blob: 74a2d66aba97fe6e10f05496c28b927923ecfa92 [file] [log] [blame]
# Copyright 2017 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
description "Start the U2FHID emulation daemon"
author "chromium-os-dev@chromium.org"
# TODO(crbug.com/770150) also start on device policy creation/update for OOBE.
start on started trunksd
stop on stopping system-services
respawn
# if the job respawns 3 times in 10 seconds, stop trying.
respawn limit 3 10
# Do not respawn if we exited on purpose (e.g. service disabled).
normal exit 0
# Create a 'fake' /var directory hierarchy for the chroot
# to be able to bind mount the /var/lib/whitelist/policy file.
env VAR_DIR=/run/u2fd_var
# Directory containing (u2f|g2f|verbose).force files.
env FORCE_DIR=/var/lib/u2f/force
pre-start script
mkdir -p "${VAR_DIR}/lib/whitelist"
chown -R u2f "${VAR_DIR}"
chmod -R 500 "${VAR_DIR}"
# Settings override.
mkdir -p -m 0700 "${FORCE_DIR}"
end script
# -e creates Network namespace.
# -p creates PID namespace.
# -l creates IPC namespace.
# -r remounts /proc read-only.
# -v enters new mount namespace (allows to change mounts inside jail).
# -n prevents that execve gains privileges.
# --uts creates a new UTS namespace.
# -c 0 don't need any capability.
# -P creates a pivot_root at the target folder.
# -b /,/ mounts / read-only.
# -b /run,/run mount read-only, required for D-Bus.
# -b /dev,/dev required to access /dev/uhid.
# -b ...,/var to read device policies from /var/lib/whitelist/policy.
# -u u2f change user.
# -G inherit u2f supplementary groups (ie policy-readers)
# -g bluetooth change group to access /dev/uhid.
script
force_enabled() {
[ -f "${FORCE_DIR}/$1.force" ]
}
ARGS=""
force_enabled u2f && ARGS="${ARGS} --force_u2f"
force_enabled g2f && ARGS="${ARGS} --force_g2f"
force_enabled verbose && ARGS="${ARGS} --verbose"
# If the device policy directory do not exist yet, minijail will abort while
# mounting the files. The resulting SIGABRT will both generate crash dump and
# trigger a spurious respawn.
if [ ! -f /var/lib/whitelist/owner.key ]; then
logger -t "${UPSTART_JOB}" "Exiting, no device policy"
exit 0
fi
exec minijail0 -e -p -l -r -v -n --uts -c 0 -P /mnt/empty \
-b /,/ -b /run,/run -b /dev,/dev \
-b ${VAR_DIR},/var \
-b /var/lib/whitelist,/var/lib/whitelist \
-u u2f -G -g bluetooth -- /usr/bin/u2fd ${ARGS}
end script