| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start rmtfs server" |
| author "benchan@chromium.org" |
| |
| env RMTFS_DEV=/dev/qcom_rmtfs_mem1 |
| env RMTFS_DIR=/var/lib/rmtfs |
| env RMTFS_BOOT_DIR=/var/lib/rmtfs/boot |
| env SOC_DIR=/sys/devices/platform/soc@0 |
| |
| # qcom-rmtfs-added: One of the devices we need is ready. |
| # qcom-modem-added: The other device we need is ready. |
| # syslog: minijail bind mounts /dev/log, which won't exist until syslog starts. |
| # verify_fsg: is in charge of creating files in ${RMTFS_DIR} |
| start on started syslog and stopped verify_fsg and ((qcom-rmtfs-added and qcom-modem-added) or rmtfs-early) |
| stop on starting pre-shutdown and stopped shill |
| |
| # This service handles modem file system storage requests. Other than |
| # the connection to the modem itself, it keeps no state. So it should |
| # be okay, though not preferable, to kill and restart this service. |
| oom score -100 |
| respawn |
| |
| expect fork |
| |
| pre-start script |
| # Make the directory just in case something went weird with verify_fsg |
| mkdir -p "${RMTFS_BOOT_DIR}" |
| |
| # Set restrictive permissions. We don't combine this with the mkdir -p |
| # above (using a "-m 0700") for two reasons: |
| # a) mkdir -p only applies permissions to the last dir in the chain. |
| # b) If the dir already exists (maybe an old version of the software |
| # created it) the permissions won't change. |
| chmod 0700 "${RMTFS_BOOT_DIR}" "${RMTFS_DIR}" |
| |
| # The verify_fsg script creates things w/ root. Change to the right owner |
| chown rmtfs:rmtfs "${RMTFS_BOOT_DIR}" "${RMTFS_DIR}" |
| |
| for f in modem_fsc modem_fsg modem_fs1 modem_fs2; do |
| if [ ! -f "${RMTFS_BOOT_DIR}/${f}" ]; then |
| touch "${RMTFS_BOOT_DIR}/${f}" |
| fi |
| chown rmtfs:rmtfs "${RMTFS_BOOT_DIR}/${f}" |
| done |
| # Allow the rmtfs user to control the remoteproc sysfs state file. |
| chown rmtfs:rmtfs /sys/bus/platform/drivers/qcom-q6v5-mss/[0-9]*/remoteproc/remoteproc*/state |
| chmod g+w /sys/bus/platform/drivers/qcom-q6v5-mss/[0-9]*/remoteproc/remoteproc*/state |
| end script |
| |
| # rmtfs needs CAP_NET_ADMIN to open AF_QIPCRTR socket. |
| # We provide read-only access to /var, so we can get a read/write bind mount |
| # for /var/lib/rmtfs/boot. |
| exec minijail0 --profile=minimalistic-mountns -inNlvr --uts \ |
| -b "${RMTFS_DEV}",,1 -b /sys -b "${SOC_DIR}",,1 \ |
| -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b "${RMTFS_BOOT_DIR}",,1 \ |
| -c cap_net_admin=e -u rmtfs -g rmtfs \ |
| -S /usr/share/policy/rmtfs-seccomp.policy \ |
| -- /usr/bin/rmtfs -so "${RMTFS_BOOT_DIR}" |