Merge commit '88d9ea79a3294f0a9d56d7e64331993de2ee6c9c' into master
Update cros-sdk to version 13729.0.0
BUG=b/177232752
TEST=local build-executor run with lakitu, kumo, anthos-amd64-vsphere
RELEASE_NOTE=None
Signed-off-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Change-Id: I71e533b7119154afc9d468d9057010a6e664a13a
diff --git a/profiles/base/accounts/group/cros_ec-access b/profiles/base/accounts/group/cros_ec-access
index e4809fb..53dadb0 100644
--- a/profiles/base/accounts/group/cros_ec-access
+++ b/profiles/base/accounts/group/cros_ec-access
@@ -1,6 +1,6 @@
group:cros_ec-access
gid:416
# This group is to grant rw access of /dev/cros_ec to runtime_probe, healthd_ec,
-# and power because the binaries they run need access for probing information
-# w/o being root.
-users:runtime_probe,healthd_ec,power
+# typecd_ec and power because the binaries they run need access for probing
+# information w/o being root.
+users:runtime_probe,healthd_ec,power,typecd_ec
diff --git a/profiles/base/accounts/group/debugfs-access b/profiles/base/accounts/group/debugfs-access
index adb5a34..13e7abd 100644
--- a/profiles/base/accounts/group/debugfs-access
+++ b/profiles/base/accounts/group/debugfs-access
@@ -1,3 +1,3 @@
group:debugfs-access
gid:605
-users:arc-camera,shill,power,metrics
+users:arc-camera,shill,power,metrics,traced-probes
diff --git a/profiles/base/accounts/group/dns-proxy b/profiles/base/accounts/group/dns-proxy
new file mode 100644
index 0000000..3572c67
--- /dev/null
+++ b/profiles/base/accounts/group/dns-proxy
@@ -0,0 +1,3 @@
+group:dns-proxy
+gid:20167
+users:dns-proxy
diff --git a/profiles/base/accounts/group/dugong b/profiles/base/accounts/group/dugong
new file mode 100644
index 0000000..759bd17
--- /dev/null
+++ b/profiles/base/accounts/group/dugong
@@ -0,0 +1,3 @@
+group:dugong
+gid:20166
+users:dugong
diff --git a/profiles/base/accounts/group/fwupdate-serio b/profiles/base/accounts/group/fwupdate-serio
new file mode 100644
index 0000000..2d86d81
--- /dev/null
+++ b/profiles/base/accounts/group/fwupdate-serio
@@ -0,0 +1,3 @@
+group:fwupdate-serio
+gid:20163
+users:fwupdate-serio
diff --git a/profiles/base/accounts/group/hotlog b/profiles/base/accounts/group/hotlog
new file mode 100644
index 0000000..07621ef
--- /dev/null
+++ b/profiles/base/accounts/group/hotlog
@@ -0,0 +1,3 @@
+group:hotlog
+gid:20169
+users:hotlog
diff --git a/profiles/base/accounts/group/missived b/profiles/base/accounts/group/missived
new file mode 100644
index 0000000..7fc2fd2
--- /dev/null
+++ b/profiles/base/accounts/group/missived
@@ -0,0 +1,3 @@
+group:missived
+gid:20172
+users:missived
diff --git a/profiles/base/accounts/group/password-viewers b/profiles/base/accounts/group/password-viewers
index dfb0a16..1cd1593 100644
--- a/profiles/base/accounts/group/password-viewers
+++ b/profiles/base/accounts/group/password-viewers
@@ -2,4 +2,4 @@
# a kernel keyring.
group:password-viewers
gid:611
-users:kerberosd,shill
+users:kerberosd,shill,system-proxy
diff --git a/profiles/base/accounts/group/pciguard b/profiles/base/accounts/group/pciguard
new file mode 100644
index 0000000..6adb1f4
--- /dev/null
+++ b/profiles/base/accounts/group/pciguard
@@ -0,0 +1,3 @@
+group:pciguard
+gid:20165
+users:pciguard
diff --git a/profiles/base/accounts/group/ptp b/profiles/base/accounts/group/ptp
new file mode 100644
index 0000000..f6b4ff4
--- /dev/null
+++ b/profiles/base/accounts/group/ptp
@@ -0,0 +1,3 @@
+group:ptp
+gid:20159
+users:ptp
diff --git a/profiles/base/accounts/group/serio b/profiles/base/accounts/group/serio
new file mode 100644
index 0000000..70d8b43
--- /dev/null
+++ b/profiles/base/accounts/group/serio
@@ -0,0 +1,4 @@
+group:serio
+gid:421
+# fwupdate-serio: For firmware updater utilities that use serio-raw interface.
