secagentd/init/secagentd.conf - third_party/platform2 - Git at Google

 # Copyright 2023 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description     "Security event reporting daemon"
 author          "chromium-os-dev@chromium.org"

 # Minimum log level defined in base/logging.h.
 #   0:INFO, 1:WARNING, 2:ERROR, 3:ERROR_REPORT, 4:FATAL
 #   -1:VLOG(1), -2:VLOG(2), etc
 # Set to log only INFO or above by default.
 import SECAGENTD_LOG_LEVEL

 # Set this env var to true to bypass any policy checks and always report
 # all events.
 import BYPASS_POLICY_FOR_TESTING

 # Set this env var to true to bypass the initial wait for an Agent Start event
 # to be enqueued successfully.
 import BYPASS_ENQ_OK_WAIT_FOR_TESTING

 # Set this env var to the desired value of the agent heartbeat timer
 # (> 0) period in seconds.
 import SET_HEARTBEAT_PERIOD_S_FOR_TESTING

 # Set this env var to the desired value of the event batching interval
 # in seconds.
 import PLUGIN_BATCH_INTERVAL_S_FOR_TESTING

 start on starting system-services
 stop on stopping system-services

 # secagentd keeps very little state and can easily recover so allow the OOM
 # killer to terminate it.
 oom score -100
 respawn

 script
   # Args passed through to secagentd.
   args=""

   # --log_level: The logging level.
   v="${SECAGENTD_LOG_LEVEL}"
   if [ -n "${v}" ]; then
     args="${args} --log_level=${v}"
   fi

   # --bypass_policy_for_testing: Skip checking the device policy for XDR
   #   reporting.
   v="${BYPASS_POLICY_FOR_TESTING}"
   if [ -n "${v}" ]; then
     args="${args} --bypass_policy_for_testing=${v}"
   fi

   # --bypass_enq_ok_wait_for_testing: Skip waiting for the first successful
   #     enqueueing of an agent start event before starting XDR reporting.
   v="${BYPASS_ENQ_OK_WAIT_FOR_TESTING}"
   if [ -n "${v}" ]; then
     args="${args} --bypass_enq_ok_wait_for_testing=${v}"
   fi

   # --set_heartbeat_period_s_for_testing: Set timer for agent heartbeat.
   v="${SET_HEARTBEAT_PERIOD_S_FOR_TESTING}"
   if [ -n "${v}" ]; then
     args="${args} --set_heartbeat_period_s_for_testing=${v}"
   fi

   # --plugin_batch_interval_s_for_testing: Set event batch interval.
   v="${PLUGIN_BATCH_INTERVAL_S_FOR_TESTING}"
   if [ -n "${v}" ]; then
     args="${args} --plugin_batch_interval_s_for_testing=${v}"
   fi

   # Args passed to minijail0.
   jail="--config /usr/share/minijail/secagentd.conf"

   exec minijail0 ${jail} -- /usr/sbin/secagentd ${args}

 end script
	# Copyright 2023 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Security event reporting daemon"
	author "chromium-os-dev@chromium.org"

	# Minimum log level defined in base/logging.h.
	# 0:INFO, 1:WARNING, 2:ERROR, 3:ERROR_REPORT, 4:FATAL
	# -1:VLOG(1), -2:VLOG(2), etc
	# Set to log only INFO or above by default.
	import SECAGENTD_LOG_LEVEL

	# Set this env var to true to bypass any policy checks and always report
	# all events.
	import BYPASS_POLICY_FOR_TESTING

	# Set this env var to true to bypass the initial wait for an Agent Start event
	# to be enqueued successfully.
	import BYPASS_ENQ_OK_WAIT_FOR_TESTING

	# Set this env var to the desired value of the agent heartbeat timer
	# (> 0) period in seconds.
	import SET_HEARTBEAT_PERIOD_S_FOR_TESTING

	# Set this env var to the desired value of the event batching interval
	# in seconds.
	import PLUGIN_BATCH_INTERVAL_S_FOR_TESTING

	start on starting system-services
	stop on stopping system-services

	# secagentd keeps very little state and can easily recover so allow the OOM
	# killer to terminate it.
	oom score -100
	respawn

	script
	# Args passed through to secagentd.
	args=""

	# --log_level: The logging level.
	v="${SECAGENTD_LOG_LEVEL}"
	if [ -n "${v}" ]; then
	args="${args} --log_level=${v}"
	fi

	# --bypass_policy_for_testing: Skip checking the device policy for XDR
	# reporting.
	v="${BYPASS_POLICY_FOR_TESTING}"
	if [ -n "${v}" ]; then
	args="${args} --bypass_policy_for_testing=${v}"
	fi

	# --bypass_enq_ok_wait_for_testing: Skip waiting for the first successful
	# enqueueing of an agent start event before starting XDR reporting.
	v="${BYPASS_ENQ_OK_WAIT_FOR_TESTING}"
	if [ -n "${v}" ]; then
	args="${args} --bypass_enq_ok_wait_for_testing=${v}"
	fi

	# --set_heartbeat_period_s_for_testing: Set timer for agent heartbeat.
	v="${SET_HEARTBEAT_PERIOD_S_FOR_TESTING}"
	if [ -n "${v}" ]; then
	args="${args} --set_heartbeat_period_s_for_testing=${v}"
	fi

	# --plugin_batch_interval_s_for_testing: Set event batch interval.
	v="${PLUGIN_BATCH_INTERVAL_S_FOR_TESTING}"
	if [ -n "${v}" ]; then
	args="${args} --plugin_batch_interval_s_for_testing=${v}"
	fi

	# Args passed to minijail0.
	jail="--config /usr/share/minijail/secagentd.conf"

	exec minijail0 ${jail} -- /usr/sbin/secagentd ${args}

	end script