| # Copyright 2021 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Bluetooth Manager" |
| author "ChromeOS BT <chromeos-bt-team@google.com>" |
| |
| start on started boot-services |
| stop on stopping boot-services |
| |
| # Limit respawning in case of crashloop |
| respawn limit 10 5 |
| respawn |
| |
| # This daemon manages the Bluetooth controllers on a system. It can be killed at |
| # the cost of an interruption in Bluetooth connectivity. |
| oom score -100 |
| |
| # Additional flags for `btmanagerd` |
| env BTMANAGERD_FLAGS="" |
| |
| pre-start script |
| var_conf_file="/var/lib/bluetooth/bt_did.conf" |
| sysprop_file="/var/lib/bluetooth/sysprops.conf" |
| |
| # Set the DeviceID based on Chrome OS version. |
| os_version="$(awk -F= '$1=="VERSION" { print $2 ;}' /etc/os-release)" |
| hex_os_version="0x$(printf '%04x' "${os_version}")" |
| sed -i -E "s/(version = ).*$/\1${hex_os_version}/" "${var_conf_file}" |
| |
| # Set the product version based on Chrome OS version. |
| pv_rule="^(bluetooth.device_id.product_version) = .*#autofill$" |
| sed -i -E "s/${pv_rule}/\1 = ${os_version} #autofill/" "${sysprop_file}" |
| |
| # Set the major and minor class of device based on DMI chassis type. |
| dmi_chassis_file="/sys/class/dmi/id/chassis_type" |
| chassis=0 |
| if [ -f "${dmi_chassis_file}" ]; then |
| chassis="$(cat "${dmi_chassis_file}")" |
| fi |
| case "$chassis" in |
| 3|4|6|7) |
| # Desktops |
| minor_class=4 ;; |
| 8|9|10|14) |
| # Laptops |
| minor_class=12 ;; |
| 11) |
| # Handsets |
| minor_class=192 ;; |
| 17|28) |
| # Servers |
| minor_class=8 ;; |
| *) |
| # Unknown |
| minor_class=0 |
| esac |
| sed -i -E "s/#(bluetooth.device.class_of_device)/\1=0,1,${minor_class}/" "${sysprop_file}" |
| |
| if [ -f /usr/bin/process_flex_bluetooth_overrides ]; then |
| exec minijail0 \ |
| -u bluetooth -g bluetooth -G -n \ |
| -- /usr/bin/process_flex_bluetooth_overrides |
| fi |
| end script |
| |
| script |
| # Parameters that can't be set: |
| # -e enters new network namespace. This prevents access to raw socket. |
| # |
| # Parameters that are set and what they do. |
| # -u bluetooth changes user. |
| # -g bluetooth changes group. |
| # -G inherit bluetooth's supplementary groups. |
| # -n prevents that execve gains privileges, required for seccomp filters. |
| # -l creates IPC namespace (isolates System V IPC objects/POSIX message |
| # queues). |
| # --uts enters a new UTS namespace. |
| # --profile minimalistic-mountns sets up minimalistic mount namespace. |
| # equivalent to -v -t -r --mount-dev -P /var/empty -b / -b /proc -b /dev/log |
| # -k /run,/run,tmpfs,... mounts tmpfs at /run |
| # -k /var,/var,tmpfs,... mounts tmpfs at /var |
| # -k /sys,/sys,tmpfs... mounts tmpfs at /sys |
| # -b /run/dbus mount read-only, required for D-Bus. |
| # -b /sys/class mount read-only. Only /sys/class/bluetooth is needed |
| # (it's required for hci devices), but may not exist yet when the |
| # service starts. |
| # -b /sys/devices allows read-write access so we can write to the reset file. |
| # -b /var/run/bluetooth mount read-only, required for pid files. |
| # -b /var/lib/misc/ allows read-write access to select floss/bluez daemon |
| # -b /var/lib/bluetooth/ allows read-write access to bluetooth config |
| # -c 3400 = cap_net_raw (1 << 13) | cap_net_admin (1 << 12) | \ |
| # cap_net_bind_service (1 << 10) |
| exec minijail0 \ |
| -u bluetooth -g bluetooth -G -n -l --uts \ |
| --profile minimalistic-mountns \ |
| -k '/run,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -k '/var,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -k '/sys,/sys,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /run/dbus \ |
| -b /sys/class \ |
| -b /sys/devices,,1 \ |
| -b /var/run/bluetooth,,1 \ |
| -b /var/lib/misc,,1 \ |
| -b /var/lib/bluetooth,,1 \ |
| -c 'cap_net_raw+ep cap_net_admin+ep cap_net_bind_service+ep' \ |
| -- /usr/bin/btmanagerd ${BTMANAGERD_FLAGS} |
| end script |