camera/hal_adapter/init/cros-camera.conf - third_party/platform2 - Git at Google

 # Copyright 2017 The ChromiumOS Authors
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 description   "Start Chrome OS camera service"
 author        "chromium-os-dev@chromium.org"

 # Ensure imageloader-init has finished so /run/imageloader is available
 start on (started system-services or camera-device-added) and stopped imageloader-init
 stop on stopping system-services

 # Make the camera jobs killable, because if it has a leak it's better to restart
 # it than to OOM-panic.
 oom score 0

 expect fork
 respawn
 respawn limit 10 60

 env SECCOMP_POLICY_FILE=/usr/share/policy/cros-camera-seccomp.policy
 env UVC_HWTIMESTAMPS_FILE=/sys/module/uvcvideo/parameters/hwtimestamps
 env UVC_CLOCK_FILE=/sys/module/uvcvideo/parameters/clock
 env SERVER_TOKEN_DIR=/run/camera_tokens/server
 env CAMERA_LIBFS_PATH=/usr/share/cros-camera/libfs

 # Don't respawn too aggressively so kernel has some room to breathe and
 # initialize cameras.
 env RESPAWN_DELAY=5
 # Give the post-stop process a bit more than 5 seconds to terminate.
 kill timeout 8

 # cros_camera_service provides camera service to both Chrome and ARC++:
 # Chrome hosts the CameraHalDispatcher Mojo proxy; cros_camera_service forks a
 # child process to host the camera HAL adapter and registers to
 # CameraHalDispatcher Mojo proxy.  Camera clients can then ask
 # CameraHalDispatcher Mojo proxy to get the handle to connect to the camera HAL
 # adapter.

 pre-start script
   # If the camera-device-added event is triggered too early, the environment
   # such as the /run/camera directory might not be ready yet. Ignore the camera
   # event in that case and wait "starting system-services" event to start
   # cros-camera again when the environment is ready.
   if [ "${UPSTART_EVENTS}" = "camera-device-added" ] && \
      ! status system-services | grep -q "start/running"; then
     logger -t cros-camera "system-services hasn't started yet, ignore."
     stop
     exit 0
   fi

   # Run the board-specific setup hooks, if any.
   sh /etc/camera/setup-hooks.sh || true
   [ -e "${UVC_HWTIMESTAMPS_FILE}" ] && echo 1 > "${UVC_HWTIMESTAMPS_FILE}" || true
   if [ "$(cros_config /camera clock)" = "boottime" ]; then
     printf "boottime" > "${UVC_CLOCK_FILE}" || true
   fi

   # Exit here so that additional commands cannot be executed.
   exit 0
 end script

 post-start script
   # Run the board-specific hooks, if any.
   sh /etc/camera/post-start-hooks.sh || true
 end script

 post-stop script
   # If post-stop is somehow killed for timeout, treat that as a clean exit.
   trap "exit 0" TERM

   goal=$(status cros-camera | awk '{split($2, a, "/"); print a[1]}')
   if [ "${goal}" = "start" ]; then
     # Sleep only if it's respawning, so we don't need to wait when doing `stop
     # cros-camera` in tests or manually.
     sleep "${RESPAWN_DELAY}"
   fi
 end script

 script
   # Need -G to be in video group to access /dev/video*.
   # Need access to original network namespace for udev (no -e), which passes
   # uevents via netlink socket.
   # Write PID to /sys/fs/cgroup/cpuset/user_space/media/tasks.
   # Need access to /proc, /sys, /dev to perform USB enumeration.
   # Need access to /var/cache/camera to read camera parameters.
   # Need access to /var/lib/timezone to read correct timezone.
   # Need access to /var/lib/ml_core/opencl_cache to read effects opencl cache.
   # Need read access to /run/chromeos-config/v1 for access to chromeos-config.
   # Need (executable) access to /run/imageloader to read DLC.
   # Need (writable) access to /dev/shm to share memory with Android.
   # Need (writable) access to /var/lib/metrics to log metrics.
   # Need (writable) access to /run/dbus for DBus communications.
   # Set RLIMIT_NICE(=13) to 40,40

   # Need access to /etc/openvino to read OpenVINO config file for Intel NPU.
   # The path only exists on NPU-enabled devices, so we mount it conditionally.
   NPU_ARGS=''
   if [ -d /etc/openvino ]; then
     NPU_ARGS='-b /etc/openvino'
   fi

   exec minijail0 -i -u arc-camera -g arc-camera -G \
       -N -p -r -l -t \
       -f /sys/fs/cgroup/cpuset/user_space/media/tasks \
       -v -P /mnt/empty -b / -b /proc -b /sys -b /dev \
       -k 'tmpfs,/var,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' -b /var/cache/camera \
       -b /var/lib/timezone -b /dev/shm,,1 \
       -b /var/lib/ml_core/opencl_cache \
       ${NPU_ARGS} \
       -k 'tmpfs,/run,tmpfs,MS_NOSUID|MS_NODEV|MS_NOEXEC' \
       -k '/run/imageloader,/run/imageloader,none,MS_BIND|MS_REC|MS_NOSUID|MS_NODEV' \
       -b /run/perfetto,,1 -b /run/camera,,1 -b "${SERVER_TOKEN_DIR}" \
       -b /run/udev/data -b /run/chromeos-config/v1 \
       -b "${CAMERA_LIBFS_PATH}" \
       -b /var/lib/metrics,,1 -b /run/dbus/ -b /run/mojo,,1 \
       -R 13,40,40 \
       -n -S "${SECCOMP_POLICY_FILE}" \
       -- /usr/bin/cros_camera_service
 end script
	# Copyright 2017 The ChromiumOS Authors
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	description "Start Chrome OS camera service"
	author "chromium-os-dev@chromium.org"

