shill: Add systemd services.

Extracts common script parts for Upstart and systemd.
Uses the same template parameters for systemd services.

BUG=chromium:583671
CQ-DEPEND=CL:362801, CL:362800
TEST=Checked that shill is up and running and that it passes shill
  tests.

Change-Id: If3903354839824117104d9ff1cb6d0400da8d8f4
Reviewed-on: https://chromium-review.googlesource.com/362810
Commit-Ready: Sabin Floares <sabin.floares@intel.com>
Tested-by: Sabin Floares <sabin.floares@intel.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/init/netfilter-queue.service b/init/netfilter-queue.service
new file mode 100644
index 0000000..253adae
--- /dev/null
+++ b/init/netfilter-queue.service
@@ -0,0 +1,17 @@
+# Copyright 2016 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+[Unit]
+Description=Run the netfilter-queue-helper multicast firewall extension
+PartOf=system-services.target
+After=system-services.target
+[Service]
+EnvironmentFile=/usr/sbin/netfilter-common
+Environment=EXEC_NAME=/usr/sbin/netfilter-queue-helper
+Restart=always
+ExecStart=/sbin/minijail0 -u nfqueue -g nfqueue -c 1000 \
+	-S /usr/share/policy/nfqueue-seccomp.policy -n \
+	${EXEC_NAME} \
+		--input-queue=${NETFILTER_INPUT_NFQUEUE} \
+		--output-queue=${NETFILTER_OUTPUT_NFQUEUE}
diff --git a/init/network-services.service.in b/init/network-services.service.in
new file mode 100644
index 0000000..fe1c7e3
--- /dev/null
+++ b/init/network-services.service.in
@@ -0,0 +1,12 @@
+# Copyright 2016 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+[Unit]
+Description=Abstract job that runs when boot-services is complete
+After=boot-services.target
+[Service]
+RemainAfterExit=yes
+Type=oneshot
+ExecStart=/bin/sh -c "@load_cfg80211@ || \
+  logger -p err -t \"%n\" \"Failed to load cfg80211\""
diff --git a/init/shill-pre-start.sh b/init/shill-pre-start.sh
new file mode 100644
index 0000000..61c67f4
--- /dev/null
+++ b/init/shill-pre-start.sh
@@ -0,0 +1,41 @@
+#
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+bootstat shill-start
+
+# Create state directory
+mkdir -p /var/run/shill
+
+# Create storage for the shill global profile.
+mkdir -p /var/cache/shill
+
+# Set up dhcpcd's /var/{lib|run} dirs to run as user 'dhcp'.
+mkdir -m 0755 -p /var/lib/dhcpcd
+mkdir -m 0755 -p /var/run/dhcpcd
+chmod -R u+rwX,g+rX,o+rX /var/lib/dhcpcd
+chown -R dhcp:dhcp /var/lib/dhcpcd
+chown -R dhcp:dhcp /var/run/dhcpcd
+
+# Use flimflam's default profile if shill doesn't have one.
+if [ ! -f /var/cache/shill/default.profile -a \
+       -f /var/cache/flimflam/default.profile ]; then
+  mv /var/cache/flimflam/default.profile /var/cache/shill/default.profile
+  chmod a+r /var/cache/shill/default.profile
+fi
+
+# This option is no longer supported.
+rm -f /home/chronos/.disable_shill
diff --git a/init/shill-start-user-session.service b/init/shill-start-user-session.service
new file mode 100644
index 0000000..8fdb9e5
--- /dev/null
+++ b/init/shill-start-user-session.service
@@ -0,0 +1,14 @@
+# Copyright 2016 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# This service is started when "start-user-session.target" is started.
+# The environment CHROME_USER is set before starting "start-user-session.target"
+
+[Unit]
+Description=connection-manager-specific session setup tasks.
+
+[Service]
+Type=oneshot
+StartLimitInterval=0
+ExecStart=/usr/bin/shill_login_user ${CHROMEOS_USER}
diff --git a/init/shill-stop-user-session.service b/init/shill-stop-user-session.service
new file mode 100644
index 0000000..7b1c5a2
--- /dev/null
+++ b/init/shill-stop-user-session.service
@@ -0,0 +1,11 @@
+# Copyright 2016 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# This unit is started by ui.service in the ExecStop command
+
+[Unit]
+Description=connection-manager-related session cleanup tasks
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/shill_logout_user
diff --git a/init/shill.conf.in b/init/shill.conf.in
index bcba078..8129d9f 100644
--- a/init/shill.conf.in
+++ b/init/shill.conf.in
@@ -43,72 +43,8 @@
 # Hook for mod_for_test_scripts/100setupTestingInterface.
 env SHILL_TEST_DEVICES=""
 
