chromeos-base/mri_package/files/rtanalytics.conf - third_party/overlays/chromiumos-overlay - Git at Google

 # Copyright 2019 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description "Run rtanalytics after the system services start"
 author "chromium-os-dev@chromium.org"

 # Stop rtanalytics if system-services are stopped or halt/reboot are started
 stop on stopping ui

 # Environment variable for the mount point of the rtanalytics library .so
 # component to be loaded by the executable.
 # TODO(chromium:835974): should be capitalized as MOUNT_POINT. Note: This
 # requires a change in the chrome.mediaPerceptionPrivate implementation.
 import mount_point

 # Start rtanalytics with the default loglevel (INFO and above).
 # Note: the mount point MUST be the first argument to rtanalytics_main.
 #
 # Below are used minijail0 arguments and their meaning:
 # -e: process doesn't need network access
 # -N: process doesn't need to modify control groups settings
 # -p: new PID namespace
 # -l: process doesn't use SysV shared memory or IPC
 # -u -g: run under user and group
 # -n: process doesn't need new privileges
 # --uts: new UTS/hostname namespace
 # --profile=minimalistic-mountns: implies -v -P /mnt/empty -b / -b /proc -b /dev/log -t -r --mount-dev
 # -v: process doesn't need access to user mounts
 # -P: set dir as the root fs
 # -b -k: mounts
 # -t: tmpfs on /tmp
 # -r: remount /proc readonly
 # --mount-dev: new /dev mount with full null tty urandom zero,
 #     links for fd ptmx stderr stdin stdout, dir shm
 # -S: use seccomp policy restrictions
 script

 if [ -z "${mount_point}" ]; then

 logger -t "${UPSTART_JOB}" \
     "Mount point not set!"

 else

 # This is the code path used in production.
 logger -t "${UPSTART_JOB}" "Mount point: ${mount_point}"
 # Resolves the real path. This protects us from path escapes like ../
 mount_point="$(realpath "${mount_point}")"

 # Only run rtanalytics_main if the mount_point path matches our expectation.
 case "${mount_point}" in
 /run/imageloader/*|/opt/google/rta)
   logger -t "${UPSTART_JOB}" "Valid mount point."
   export LD_LIBRARY_PATH="${mount_point}"
   exec minijail0 -e -N -p -l -G -n -u rtanalytics -g rtanalytics \
     --uts \
     --profile=minimalistic-mountns \
     -k 'none,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
     -b /run/dbus \
     -b /run/cras \
     -b "${mount_point}" \
     -S /usr/share/policy/rtanalytics.policy \
     "${mount_point}"/rtanalytics_main \
     --base_path="${mount_point}"/
   ;;
 *)
   logger -t "${UPSTART_JOB}" "Mount point invalid: ${mount_point}"
   ;;

 esac

 fi

 end script

 # Wait for analytics process to claim its
 # D-Bus name before transitioning to started.
 post-start exec gdbus wait --system --timeout 15 org.chromium.MediaPerception
	# Copyright 2019 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Run rtanalytics after the system services start"
	author "chromium-os-dev@chromium.org"

	# Stop rtanalytics if system-services are stopped or halt/reboot are started
	stop on stopping ui

	# Environment variable for the mount point of the rtanalytics library .so
	# component to be loaded by the executable.
	# TODO(chromium:835974): should be capitalized as MOUNT_POINT. Note: This
	# requires a change in the chrome.mediaPerceptionPrivate implementation.
	import mount_point

	# Start rtanalytics with the default loglevel (INFO and above).
	# Note: the mount point MUST be the first argument to rtanalytics_main.
	#
	# Below are used minijail0 arguments and their meaning:
	# -e: process doesn't need network access
	# -N: process doesn't need to modify control groups settings
	# -p: new PID namespace
	# -l: process doesn't use SysV shared memory or IPC
	# -u -g: run under user and group
	# -n: process doesn't need new privileges
	# --uts: new UTS/hostname namespace
	# --profile=minimalistic-mountns: implies -v -P /mnt/empty -b / -b /proc -b /dev/log -t -r --mount-dev
	# -v: process doesn't need access to user mounts
	# -P: set dir as the root fs
	# -b -k: mounts
	# -t: tmpfs on /tmp
	# -r: remount /proc readonly
	# --mount-dev: new /dev mount with full null tty urandom zero,
	# links for fd ptmx stderr stdin stdout, dir shm
	# -S: use seccomp policy restrictions
	script

	if [ -z "${mount_point}" ]; then

	logger -t "${UPSTART_JOB}" \
	"Mount point not set!"

	else

	# This is the code path used in production.
	logger -t "${UPSTART_JOB}" "Mount point: ${mount_point}"
	# Resolves the real path. This protects us from path escapes like ../
	mount_point="$(realpath "${mount_point}")"

	# Only run rtanalytics_main if the mount_point path matches our expectation.
	case "${mount_point}" in
	/run/imageloader/*\|/opt/google/rta)
	logger -t "${UPSTART_JOB}" "Valid mount point."
	export LD_LIBRARY_PATH="${mount_point}"
	exec minijail0 -e -N -p -l -G -n -u rtanalytics -g rtanalytics \
	--uts \
	--profile=minimalistic-mountns \
	-k 'none,/run,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /run/dbus \
	-b /run/cras \
	-b "${mount_point}" \
	-S /usr/share/policy/rtanalytics.policy \
	"${mount_point}"/rtanalytics_main \
	--base_path="${mount_point}"/
	;;
	*)
	logger -t "${UPSTART_JOB}" "Mount point invalid: ${mount_point}"
	;;

	esac

	fi

	end script

	# Wait for analytics process to claim its
	# D-Bus name before transitioning to started.
	post-start exec gdbus wait --system --timeout 15 org.chromium.MediaPerception