net-wireless/floss/files/upstart/btadapterd.conf - third_party/overlays/chromiumos-overlay - Git at Google

 # Copyright 2021 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description "Bluetooth Adapter"
 author "ChromeOS BT <chromeos-bt-team@google.com>"

 # Limit respawning in case of crashloop
 respawn limit 10 5
 respawn

 # This daemon manages the Bluetooth connections on a system. It can be killed at
 # the cost of an interruption in Bluetooth connectivity.
 oom score -100

 # Wait 10 seconds before sending KILL after TERM
 kill timeout 10

 # Physical adapter index
 import HCI
 instance $HCI

 # Virtual adapter index
 import INDEX
 instance $INDEX

 pre-start script
   if [ "$HCI" -ge "0" ] 2>/dev/null; then
     # HCI is a valid value (number >= 0) so do nothing.
     # Values < 0 and non-numerical values will fall through.
     :
   else
     # Invalid HCI value should fail
     logger -is -p daemon.warning -t "${UPSTART_JOB}" -- \
       "Invalid params on btadapterd. HCI=${HCI}"
     exit 1
   fi
 end script

 post-stop script
   # HCI is determined at runtime and is validated in the pre-start script
   # as a numerical value.
   rm "/run/bluetooth/bluetooth${HCI}.pid" # croslint: disable
 end script

 # Set GD flags; format is INIT_gd_<>
 env GD_FLAGS="INIT_sdp_skip_rnr_if_known=false INIT_gd_remote_name_request=true INIT_private_gatt=false"

 # Additional flags for `btadapterd`.
 env BTADAPTERD_FLAGS=""

 script
   # -u bluetooth changes user.
   # -g bluetooth changes group.
   # -G inherit bluetooth's supplementary groups.
   # -n prevents that execve gains privileges, required for seccomp filters.
   # -S sets seccomp filter.
   # -c 803500 = cap_sys_nice  (1 << 23) | cap_net_raw          (1 << 13) | \
   #             cap_net_admin (1 << 12) | cap_net_bind_service (1 << 10) | \
   #             cap_setpcap   (1 << 8)
   exec minijail0 \
   -u bluetooth -g bluetooth -G -n \
   -S /usr/share/policy/floss-seccomp.policy \
   -c 803500 \
   -- /usr/bin/btadapterd --index=$INDEX --hci=$HCI ${BTADAPTERD_FLAGS} ${GD_FLAGS}
 end script
	# Copyright 2021 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Bluetooth Adapter"
	author "ChromeOS BT <chromeos-bt-team@google.com>"

	# Limit respawning in case of crashloop
	respawn limit 10 5
	respawn

	# This daemon manages the Bluetooth connections on a system. It can be killed at
	# the cost of an interruption in Bluetooth connectivity.
	oom score -100

	# Wait 10 seconds before sending KILL after TERM
	kill timeout 10

	# Physical adapter index
	import HCI
	instance $HCI

	# Virtual adapter index
	import INDEX
	instance $INDEX

	pre-start script
	if [ "$HCI" -ge "0" ] 2>/dev/null; then
	# HCI is a valid value (number >= 0) so do nothing.
	# Values < 0 and non-numerical values will fall through.
	:
	else
	# Invalid HCI value should fail
	logger -is -p daemon.warning -t "${UPSTART_JOB}" -- \
	"Invalid params on btadapterd. HCI=${HCI}"
	exit 1
	fi
	end script

	post-stop script
	# HCI is determined at runtime and is validated in the pre-start script
	# as a numerical value.
	rm "/run/bluetooth/bluetooth${HCI}.pid" # croslint: disable
	end script

	# Set GD flags; format is INIT_gd_<>
	env GD_FLAGS="INIT_sdp_skip_rnr_if_known=false INIT_gd_remote_name_request=true INIT_private_gatt=false"

	# Additional flags for `btadapterd`.
	env BTADAPTERD_FLAGS=""

	script
	# -u bluetooth changes user.
	# -g bluetooth changes group.
	# -G inherit bluetooth's supplementary groups.
	# -n prevents that execve gains privileges, required for seccomp filters.
	# -S sets seccomp filter.
	# -c 803500 = cap_sys_nice (1 << 23) \| cap_net_raw (1 << 13) \| \
	# cap_net_admin (1 << 12) \| cap_net_bind_service (1 << 10) \| \
	# cap_setpcap (1 << 8)
	exec minijail0 \
	-u bluetooth -g bluetooth -G -n \
	-S /usr/share/policy/floss-seccomp.policy \
	-c 803500 \
	-- /usr/bin/btadapterd --index=$INDEX --hci=$HCI ${BTADAPTERD_FLAGS} ${GD_FLAGS}
	end script