trunksd.cc revision 4ede7fcc1571b23867536b2506900fc3987c2dd5 
1c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi// Copyright 2014 The Chromium OS Authors. All rights reserved.
2c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi// Use of this source code is governed by a BSD-style license that can be
3c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi// found in the LICENSE file.
4c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi
5c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include <base/at_exit.h>
64ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn#include <base/bind.h>
7c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include <base/command_line.h>
8c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include <base/message_loop/message_loop.h>
980c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include <base/threading/thread.h>
1080c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include <chromeos/libminijail.h>
1180c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include <chromeos/minijail/minijail.h>
12c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include <chromeos/syslog_logging.h>
13c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi
1480c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include "trunks/background_command_transceiver.h"
154ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn#include "trunks/resource_manager.h"
1680c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn#include "trunks/tpm_handle.h"
174ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn#include "trunks/trunks_factory_impl.h"
18c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi#include "trunks/trunks_service.h"
19c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi
2080c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnnamespace {
2180c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn
2280c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst uid_t kTrunksUID = 251;
2380c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst uid_t kRootUID = 0;
2480c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst char kTrunksUser[] = "trunks";
2580c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst char kTrunksGroup[] = "trunks";
2680c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst char kTrunksSeccompPath[] = "/usr/share/policy/trunksd-seccomp.policy";
2780c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnconst char kBackgroundThreadName[] = "trunksd_background_thread";
2880c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn
2980c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahnvoid InitMinijailSandbox() {
3080c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  CHECK_EQ(getuid(), kRootUID) << "Trunks Daemon not initialized as root.";
3180c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  chromeos::Minijail* minijail = chromeos::Minijail::GetInstance();
3280c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  struct minijail* jail = minijail->New();
3380c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  minijail->UseSeccompFilter(jail, kTrunksSeccompPath);
344ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  minijail->DropRoot(jail, kTrunksUser, kTrunksGroup);
3580c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  minijail->Enter(jail);
3680c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  minijail->Destroy(jail);
3780c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  CHECK_EQ(getuid(), kTrunksUID)
3880c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn      << "Trunks Daemon was not able to drop to trunks user.";
3980c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn}
4080c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn
4180c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn}  // namespace
42c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi
43c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghiint main(int argc, char **argv) {
443978ff0bfabc5f04798851e003d3dc372280a989Alex Vakulenko  base::CommandLine::Init(argc, argv);
45c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  chromeos::InitLog(chromeos::kLogToSyslog | chromeos::kLogToStderr);
46c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  base::AtExitManager at_exit_manager;
474ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  // Open a handle to the TPM and drop privilege.
484ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  trunks::TpmHandle tpm_handle;
494ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  CHECK(tpm_handle.Init());
504ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  InitMinijailSandbox();
514ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  // A main message loop. This loop will process all incoming and outgoing IPC
524ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  // messages. It *must* not block on the TPM.
53c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  base::MessageLoopForIO message_loop;
5480c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  // A thread for executing TPM commands.
5580c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  base::Thread background_thread(kBackgroundThreadName);
5680c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  CHECK(background_thread.Start());
574ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  // Chain together command transceivers:
584ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  //   [IPC] --> TrunksService --> BackgroundCommandTransceiver -->
594ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  //       ResourceManager --> TpmHandle --> [TPM]
604ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  trunks::Tpm tpm(&tpm_handle);
614ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  trunks::TrunksFactoryImpl factory(&tpm);
624ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  trunks::ResourceManager resource_manager(factory, &tpm_handle);
634ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  // Schedule resource manager initialization in the background.
644ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn  background_thread.message_loop_proxy()->PostNonNestableTask(
654ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn      FROM_HERE,
664ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn      base::Bind(&trunks::ResourceManager::Initialize,
674ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn                 base::Unretained(&resource_manager)));
6880c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  trunks::BackgroundCommandTransceiver background_transceiver(
694ede7fcc1571b23867536b2506900fc3987c2dd5Darren Krahn      &resource_manager,
7080c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn      background_thread.message_loop_proxy());
7180c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  trunks::TrunksService service(&background_transceiver);
7280c739e10fd606b24e2656cad6e566c66bb218d4Darren Krahn  service.Init();
73c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  LOG(INFO) << "Trunks service started!";
74c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  message_loop.Run();
75c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi  return -1;
76c2be426142cd74b3136b2670f3feb92fb92923cbUtkarsh Sanghi}
77