| # Copyright 2019 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Run rtanalytics after the system services start" |
| author "chromium-os-dev@chromium.org" |
| |
| # Stop rtanalytics if system-services are stopped or halt/reboot are started |
| stop on stopping ui |
| |
| # Environment variable for the mount point of the rtanalytics library .so |
| # component to be loaded by the executable. |
| # TODO(chromium:835974): should be capitalized as MOUNT_POINT. Note: This |
| # requires a change in the chrome.mediaPerceptionPrivate implementation. |
| import mount_point |
| |
| # Start rtanalytics with the default loglevel (INFO and above). |
| # Note: the mount point MUST be the first argument to rtanalytics_main. |
| # |
| # Below are used minijail0 arguments and their meaning: |
| # -e: process doesn't need network access |
| # -N: process doesn't need to modify control groups settings |
| # -p: new PID namespace |
| # -l: process doesn't use SysV shared memory or IPC |
| # -u -g: run under user and group |
| # -n: process doesn't need new privileges |
| # --uts: new UTS/hostname namespace |
| # --profile=minimalistic-mountns: implies -v -P /mnt/empty -b / -b /proc -b /dev/log -t -r --mount-dev |
| # -v: process doesn't need access to user mounts |
| # -P: set dir as the root fs |
| # -b -k: mounts |
| # -t: tmpfs on /tmp |
| # -r: remount /proc readonly |
| # --mount-dev: new /dev mount with full null tty urandom zero, |
| # links for fd ptmx stderr stdin stdout, dir shm |
| # -S: use seccomp policy restrictions |
| script |
| |
| if [ -z "${mount_point}" ]; then |
| |
| logger -t "${UPSTART_JOB}" \ |
| "Mount point not set!" |
| |
| else |
| |
| # This is the code path used in production. |
| logger -t "${UPSTART_JOB}" "Mount point: ${mount_point}" |
| # Resolves the real path. This protects us from path escapes like ../ |
| mount_point="$(realpath "${mount_point}")" |
| |
| # Only run rtanalytics_main if the mount_point path matches our expectation. |
| case "${mount_point}" in |
| /run/imageloader/*|/opt/google/rta) |
| logger -t "${UPSTART_JOB}" "Valid mount point." |
| export LD_LIBRARY_PATH="${mount_point}" |
| exec minijail0 -e -N -p -l -G -n -u rtanalytics -g rtanalytics \ |
| --uts \ |
| --profile=minimalistic-mountns \ |
| -k 'none,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /run/dbus \ |
| -b /run/cras \ |
| -b "${mount_point}" \ |
| -S /usr/share/policy/rtanalytics.policy \ |
| "${mount_point}"/rtanalytics_main \ |
| --base_path="${mount_point}"/ |
| ;; |
| *) |
| logger -t "${UPSTART_JOB}" "Mount point invalid: ${mount_point}" |
| ;; |
| |
| esac |
| |
| fi |
| |
| end script |
| |
| # Wait for analytics process to claim its |
| # D-Bus name before transitioning to started. |
| post-start exec gdbus wait --system --timeout 15 org.chromium.MediaPerception |