-pre-start script
-  bootstat shill-start
+pre-start exec /bin/sh /usr/share/cros/init/shill-pre-start.sh
 
-  # Create state directory
-  mkdir -p /var/run/shill
+post-stop exec bootstat shill-stop
 
-  # Create storage for the shill global profile.
-  mkdir -p /var/cache/shill
-
-  # Use flimflam's default profile if shill doesn't have one.
-  if [ ! -f /var/cache/shill/default.profile -a \
-         -f /var/cache/flimflam/default.profile ]; then
-    mv /var/cache/flimflam/default.profile /var/cache/shill/default.profile
-    chmod a+r /var/cache/shill/default.profile
-  fi
-
-  # Set up dhcpcd's /var/{lib|run} dirs to run as user 'dhcp'.
-  mkdir -m 0755 -p /var/lib/dhcpcd
-  mkdir -m 0755 -p /var/run/dhcpcd
-  chmod -R u+rwX,g+rX,o+rX /var/lib/dhcpcd
-  chown -R dhcp:dhcp /var/lib/dhcpcd
-  chown -R dhcp:dhcp /var/run/dhcpcd
-
-  # This option is no longer supported.
-  rm -f /home/chronos/.disable_shill
-end script
-
-post-stop script
-  bootstat shill-stop
-end script
-
-script
-  DAEMONBIN="shill"
-  ARGS="--log-level=${SHILL_LOG_LEVEL} --log-scopes=${SHILL_LOG_SCOPES}"
-  if [ -n "${BLACKLISTED_DEVICES}" ] && [ -n "${SHILL_TEST_DEVICES}" ]; then
-    ARGS="${ARGS} --device-black-list=${BLACKLISTED_DEVICES},${SHILL_TEST_DEVICES}"
-  elif [ -n "${BLACKLISTED_DEVICES}" ]; then
-    ARGS="${ARGS} --device-black-list=${BLACKLISTED_DEVICES}"
-  elif [ -n "${SHILL_TEST_DEVICES}" ]; then
-    ARGS="${ARGS} --device-black-list=${SHILL_TEST_DEVICES}"
-  fi
-  if [ -n "${SHILL_PASSIVE_MODE}" ]; then
-    ARGS="${ARGS} --passive-mode"
-  fi
-  if [ -n "${SHILL_PREPEND_DNS_SERVERS}" ]; then
-    ARGS="${ARGS} --prepend-dns-servers=${SHILL_PREPEND_DNS_SERVERS}"
-  fi
-  if [ -n "${SHILL_ACCEPT_HOSTNAME_FROM}" ]; then
-    ARGS="${ARGS} --accept-hostname-from=${SHILL_ACCEPT_HOSTNAME_FROM}"
-  fi
-  if [ -n "${SHILL_MINIMUM_MTU}" ]; then
-    ARGS="${ARGS} --minimum-mtu=${SHILL_MINIMUM_MTU}"
-  fi
-  if [ -n "${DHCPV6_ENABLED_DEVICES}" ]; then
-    ARGS="${ARGS} --dhcpv6-enabled-devices=${DHCPV6_ENABLED_DEVICES}"
-  fi
-  if [ -n "${IGNORE_UNKNOWN_ETHERNET}" ]; then
-    ARGS="${ARGS} --ignore-unknown-ethernet"
-  fi
-  ARGS="${ARGS} ${SHILL_TEST_ARGS}"
-
-  # If OOBE has not completed (i.e. EULA not agreed to), do not run
-  # portal checks.
-  if [ ! -f /home/chronos/.oobe_completed ]; then
-    ARGS="${ARGS} --portal-list="
-  fi
-
-  exec ${DAEMONBIN} ${ARGS}
-end script
