blob: bcf30d0590abea0084286f13ae52f24776e3f1d4 [file] [log] [blame]
# Copyright 2019 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Run rtanalytics after the system services start"
author "chromium-os-dev@chromium.org"
# Stop rtanalytics if system-services are stopped or halt/reboot are started
stop on stopping ui
# Environment variable for the mount point of the rtanalytics library .so
# component to be loaded by the executable.
# TODO(chromium:835974): should be capitalized as MOUNT_POINT. Note: This
# requires a change in the chrome.mediaPerceptionPrivate implementation.
import mount_point
# Start rtanalytics with the default loglevel (INFO and above).
# Note: the mount point MUST be the first argument to rtanalytics_main.
#
# Below are used minijail0 arguments and their meaning:
# -e: process doesn't need network access
# -N: process doesn't need to modify control groups settings
# -p: new PID namespace
# -l: process doesn't use SysV shared memory or IPC
# -u -g: run under user and group
# -n: process doesn't need new privileges
# --uts: new UTS/hostname namespace
# --profile=minimalistic-mountns: implies -v -P /mnt/empty -b / -b /proc -b /dev/log -t -r --mount-dev
# -v: process doesn't need access to user mounts
# -P: set dir as the root fs
# -b -k: mounts
# -t: tmpfs on /tmp
# -r: remount /proc readonly
# --mount-dev: new /dev mount with full null tty urandom zero,
# links for fd ptmx stderr stdin stdout, dir shm
# -S: use seccomp policy restrictions
script
if [ -z "${mount_point}" ]; then
logger -t "${UPSTART_JOB}" \
"Mount point not set!"
else
# This is the code path used in production.
logger -t "${UPSTART_JOB}" "Mount point: ${mount_point}"
# Resolves the real path. This protects us from path escapes like ../
mount_point="$(realpath "${mount_point}")"
# Only run rtanalytics_main if the mount_point path matches our expectation.
case "${mount_point}" in
/run/imageloader/*|/opt/google/rta)
logger -t "${UPSTART_JOB}" "Valid mount point."
export LD_LIBRARY_PATH="${mount_point}"
exec minijail0 -e -N -p -l -G -n -u rtanalytics -g rtanalytics \
--uts \
--profile=minimalistic-mountns \
-k 'none,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
-b /run/dbus \
-b /run/cras \
-b "${mount_point}" \
-S /usr/share/policy/rtanalytics.policy \
"${mount_point}"/rtanalytics_main \
--base_path="${mount_point}"/
;;
*)
logger -t "${UPSTART_JOB}" "Mount point invalid: ${mount_point}"
;;
esac
fi
end script
# Wait for analytics process to claim its
# D-Bus name before transitioning to started.
post-start exec gdbus wait --system --timeout 15 org.chromium.MediaPerception