do not respawn if we exited on purpose (e.g. service disabled). |
| normal exit 0 |
| |
| # Create a 'fake' /var directory hierarchy for the chroot |
| # to be able to bind mount the /var/lib/whitelist/policy file. |
| env VAR_DIR=/run/u2fd_var |
| |
| # Directory containing (u2f|g2f|verbose).force files. |
| env FORCE_DIR=/var/lib/u2f/force |
| |
| pre-start script |
| mkdir -p "${VAR_DIR}/lib/whitelist" |
| chown -R u2f "${VAR_DIR}" |
| chmod -R 500 "${VAR_DIR}" |
| # Settings override. |
| mkdir -p -m 0700 "${FORCE_DIR}" |
| end script |
| |
| # -e creates Network namespace. |
| # -p creates PID namespace. |
| # -l creates IPC namespace. |
| # -r remounts /proc read-only. |
| # -v enters new mount namespace (allows to change mounts inside jail). |
| # -n prevents that execve gains privileges. |
| # --uts creates a new UTS namespace. |
| # -c 0 don't need any capability. |
| # -P creates a pivot_root at the target folder. |
| # -b /,/ mounts / read-only. |
| # -b /run,/run mount read-only, required for D-Bus. |
| # -b /dev,/dev required to access /dev/uhid. |
| # -b ...,/var to read device policies from /var/lib/whitelist/policy. |
| # -u u2f change user. |
| # -G inherit u2f supplementary groups (ie policy-readers) |
| # -g bluetooth change group to access /dev/uhid. |
| script |
| force_enabled() { |
| [ -f "${FORCE_DIR}/$1.force" ] |
| } |
| |
| ARGS="" |
| force_enabled u2f && ARGS="${ARGS} --force_u2f" |
| force_enabled g2f && ARGS="${ARGS} --force_g2f" |
| force_enabled verbose && ARGS="${ARGS} --verbose" |
| |
| # If the device policy directory do not exist yet, minijail will abort while |
| # mounting the files. The resulting SIGABRT will both generate crash dump and |
| # trigger a spurious respawn. |
| if [ ! -f /var/lib/whitelist/owner.key ]; then |
| logger -t "${UPSTART_JOB}" "Exiting, no device policy" |
| exit 0 |
| fi |
| |
| exec minijail0 -e -p -l -r -v -n --uts -c 0 -P /var/empty \ |
| -b /,/ -b /run,/run -b /dev,/dev \ |
| -b ${VAR_DIR},/var \ |
| -b /var/lib/whitelist,/var/lib/whitelist \ |
| -u u2f -G -g bluetooth -- /usr/bin/u2fd ${ARGS} |
| end script |