+exec /bin/sh /usr/share/cros/init/shill.sh
diff --git a/init/shill.service.in b/init/shill.service.in
new file mode 100644
index 0000000..9b42bac
--- /dev/null
+++ b/init/shill.service.in
@@ -0,0 +1,28 @@
+# Copyright 2016 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+[Unit]
+Description=Run the shill network connection manager
+Before=network.target
+After=@expected_started_services@
+Requisite=@expected_started_services@
+Conflicts=pre-shutdown.service
+[Service]
+# Default parameters to be overridden by systemd configuration.
+Environment="SHILL_LOG_LEVEL=0" \
+	"SHILL_LOG_SCOPES=" \
+	"SHILL_PASSIVE_MODE=" \
+	"SHILL_PREPEND_DNS_SERVERS=" \
+	"SHILL_ACCEPT_HOSTNAME_FROM=" \
+	"SHILL_MINIMUM_MTU=" \
+	"BLACKLISTED_DEVICES=" \
+	"DHCPV6_ENABLED_DEVICES=" \
+	"SHILL_TEST_DEVICES="
+Restart=on-failure
+
+ExecStartPre=/bin/sh /usr/share/cros/init/shill-pre-start.sh
+
+ExecStart=/bin/sh /usr/share/cros/init/shill.sh
+
+ExecStopPost=/usr/sbin/bootstat shill-stop
diff --git a/init/shill.sh b/init/shill.sh
new file mode 100644
index 0000000..3c7e5d9
--- /dev/null
+++ b/init/shill.sh
@@ -0,0 +1,50 @@
+#
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+DAEMONBIN="shill"
+ARGS="--log-level=${SHILL_LOG_LEVEL} --log-scopes=${SHILL_LOG_SCOPES}"
+if [ -n "${BLACKLISTED_DEVICES}" ] && [ -n "${SHILL_TEST_DEVICES}" ]; then
+  ARGS="${ARGS} --device-black-list=${BLACKLISTED_DEVICES},${SHILL_TEST_DEVICES}"
+elif [ -n "${BLACKLISTED_DEVICES}" ]; then
+  ARGS="${ARGS} --device-black-list=${BLACKLISTED_DEVICES}"
+elif [ -n "${SHILL_TEST_DEVICES}" ]; then
+  ARGS="${ARGS} --device-black-list=${SHILL_TEST_DEVICES}"
+fi
+if [ -n "${SHILL_PASSIVE_MODE}" ]; then
+  ARGS="${ARGS} --passive-mode"
+fi
+if [ -n "${SHILL_PREPEND_DNS_SERVERS}" ]; then
+  ARGS="${ARGS} --prepend-dns-servers=${SHILL_PREPEND_DNS_SERVERS}"
+fi
+if [ -n "${SHILL_ACCEPT_HOSTNAME_FROM}" ]; then
+  ARGS="${ARGS} --accept-hostname-from=${SHILL_ACCEPT_HOSTNAME_FROM}"
+fi
+if [ -n "${SHILL_MINIMUM_MTU}" ]; then
+  ARGS="${ARGS} --minimum-mtu=${SHILL_MINIMUM_MTU}"
+fi
+if [ -n "${DHCPV6_ENABLED_DEVICES}" ]; then
+  ARGS="${ARGS} --dhcpv6-enabled-devices=${DHCPV6_ENABLED_DEVICES}"
+fi
+ARGS="${ARGS} ${SHILL_TEST_ARGS}"
+
+# If OOBE has not completed (i.e. EULA not agreed to), do not run
+# portal checks
+if [ ! -f /home/chronos/.oobe_completed ]; then
+  ARGS="${ARGS} --portal-list="
+fi
+
+exec ${DAEMONBIN} ${ARGS}