| # Copyright 2020 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # Installed by sound_card_init package. |
| # sound_card_init upstart job. |
| # sound_card_init is started by /lib/udev/rules.d/99-sound_card_init.rules |
| |
| description "Chrome OS sound card initializer" |
| author "chromium-os-dev@chromium.org" |
| |
| # sound_card_init is a short-running process, but we don't start it as |
| # a task job, because sound_card_init needs the sound card to be ready in |
| # CRAS therefore we do not want to block the udev rule processing. |
| |
| # Make the task killable, because if it has a leak it's better to |
| # restart it than to OOM-panic. |
| oom score 0 |
| |
| # SOUND_CARD_ID is provided by /lib/udev/rules.d/99-sound_card_init.rules. |
| import SOUND_CARD_ID |
| |
| pre-start script |
| if ! echo "${SOUND_CARD_ID}" | grep -Eq "^[a-zA-Z0-9]+$"; then |
| logger -t "${UPSTART_JOB}" \ |
| "Invalid SOUND_CARD_ID supplied" |
| exit 1 |
| else |
| mkdir -m 0755 -p /var/lib/sound_card_init/"${SOUND_CARD_ID}" |
| chown -R sound_card_init:sound_card_init /var/lib/sound_card_init |
| fi |
| end script |
| |
| |
| script |
| CONFIG="$(cros_config /audio/main sound-card-init-conf)" |
| if [ -f /etc/sound_card_init/"${CONFIG}" ]; then |
| # Here (in order) are a list of the args added: |
| # --uts: Create and enter new UTS namespace (hostname/NIS domain name). |
| # -e: doesn't need network access. |
| # -l: process doesn't use SysV shared memory or IPC. |
| # -N: doesn't need to modify control groups settings. |
| # -v: run inside a new VFS namespace. |
| # -p -r: process doesn't need to access other processes in the system. |
| # -n: process doesn't need new privileges. |
| # -P: set /mnt/empty as the root fs. |
| # -b: bind / |
| # -k: Get a writeable and empty /run tmpfs path. |
| # -b: need /run/cras to connect cras. |
| # -b: need /dev to send ioctls to the system's block devices. |
| # -k: empty /sys tmpfs path. |
| # -b: need /sys/firmware/vpd/ro/ access to read the default calibration |
| # value in vpd. |
| # -k: get a writeable and empty /var tmpfs path. |
| # -b: need /var/lib/sound_card_init/$SOUND_CARD_ID writable access for |
| # datastore update. |
| # -b: need /var/lib/cras readable |
| exec minijail0 \ |
| --uts \ |
| -e \ |
| -l \ |
| -N \ |
| -v \ |
| -p -r \ |
| -n \ |
| -P /mnt/empty \ |
| -b / \ |
| -k 'tmpfs,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /run/cras \ |
| -b /dev \ |
| -k 'tmpfs,/sys,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /sys/firmware/vpd/ro/ \ |
| -k 'tmpfs,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \ |
| -b /var/lib/sound_card_init/"${SOUND_CARD_ID}"/,,1 \ |
| -b /var/lib/cras/ \ |
| -u sound_card_init -g sound_card_init -G \ |
| -S /usr/share/policy/sound_card_init-seccomp.policy \ |
| /usr/bin/sound_card_init "--id=${SOUND_CARD_ID}" "--conf=${CONFIG}" |
| fi |
| end script |