+users:fwupdate-serio
diff --git a/profiles/base/accounts/group/tinyproxy b/profiles/base/accounts/group/tinyproxy
new file mode 100644
index 0000000..cddf2b8
--- /dev/null
+++ b/profiles/base/accounts/group/tinyproxy
@@ -0,0 +1,3 @@
+group:tinyproxy
+gid:20156
+users:tinyproxy
diff --git a/profiles/base/accounts/group/tpm2-simulator b/profiles/base/accounts/group/tpm2-simulator
new file mode 100644
index 0000000..ed5e802
--- /dev/null
+++ b/profiles/base/accounts/group/tpm2-simulator
@@ -0,0 +1,2 @@
+group:tpm2-simulator
+gid:20169
diff --git a/profiles/base/accounts/group/traced b/profiles/base/accounts/group/traced
new file mode 100644
index 0000000..9084508
--- /dev/null
+++ b/profiles/base/accounts/group/traced
@@ -0,0 +1,3 @@
+group:traced
+gid:20160
+users:traced
diff --git a/profiles/base/accounts/group/traced-consumer b/profiles/base/accounts/group/traced-consumer
new file mode 100644
index 0000000..b06429d
--- /dev/null
+++ b/profiles/base/accounts/group/traced-consumer
@@ -0,0 +1,10 @@
+# This group controls the access to the Perfettto system tracing service daemon
+# "traced" as a trusted consumer. Users in this group are permitted to send
+# control commands to the service daemon and read collected trace data back.
+# Users in this group:
+# * traced: the user to run the service daemon "traced".
+# * chronos: for running the "perfetto" command in the crosh shell or collect
+# trace using the Perfetto UI (ui.perfetto.dev).
+group:traced-consumer
+gid:20164
+users:traced,chronos
diff --git a/profiles/base/accounts/group/traced-probes b/profiles/base/accounts/group/traced-probes
new file mode 100644
index 0000000..399e0e5
--- /dev/null
+++ b/profiles/base/accounts/group/traced-probes
@@ -0,0 +1,3 @@
+group:traced-probes
+gid:20161
+users:traced-probes
diff --git a/profiles/base/accounts/group/traced-producer b/profiles/base/accounts/group/traced-producer
new file mode 100644
index 0000000..b378e52
--- /dev/null
+++ b/profiles/base/accounts/group/traced-producer
@@ -0,0 +1,12 @@
+# This group controls the access to the Perfettto system tracing service daemon
+# "traced" as a producer. Users in this group are permitted to receive control
+# commands from the service daemon and send trace data to the daemon as a trace
+# data source. Users in this group:
+# * traced: the user to run "traced" in.
+# * traced-probes: for the system probes "traced_probes" to send kernel ftrace
+# and other system trace data to traced.
+# * chronos: for Chrome to send Chrome trace data to traced.
+# * crosvm: for Crosvm to send VM trace data to traced.