	# Ensure imageloader-init has finished so /run/imageloader is available
	start on (started system-services or camera-device-added) and stopped imageloader-init
	stop on stopping system-services

	# Make the camera jobs killable, because if it has a leak it's better to restart
	# it than to OOM-panic.
	oom score 0

	expect fork
	respawn
	respawn limit 10 60

	env SECCOMP_POLICY_FILE=/usr/share/policy/cros-camera-seccomp.policy
	env UVC_HWTIMESTAMPS_FILE=/sys/module/uvcvideo/parameters/hwtimestamps
	env UVC_CLOCK_FILE=/sys/module/uvcvideo/parameters/clock
	env SERVER_TOKEN_DIR=/run/camera_tokens/server
	env CAMERA_LIBFS_PATH=/usr/share/cros-camera/libfs

	# Don't respawn too aggressively so kernel has some room to breathe and
	# initialize cameras.
	env RESPAWN_DELAY=5
	# Give the post-stop process a bit more than 5 seconds to terminate.
	kill timeout 8

	# cros_camera_service provides camera service to both Chrome and ARC++:
	# Chrome hosts the CameraHalDispatcher Mojo proxy; cros_camera_service forks a
	# child process to host the camera HAL adapter and registers to
	# CameraHalDispatcher Mojo proxy. Camera clients can then ask
	# CameraHalDispatcher Mojo proxy to get the handle to connect to the camera HAL
	# adapter.

	pre-start script
	# If the camera-device-added event is triggered too early, the environment
	# such as the /run/camera directory might not be ready yet. Ignore the camera
	# event in that case and wait "starting system-services" event to start
	# cros-camera again when the environment is ready.
	if [ "${UPSTART_EVENTS}" = "camera-device-added" ] && \
	! status system-services \| grep -q "start/running"; then
	logger -t cros-camera "system-services hasn't started yet, ignore."
	stop
	exit 0
	fi

	# Run the board-specific setup hooks, if any.
	sh /etc/camera/setup-hooks.sh \|\| true
	[ -e "${UVC_HWTIMESTAMPS_FILE}" ] && echo 1 > "${UVC_HWTIMESTAMPS_FILE}" \|\| true
	if [ "$(cros_config /camera clock)" = "boottime" ]; then
	printf "boottime" > "${UVC_CLOCK_FILE}" \|\| true
	fi

	# Exit here so that additional commands cannot be executed.
	exit 0
	end script

	post-start script
	# Run the board-specific hooks, if any.
	sh /etc/camera/post-start-hooks.sh \|\| true
	end script

	post-stop script
	# If post-stop is somehow killed for timeout, treat that as a clean exit.
	trap "exit 0" TERM

	goal=$(status cros-camera \| awk '{split($2, a, "/"); print a[1]}')
	if [ "${goal}" = "start" ]; then
	# Sleep only if it's respawning, so we don't need to wait when doing `stop
	# cros-camera` in tests or manually.
	sleep "${RESPAWN_DELAY}"
	fi
	end script

	script
	# Need -G to be in video group to access /dev/video*.
	# Need access to original network namespace for udev (no -e), which passes
	# uevents via netlink socket.
	# Write PID to /sys/fs/cgroup/cpuset/user_space/media/tasks.
	# Need access to /proc, /sys, /dev to perform USB enumeration.
	# Need access to /var/cache/camera to read camera parameters.
	# Need access to /var/lib/timezone to read correct timezone.
	# Need access to /var/lib/ml_core/opencl_cache to read effects opencl cache.
	# Need read access to /run/chromeos-config/v1 for access to chromeos-config.
	# Need (executable) access to /run/imageloader to read DLC.
	# Need (writable) access to /dev/shm to share memory with Android.
	# Need (writable) access to /var/lib/metrics to log metrics.
	# Need (writable) access to /run/dbus for DBus communications.
	# Set RLIMIT_NICE(=13) to 40,40

	# Need access to /etc/openvino to read OpenVINO config file for Intel NPU.
	# The path only exists on NPU-enabled devices, so we mount it conditionally.
	NPU_ARGS=''
	if [ -d /etc/openvino ]; then
	NPU_ARGS='-b /etc/openvino'
	fi

	exec minijail0 -i -u arc-camera -g arc-camera -G \
	-N -p -r -l -t \
	-f /sys/fs/cgroup/cpuset/user_space/media/tasks \
	-v -P /mnt/empty -b / -b /proc -b /sys -b /dev \
	-k 'tmpfs,/var,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' -b /var/cache/camera \
	-b /var/lib/timezone -b /dev/shm,,1 \
	-b /var/lib/ml_core/opencl_cache \
	${NPU_ARGS} \
	-k 'tmpfs,/run,tmpfs,MS_NOSUID\|MS_NODEV\|MS_NOEXEC' \
	-k '/run/imageloader,/run/imageloader,none,MS_BIND\|MS_REC\|MS_NOSUID\|MS_NODEV' \
	-b /run/perfetto,,1 -b /run/camera,,1 -b "${SERVER_TOKEN_DIR}" \
	-b /run/udev/data -b /run/chromeos-config/v1 \
	-b "${CAMERA_LIBFS_PATH}" \
	-b /var/lib/metrics,,1 -b /run/dbus/ -b /run/mojo,,1 \
	-R 13,40,40 \
	-n -S "${SECCOMP_POLICY_FILE}" \
	-- /usr/bin/cros_camera_service
	end script