sound_card_init/sound_card_init.conf - platform/external/adhd - Git at Google

 # Copyright 2020 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Installed by sound_card_init package.
 # sound_card_init upstart job.
 # sound_card_init is started by /lib/udev/rules.d/99-sound_card_init.rules

 description     "Chrome OS sound card initializer"
 author          "chromium-os-dev@chromium.org"

 # sound_card_init is a short-running process, but we don't start it as
 # a task job, because sound_card_init needs the sound card to be ready in
 # CRAS therefore we do not want to block the udev rule processing.

 # Make the task killable, because if it has a leak it's better to
 # restart it than to OOM-panic.
 oom score 0

 # SOUND_CARD_ID is provided by /lib/udev/rules.d/99-sound_card_init.rules.
 import SOUND_CARD_ID

 pre-start script
   if ! echo "${SOUND_CARD_ID}" | grep -Eq "^[a-zA-Z0-9]+$"; then
     logger -t "${UPSTART_JOB}" \
       "Invalid SOUND_CARD_ID supplied"
     exit 1
   else
     mkdir -m 0755 -p /var/lib/sound_card_init/"${SOUND_CARD_ID}"
     chown -R sound_card_init:sound_card_init /var/lib/sound_card_init
   fi
 end script


 script
   CONFIG="$(cros_config /audio/main sound-card-init-conf)"
   if [ -f /etc/sound_card_init/"${CONFIG}" ]; then
     # Here (in order) are a list of the args added:
     # --uts: Create and enter new UTS namespace (hostname/NIS domain name).
     # -e: doesn't need network access.
     # -l: process doesn't use SysV shared memory or IPC.
     # -N: doesn't need to modify control groups settings.
     # -v: run inside a new VFS namespace.
     # -p -r: process doesn't need to access other processes in the system.
     # -n: process doesn't need new privileges.
     # -P: set /mnt/empty as the root fs.
     # -b: bind /
     # -k: Get a writeable and empty /run tmpfs path.
     # -b: need /run/cras to connect cras.
     # -b: need /dev to send ioctls to the system's block devices.
     # -k: empty /sys tmpfs path.
     # -b: need /sys/firmware/vpd/ro/ access to read the default calibration
     #     value in vpd.
     # -k: get a writeable and empty /var tmpfs path.
     # -b: need /var/lib/sound_card_init/$SOUND_CARD_ID writable access for
     #     datastore update.
     # -b: need /var/lib/cras readable
     exec minijail0 \
         --uts \
         -e \
         -l \
         -N \
         -v \
         -p -r \
         -n \
         -P /mnt/empty \
         -b / \
         -k 'tmpfs,/run,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
         -b /run/cras \
         -b /dev \
         -k 'tmpfs,/sys,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
         -b /sys/firmware/vpd/ro/ \
         -k 'tmpfs,/var,tmpfs,MS_NODEV|MS_NOEXEC|MS_NOSUID,mode=755,size=10M' \
         -b /var/lib/sound_card_init/"${SOUND_CARD_ID}"/,,1 \
         -b /var/lib/cras/ \
         -u sound_card_init -g sound_card_init -G \
         -S /usr/share/policy/sound_card_init-seccomp.policy \
         /usr/bin/sound_card_init "--id=${SOUND_CARD_ID}" "--conf=${CONFIG}"
   fi
 end script
	# Copyright 2020 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Installed by sound_card_init package.
	# sound_card_init upstart job.
	# sound_card_init is started by /lib/udev/rules.d/99-sound_card_init.rules

	description "Chrome OS sound card initializer"
	author "chromium-os-dev@chromium.org"

	# sound_card_init is a short-running process, but we don't start it as
	# a task job, because sound_card_init needs the sound card to be ready in
	# CRAS therefore we do not want to block the udev rule processing.

	# Make the task killable, because if it has a leak it's better to
	# restart it than to OOM-panic.
	oom score 0

	# SOUND_CARD_ID is provided by /lib/udev/rules.d/99-sound_card_init.rules.
	import SOUND_CARD_ID

	pre-start script
	if ! echo "${SOUND_CARD_ID}" \| grep -Eq "^[a-zA-Z0-9]+$"; then
	logger -t "${UPSTART_JOB}" \
	"Invalid SOUND_CARD_ID supplied"
	exit 1
	else
	mkdir -m 0755 -p /var/lib/sound_card_init/"${SOUND_CARD_ID}"
	chown -R sound_card_init:sound_card_init /var/lib/sound_card_init
	fi
	end script


	script
	CONFIG="$(cros_config /audio/main sound-card-init-conf)"
	if [ -f /etc/sound_card_init/"${CONFIG}" ]; then
	# Here (in order) are a list of the args added:
	# --uts: Create and enter new UTS namespace (hostname/NIS domain name).
	# -e: doesn't need network access.
	# -l: process doesn't use SysV shared memory or IPC.
	# -N: doesn't need to modify control groups settings.
	# -v: run inside a new VFS namespace.
	# -p -r: process doesn't need to access other processes in the system.
	# -n: process doesn't need new privileges.
	# -P: set /mnt/empty as the root fs.
	# -b: bind /
	# -k: Get a writeable and empty /run tmpfs path.
	# -b: need /run/cras to connect cras.
	# -b: need /dev to send ioctls to the system's block devices.
	# -k: empty /sys tmpfs path.
	# -b: need /sys/firmware/vpd/ro/ access to read the default calibration
	# value in vpd.
	# -k: get a writeable and empty /var tmpfs path.
	# -b: need /var/lib/sound_card_init/$SOUND_CARD_ID writable access for
	# datastore update.
	# -b: need /var/lib/cras readable
	exec minijail0 \
	--uts \
	-e \
	-l \
	-N \
	-v \
	-p -r \
	-n \
	-P /mnt/empty \
	-b / \
	-k 'tmpfs,/run,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /run/cras \
	-b /dev \
	-k 'tmpfs,/sys,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /sys/firmware/vpd/ro/ \
	-k 'tmpfs,/var,tmpfs,MS_NODEV\|MS_NOEXEC\|MS_NOSUID,mode=755,size=10M' \
	-b /var/lib/sound_card_init/"${SOUND_CARD_ID}"/,,1 \
	-b /var/lib/cras/ \
	-u sound_card_init -g sound_card_init -G \
	-S /usr/share/policy/sound_card_init-seccomp.policy \
	/usr/bin/sound_card_init "--id=${SOUND_CARD_ID}" "--conf=${CONFIG}"
	fi
	end script