trunksd.cc revision 3978ff0bfabc5f04798851e003d3dc372280a989 
1c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi// Copyright 2014 The Chromium OS Authors. All rights reserved.
2c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi// Use of this source code is governed by a BSD-style license that can be
3c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi// found in the LICENSE file.
4c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi
5c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include <base/at_exit.h>
6c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include <base/command_line.h>
7c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include <base/message_loop/message_loop.h>
880c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include <base/threading/thread.h>
980c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include <chromeos/libminijail.h>
1080c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include <chromeos/minijail/minijail.h>
11c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include <chromeos/syslog_logging.h>
12c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi
1380c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include "trunks/background_command_transceiver.h"
1480c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include "trunks/tpm_handle.h"
15c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include "trunks/trunks_service.h"
16c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi
1780c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnnamespace {
1880c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn
1980c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst uid_t kTrunksUID = 251;
2080c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst uid_t kRootUID = 0;
2180c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst char kTrunksUser[] = "trunks";
2280c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst char kTrunksGroup[] = "trunks";
2380c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst char kTrunksSeccompPath[] = "/usr/share/policy/trunksd-seccomp.policy";
2480c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst char kBackgroundThreadName[] = "trunksd_background_thread";
2580c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn
2680c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnvoid InitMinijailSandbox() {
2780c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  CHECK_EQ(getuid(), kRootUID) << "Trunks Daemon not initialized as root.";
2880c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  chromeos::Minijail* minijail = chromeos::Minijail::GetInstance();
2980c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  struct minijail* jail = minijail->New();
3080c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  minijail->DropRoot(jail, kTrunksUser, kTrunksGroup);
3180c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  minijail->UseSeccompFilter(jail, kTrunksSeccompPath);
3280c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  minijail->Enter(jail);
3380c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  minijail->Destroy(jail);
3480c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  CHECK_EQ(getuid(), kTrunksUID)
3580c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn      << "Trunks Daemon was not able to drop to trunks user.";
3680c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn}
3780c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn
3880c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn}  // namespace
39c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi
40c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghiint main(int argc, char **argv) {
413978ff0bfabc5f04798851e003d3dc372280a989Alex Vakulenko  base::CommandLine::Init(argc, argv);
42c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  chromeos::InitLog(chromeos::kLogToSyslog | chromeos::kLogToStderr);
43c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  base::AtExitManager at_exit_manager;
4480c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  // A main message loop.
45c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  base::MessageLoopForIO message_loop;
4680c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  // A thread for executing TPM commands.
4780c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  base::Thread background_thread(kBackgroundThreadName);
4880c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  CHECK(background_thread.Start());
4980c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  trunks::TpmHandle tpm_handle;
5080c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  CHECK(tpm_handle.Init());
5180c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  trunks::BackgroundCommandTransceiver background_transceiver(
5280c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn      &tpm_handle,
5380c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn      background_thread.message_loop_proxy());
5480c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  InitMinijailSandbox();
5580c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  trunks::TrunksService service(&background_transceiver);
5680c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  service.Init();
57c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  LOG(INFO) << "Trunks service started!";
58c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  message_loop.Run();
59c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  return -1;
60c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi}
61