+group:traced-producer
+gid:20162
+users:traced,traced-probes,chronos,crosvm
diff --git a/profiles/base/accounts/group/typecd_ec b/profiles/base/accounts/group/typecd_ec
new file mode 100644
index 0000000..c59ed86
--- /dev/null
+++ b/profiles/base/accounts/group/typecd_ec
@@ -0,0 +1,3 @@
+group:typecd_ec
+gid:20168
+users:typecd_ec
diff --git a/profiles/base/accounts/user/dns-proxy b/profiles/base/accounts/user/dns-proxy
new file mode 100644
index 0000000..15f108b
--- /dev/null
+++ b/profiles/base/accounts/user/dns-proxy
@@ -0,0 +1,6 @@
+user:dns-proxy
+uid:20167
+gid:20167
+gecos:CrOS DNS proxy daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/dugong b/profiles/base/accounts/user/dugong
new file mode 100644
index 0000000..e97db82
--- /dev/null
+++ b/profiles/base/accounts/user/dugong
@@ -0,0 +1,6 @@
+user:dugong
+uid:20166
+gid:20166
+gecos:CrOS ManaTEE daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/fwupdate-serio b/profiles/base/accounts/user/fwupdate-serio
new file mode 100644
index 0000000..3666823
--- /dev/null
+++ b/profiles/base/accounts/user/fwupdate-serio
@@ -0,0 +1,6 @@
+user:fwupdate-serio
+uid:20163
+gid:20163
+gecos:user for firmware update utilities that use serio-raw devices
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/hotlog b/profiles/base/accounts/user/hotlog
new file mode 100644
index 0000000..862b4d3
--- /dev/null
+++ b/profiles/base/accounts/user/hotlog
@@ -0,0 +1,6 @@
+user:hotlog
+uid:20169
+gid:20169
+gecos:CfM cloud logging service
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/missived b/profiles/base/accounts/user/missived
new file mode 100644
index 0000000..7d03a7f
--- /dev/null
+++ b/profiles/base/accounts/user/missived
@@ -0,0 +1,6 @@
+user:missived
+uid:20172
+gid:20172
+gecos:Administrative Events Handler Daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/pciguard b/profiles/base/accounts/user/pciguard
new file mode 100644
index 0000000..d1ae45a
--- /dev/null
+++ b/profiles/base/accounts/user/pciguard
@@ -0,0 +1,6 @@
+user:pciguard
+uid:20165
+gid:20165
+gecos:External PCI device authorization daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/ptp b/profiles/base/accounts/user/ptp
new file mode 100644
index 0000000..2a5bd90
--- /dev/null
+++ b/profiles/base/accounts/user/ptp
@@ -0,0 +1,6 @@
+user:ptp
+uid:20159
+gid:20159
+gecos:Precision Time Protocol services (ptp4l and phc2sys)
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/tinyproxy b/profiles/base/accounts/user/tinyproxy
new file mode 100644
index 0000000..0176a28
--- /dev/null
+++ b/profiles/base/accounts/user/tinyproxy
@@ -0,0 +1,6 @@
+user:tinyproxy
+uid:20156
+gid:20156
+gecos:lightweight HTTP/SSL proxy daemon
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/tpm2-simulator b/profiles/base/accounts/user/tpm2-simulator
new file mode 100644
index 0000000..a3154e6
--- /dev/null
+++ b/profiles/base/accounts/user/tpm2-simulator
@@ -0,0 +1,6 @@
+user:tpm2-simulator
+uid:20169
+gid:20169
+gecos:Chromium OS tpm2-simulator daemon runs as this user
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/traced b/profiles/base/accounts/user/traced
new file mode 100644
index 0000000..7b6be49
--- /dev/null
+++ b/profiles/base/accounts/user/traced
@@ -0,0 +1,6 @@
+user:traced
+uid:20160
+gid:20160
+gecos:Perfetto system tracing service
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/traced-probes b/profiles/base/accounts/user/traced-probes
new file mode 100644
index 0000000..cd5063b
--- /dev/null
+++ b/profiles/base/accounts/user/traced-probes
@@ -0,0 +1,6 @@
+user:traced-probes
+uid:20161
+gid:20161
+gecos:Perfetto system tracing probes using debugfs, procfs and sysfs.
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/typecd_ec b/profiles/base/accounts/user/typecd_ec
new file mode 100644
index 0000000..84b36df
--- /dev/null
+++ b/profiles/base/accounts/user/typecd_ec
@@ -0,0 +1,6 @@
+user:typecd_ec
+uid:20168
+gid:20168
+gecos:User for accessing ectool within debugd for USB Type C functionality.
+home:/dev/null
+shell:/bin/false
diff --git a/profiles/base/accounts/user/usb_bouncer b/profiles/base/accounts/user/usb_bouncer
index 34e4b24..11f2e4e 100644
--- a/profiles/base/accounts/user/usb_bouncer
+++ b/profiles/base/accounts/user/usb_bouncer
@@ -1,6 +1,6 @@
user:usb_bouncer
uid:20124
gid:20124
-gecos:maintains device whitelist for usbguard
+gecos:maintains device allowlist for usbguard
home:/dev/null
shell:/bin/false
diff --git a/profiles/base/accounts/user/usbguard b/profiles/base/accounts/user/usbguard
index 9a94649..4a8a203 100644
--- a/profiles/base/accounts/user/usbguard
+++ b/profiles/base/accounts/user/usbguard
@@ -1,6 +1,6 @@
user:usbguard
uid:20123
gid:20123
-gecos:USB device whitelisting daemon
+gecos:USB device allowlisting daemon
home:/dev/null
shell:/bin/false
