chromeos-base/mri_package/files/rtanalytics.conf - third_party/overlays/chromiumos-overlay - Git at Google

 # Copyright 2019 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description "Run rtanlaytics after the system services start"
 author "chromium-os-dev@chromium.org"

 # Stop rtanalytics if system-services are stopped or halt/reboot are started
 stop on stopping ui

 # Environment variable for the mount point of the rtanalytics library .so
 # component to be loaded by the executable.
 # TODO(chromium:835974): should be capitalized as MOUNT_POINT. Note: This
 # requires a change in the chrome.mediaPerceptionPrivate implementation.
 import mount_point

 # Start rtanalytics with the default loglevel (INFO and above).
 # Note: the mount point MUST be the first argument to rtanalytics_main.
 #
 # Below are used minijail0 arguments and their meaning:
 # -e: process doesn't need network access
 # -N: process doesn't need to modify control groups settings
 # -p -r: process doesn't need to access other processes in the system
 # -v: process doesn't need access to user mounts
 # -l: process doesn't use SysV shared memory or IPC
 # -u -g: run under user and group
 # -n: process doesn't need new privileges
 # -S: use seccomp policy restrictions
 script

 if [ -z "${mount_point}" ]; then

 logger -t "${UPSTART_JOB}" \
     "Mount point not set!"

 else

 # This is the code path used in production.
 logger -t "${UPSTART_JOB}" "Mount point: ${mount_point}"
 # Resolves the real path. This protects us from path escapes like ../
 mount_point="$(realpath "${mount_point}")"

 # Only run rtanalytics_main if the mount_point path matches our expectation.
 case "${mount_point}" in
 /run/imageloader/*|/opt/google/rta)
   logger -t "${UPSTART_JOB}" "Valid mount point."
   export LD_LIBRARY_PATH="${mount_point}"
   exec minijail0 -e -N -p -r -v -l -G -n -u rtanalytics -g rtanalytics \
     -S /usr/share/policy/rtanalytics.policy \
     "${mount_point}"/rtanalytics_main \
     --base_path="${mount_point}"/ \
     --calculator_graph_config_file=guado_autozoom
   ;;
 *)
   logger -t "${UPSTART_JOB}" "Mount point invalid: ${mount_point}"
   ;;

 esac

 fi

 end script

 # Wait for analytics process to claim its
 # D-Bus name before transitioning to started.
 post-start exec gdbus wait --system --timeout 15 org.chromium.MediaPerception
	# Copyright 2019 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Run rtanlaytics after the system services start"
	author "chromium-os-dev@chromium.org"

	# Stop rtanalytics if system-services are stopped or halt/reboot are started
	stop on stopping ui

	# Environment variable for the mount point of the rtanalytics library .so
	# component to be loaded by the executable.
	# TODO(chromium:835974): should be capitalized as MOUNT_POINT. Note: This
	# requires a change in the chrome.mediaPerceptionPrivate implementation.
	import mount_point

	# Start rtanalytics with the default loglevel (INFO and above).
	# Note: the mount point MUST be the first argument to rtanalytics_main.
	#
	# Below are used minijail0 arguments and their meaning:
	# -e: process doesn't need network access
	# -N: process doesn't need to modify control groups settings
	# -p -r: process doesn't need to access other processes in the system
	# -v: process doesn't need access to user mounts
	# -l: process doesn't use SysV shared memory or IPC
	# -u -g: run under user and group
	# -n: process doesn't need new privileges
	# -S: use seccomp policy restrictions
	script

	if [ -z "${mount_point}" ]; then

	logger -t "${UPSTART_JOB}" \
	"Mount point not set!"

	else

	# This is the code path used in production.
	logger -t "${UPSTART_JOB}" "Mount point: ${mount_point}"
	# Resolves the real path. This protects us from path escapes like ../
	mount_point="$(realpath "${mount_point}")"

	# Only run rtanalytics_main if the mount_point path matches our expectation.
	case "${mount_point}" in
	/run/imageloader/*\|/opt/google/rta)
	logger -t "${UPSTART_JOB}" "Valid mount point."
	export LD_LIBRARY_PATH="${mount_point}"
	exec minijail0 -e -N -p -r -v -l -G -n -u rtanalytics -g rtanalytics \
	-S /usr/share/policy/rtanalytics.policy \
	"${mount_point}"/rtanalytics_main \
	--base_path="${mount_point}"/ \
	--calculator_graph_config_file=guado_autozoom
	;;
	*)
	logger -t "${UPSTART_JOB}" "Mount point invalid: ${mount_point}"
	;;

	esac

	fi

	end script

	# Wait for analytics process to claim its
	# D-Bus name before transitioning to started.
	post-start exec gdbus wait --system --timeout 15 org.chromium.MediaPerception