• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2020 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5# Installed by sound_card_init package.
6# sound_card_init upstart job.
7# sound_card_init is started by /lib/udev/rules.d/99-sound_card_init.rules
8
9description     "Chrome OS sound card initializer"
10author          "chromium-os-dev@chromium.org"
11
12# sound_card_init is a short-running process, but we don't start it as
13# a task job, because sound_card_init needs the sound card to be ready in
14# CRAS therefore we do not want to block the udev rule processing.
15
16# Make the task killable, because if it has a leak it's better to
17# restart it than to OOM-panic.
18oom score 0
19
20# SOUND_CARD_ID is provided by /lib/udev/rules.d/99-sound_card_init.rules.
21import SOUND_CARD_ID
22
23pre-start script
24  if ! echo "${SOUND_CARD_ID}" | grep -Eq "^[a-zA-Z0-9]+$"; then
25    logger -t "${UPSTART_JOB}" \
26      "Invalid SOUND_CARD_ID supplied"
27    exit 1
28  else
29    mkdir -m 0755 -p /var/lib/sound_card_init/"${SOUND_CARD_ID}"
30    chown -R sound_card_init:sound_card_init /var/lib/sound_card_init
31  fi
32end script
33
34
35script
36  CONFIG="$(cros_config /audio/main sound-card-init-conf)"
37  if [ -f /etc/sound_card_init/"${CONFIG}" ]; then
38    # Here (in order) are a list of the args added:
39    # --uts: Create and enter new UTS namespace (hostname/NIS domain name).
40    # -e: doesn't need network access.
41    # -l: process doesn't use SysV shared memory or IPC.
42    # -N: doesn't need to modify control groups settings.
43    # -v: run inside a new VFS namespace.
44    # -p -r: process doesn't need to access other processes in the system.
45    # -n: process doesn't need new privileges.
46    # -P: set /mnt/empty as the root fs.
47    # -b: bind /
48    # -k: Get a writeable and empty /run tmpfs path.
49    # -b: need /run/cras to connect cras.
50    # -b: need /dev to send ioctls to the system's block devices.
51    # -k: empty /sys tmpfs path.
52    # -b: need /sys/firmware/vpd/ro/ access to read the default calibration
53    #     value in vpd.
54    # -k: get a writeable and empty /var tmpfs path.
55    # -b: need /var/lib/sound_card_init/$SOUND_CARD_ID writable access for
56    #     datastore update.
57    # -b: need /var/lib/cras readable
58    exec minijail0 \
59        --uts \
60        -e \
61        -l \
62        -N \
63        -v \
64        -p -r \
65        -n \
66        -P /mnt/empty \
67        -b / \
68        -k 'tmpfs,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
69        -b /run/cras \
70        -b /dev \
71        -k 'tmpfs,/sys,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
72        -b /sys/firmware/vpd/ro/ \
73        -k 'tmpfs,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
74        -b /var/lib/sound_card_init/"${SOUND_CARD_ID}"/,,1 \
75        -b /var/lib/cras/ \
76        -u sound_card_init -g sound_card_init -G \
77        -S /usr/share/policy/sound_card_init-seccomp.policy \
78        /usr/bin/sound_card_init "--id=${SOUND_CARD_ID}" "--conf=${CONFIG}"
79  fi
80end script