# @@@LICENSE # Copyright (c) 2013-2019 LG Electronics, Inc. # # Confidential computer software. Valid license from LG required for # possession, use or copying. Consistent with FAR 12.211 and 12.212, # Commercial Computer Software, Computer Software Documentation, and # Technical Data for Commercial Items are licensed to the U.S. Government # under vendor's standard commercial license. # # LICENSE@@@ # native_Dev Mode # application dir set APPDIR = /media/cryptofs/apps/usr/palm/applications/$APPID # jail dir: set JAILDIR = /var/palm/jail include jail_device.conf # commands: # add jail user to the right groups: groups video,audio,luna,compositor,crashd,se # setup mount points mkdir /usr mkdir /usr/palm mkdir /usr/palm/services # /tmp setup mount rw /tmp mkdir /var chown /var 0 0 chmod 1777 /tmp link /tmp /var/tmp # / chown / 0 0 chmod 755 / # mount things mount ro /lib mount ro /bin mount ro /usr/bin mount ro /usr/lib mount ro /usr/palm/frameworks mount ro /usr/share mount ro /usr/share/fonts mount rw /proc mkdir /var/run mount rw /var/run/pulse mount rw /var/run/luna-service2 mkdir /var/log if $do_qt4 == true mkdir /usr/plugins mount ro /usr/plugins else mkdir /usr/lib/qt5/plugins mount ro /usr/lib/qt5/plugins endif mkdir /dev copynod /dev/urandom chmod 666 /dev/urandom if $do_snd == true mount rw /dev/snd endif if $emulator != true copynod /dev/video0 chmod 660 /dev/video0 chown /dev/video0 0 44 link /dev/video0 /dev/video copynod /dev/video20 chmod 660 /dev/video20 chown /dev/video20 0 44 endif copynod /dev/fb0 chmod 660 /dev/fb0 chown /dev/fb0 0 44 # not include emulator, lm15u, h15 if $devfb123 == true copynod /dev/fb1 chmod 660 /dev/fb1 chown /dev/fb1 0 44 copynod /dev/fb2 chmod 660 /dev/fb2 chown /dev/fb2 0 44 copynod /dev/fb3 chmod 660 /dev/fb3 chown /dev/fb3 0 44 endif # for uhd(lm15u, h15) if $uhd == true copynod /dev/mali0 chmod 660 /dev/mali0 chown /dev/mali0 0 44 copynod /dev/ump chmod 660 /dev/ump chown /dev/ump 0 44 endif copynod /dev/console chmod 666 /dev/console if $do_pvr == true copynod /dev/pvrsrvkm chmod 660 /dev/pvrsrvkm chown /dev/pvrsrvkm 0 44 endif # /dev/shm (TODO: mount or mkdir + copy?) mount rw /dev/shm chmod 777 /dev/shm # ls2 (public bus only) #chmod 664 /dev/shm/ls2.monitor.pub.shm #chown /dev/shm/ls2.monitor.pub.shm 0 5000 # TODO: Do we need /dev/pts for ptty ssh terminal session? mount rw /dev/pts if emulator != true mount rw /tmp/dbgfrwk endif copynod /dev/null chmod 777 /dev/null # jail log system mkdir -p /dev/logdir if $MODE == runtime system test -e /dev/logdir/log || ln /dev/log /dev/logdir/log endif mount ro /dev/logdir if $MODE == delete system rm -f /dev/logdir/log endif link /dev/logdir/log /dev/log chown /dev/logdir/log 0 5000 chmod 660 /dev/logdir/log #chown /dev/log 0 5000 chmod 666 /dev/log # pulse-shm may or may not exist if $MODE == runtime system chmod a+r /dev/shm/pulse-shm-* >& /dev/null endif # /var/luna/preferences mkdir /var/luna mkdir /var/luna/preferences mount ro /var/luna/preferences link /var/luna/preferences/localtime /etc/localtime # /var/lib/devmode/sshd -- openssh sshd host keys # use copy, not mount, so we change permissions in jail only # paths must match paths used in devmode app and script for sshd host keys mkdir /var/lib mkdir /var/lib/devmode mkdir /var/lib/devmode/sshd copy /var/lib/devmode/sshd/ssh_host_rsa_key copy /var/lib/devmode/sshd/ssh_host_ecdsa_key copy /var/lib/devmode/sshd/ssh_host_dsa_key chmod 644 /var/lib/devmode/sshd/ssh_host_rsa_key chmod 644 /var/lib/devmode/sshd/ssh_host_ecdsa_key chmod 644 /var/lib/devmode/sshd/ssh_host_dsa_key # /var/palm/ls2-dev/services (for ares-inspect to read .service files to locate service dir) system mkdir -p /var/palm/ls2-dev/services/pub mkdir /var/palm mkdir /var/palm/ls2-dev mkdir /var/palm/ls2-dev/services mount ro /var/palm/ls2-dev/services/pub # /var/run mount rw /var/run # /etc # (asound.conf doesn't exist in emulator) copy /etc/asound.conf copy /etc/ld.so.cache copy /etc/ld.so.preload copy /etc/nsswitch.conf copy /etc/services mkdir /etc/pulse copy /etc/pulse/client.conf mkdir /etc/PmLogDaemon copy /etc/PmLogDaemon/whitelist.txt # /etc/fonts mkdir /etc/fonts mount ro /etc/fonts if $do_powervr == true copy /etc/powervr.ini endif mkdir /etc/prefs copy /etc/prefs/public_properties mount ro /etc/prefs/properties mount ro /etc/ssl # for gstreamer mkdir /etc/gst copy /etc/gst/gstcool.conf # /mnt/lg/res mkdir /mnt mkdir /mnt/lg mkdir /mnt/lg/res mount ro /mnt/lg/res # for skylanders. it is native game app. if $do_skylanders insmod /mnt/lg/res/lglib/portal.ko chmod 666 /dev/portal endif # for joystick mkdir /sys mkdir /sys/class mkdir /sys/class/input mount ro /sys/class/input mkdir /sys/class/net mount ro /sys/class/net mkdir /sys/devices mount ro /sys/devices mkdir /sys/dev mount ro /sys/dev mkdir /dev/input mount ro /dev/input # for directmedia # if device is added such as mtk, mstar.., this condition should be modified. if $emulator != true mkdir /dev/lg mount rw /dev/lg chown /dev/lg 0 5000 copynodall /dev/hidraw 32 mkdir /mnt/lg/model copy /mnt/lg/model/RELEASE.cfg chmod 640 /mnt/lg/model/RELEASE.cfg chown /mnt/lg/model/RELEASE.cfg 0 5000 if $mstar == false link /dev/lg/gfx0 /dev/gfx copynod /dev/vdec chmod 666 /dev/vdec copynod /dev/vo chmod 666 /dev/vo copynod /dev/logfunnel chmod 666 /dev/logfunnel # for secure video path copynod /dev/hma chmod 666 /dev/hma endif if $mstar == true copynod /dev/gfx chown /dev/gfx 0 5000 chmod 666 /dev/gfx copynod /dev/system_lg chown /dev/system_lg 0 5000 chmod 666 /dev/system_lg copynod /dev/miomap chown /dev/miomap 0 5000 chmod 666 /dev/miomap copynod /dev/msmailbox chown /dev/msmailbox 0 5000 chmod 666 /dev/msmailbox copynod /dev/semutex chown /dev/semutex 0 5000 chmod 666 /dev/semutex copynod /dev/malloc chown /dev/malloc 0 5000 chmod 666 /dev/malloc copynod /dev/system chown /dev/system 0 5000 chmod 666 /dev/system copynod /dev/demod chown /dev/demod 0 5000 chmod 666 /dev/demod copynod /dev/uinput chown /dev/uinput 0 5000 chmod 666 /dev/uinput mkdir /tee copy /tee/mmap.ini chmod 770 /tee/mmap.ini chown /tee/mmap.ini 0 5000 mkdir /etc/xdg copy /etc/xdg/gstomx.conf #chrome, native app crash copynod /dev/dma_buf_te chown /dev/dma_buf_te 0 5000 chmod 660 /dev/dma_buf_te #GAV demo copynod /dev/ump chmod 660 /dev/ump chown /dev/ump 0 44 # cloud game copynod /dev/mma chown /dev/mma 0 5000 chmod 660 /dev/mma copynod /dev/video28 chmod 660 /dev/video28 chown /dev/video28 0 44 if $device == m2 copynod /dev/umplock chmod 660 /dev/umplock chown /dev/umplock 0 44 endif endif # for playready DRM mkdir /mnt/lg/flash chmod 775 /mnt/lg/flash/ mkdir /mnt/lg/flash/data chmod 775 /mnt/lg/flash/data mkdir /mnt/flash link /mnt/lg/flash/data /mnt/flash/data endif mountusbdir # env setenv HOME $APPDIR setenv LD_LIBRARY_PATH /usr/lib:$APPDIR/lib setenv AT_QPA_PLATFORM wayland-egl setenv QT_WAYLAND_HARDWARE_INTERGRATION wayland-egl setenv SDL_MRCU_TIMER 300000 setrlimit CORE INF INF setrlimit MEMLOCK INF INF setrlimit NICE -2 -2 # /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service mkdir /media mkdir /media/cryptofs mkdir /media/cryptofs/apps mkdir /media/cryptofs/apps/usr mkdir /media/cryptofs/apps/usr/palm mkdir /media/cryptofs/apps/usr/palm/services mkdir /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service #for directv if $emulator == true system mkdir -p /mnt/lg/ciplus/authcxt endif mkdir /mnt/lg/ciplus mkdir /mnt/lg/ciplus/authcxt chmod 775 /mnt/lg/ciplus/authcxt mount rw /mnt/lg/ciplus/authcxt # mount /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/binaries-ARCH/opt dirs set DEVMODEDIR = /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/ if $emulator == true set DEVROOT = $DEVMODEDIR/binaries-i686 else set DEVROOT = $DEVMODEDIR/binaries-armv71 endif mkdir $DEVROOT mkdir $DEVROOT/opt # in testing, these dirs may not exist yet; make sure they do (to prevent jail failure) system mkdir -p $DEVROOT/opt/openssh $DEVROOT/opt/devmode /media/developer /media/internal mount ro $DEVROOT/opt/openssh mount ro $DEVROOT/opt/devmode # link openssh (binaries, etc.) in /opt/openssh from (mounted) devmode app (service) dir mkdir /opt link $DEVROOT/opt/openssh /opt/openssh link $DEVROOT/opt/devmode /opt/devmode # mount /media/developer and /media/internal: mount rw /media/developer mount ro /media/internal # for mtk if $mtk == true copynod /dev/mtal chmod 770 /dev/mtal chown /dev/mtal 0 5000 copynod /dev/ump chmod 770 /dev/ump chown /dev/ump 0 5000 copynod /dev/mali chmod 770 /dev/mali chown /dev/mali 0 5000 copynod /dev/cb chmod 770 /dev/cb chown /dev/cb 0 5000 copynod /dev/uinput chmod 660 /dev/uinput chown /dev/uinput 0 5000 copynod /dev/tsrec chmod 770 /dev/tsrec chown /dev/tsrec 0 5000 copynod /dev/aomx chmod 770 /dev/aomx chown /dev/aomx 0 5000 copynod /dev/ptmx chmod 660 /dev/ptmx chown /dev/ptmx 0 5000 copynod /dev/vomx chmod 770 /dev/vomx chown /dev/vomx 0 5000 mount ro /etc/player-factory-1.0 mount ro /etc/xdg copynod /dev/feeder chmod 770 /dev/feeder chown /dev/feeder 0 5000 mkdir /dev/pts mount ro /dev/pts copynod /dev/video1 chmod 770 /dev/video1 chown /dev/video1 0 5000 link /dev/lg/gfx0 /dev/gfx chmod 770 /dev/lg/gfx endif # for rtk if $rtk == true copynod /dev/rtkmem chown /dev/rtkmem 0 5000 chmod 660 /dev/rtkmem copynod /dev/uinput chmod 660 /dev/uinput chown /dev/uinput 0 5000 copynod /dev/ptmx chmod 660 /dev/ptmx chown /dev/ptmx 0 5000 mount ro /etc/player-factory-1.0 mkdir /dev/pts mount ro /dev/pts copynod /dev/video1 chmod 770 /dev/video1 chown /dev/video1 0 5000 copynod /dev/gfx chmod 660 /dev/gfx mkdir /etc/xdg copy /etc/xdg/gstomx.conf mkdir /dev/dri copynod /dev/dri/card0 chmod 666 /dev/dri/card0 chown /dev/dri/card0 0 5000 copynod /dev/dri/card1 chmod 666 /dev/dri/card1 chown /dev/dri/card1 0 5000 copynod /dev/dri/controlD64 chmod 666 /dev/dri/controlD64 chown /dev/dri/controlD64 0 5000 copynod /dev/dri/renderD128 chmod 666 /dev/dri/renderD128 chown /dev/dri/renderD128 0 5000 copynod /dev/pvr_sync chmod 666 /dev/pvr_sync chown /dev/pvr_sync 0 5000 copynod /dev/auth chown /dev/auth 0 5000 chmod 660 /dev/auth copynod /dev/rtkaudio chown /dev/rtkaudio 0 5000 chmod 660 /dev/rtkaudio copynod /dev/rtkvdec chown /dev/rtkvdec 0 5000 chmod 660 /dev/rtkvdec copynodall /dev/rpc 16 copynodall /dev/i2c- 4 copynod /dev/hdcp2dev chown /dev/hdcp2dev 0 5000 chmod 660 /dev/hdcp2dev copynod /dev/rtkdemux chown /dev/rtkdemux 0 5000 chmod 660 /dev/rtkdemux copynod /dev/vscdev chown /dev/vscdev 0 5000 chmod 660 /dev/vscdev copynod /dev/vfedev chown /dev/vfedev 0 5000 chmod 660 /dev/vfedev copynod /dev/vbedev chown /dev/vbedev 0 5000 chmod 660 /dev/vbedev copynod /dev/vpqdev chown /dev/vpqdev 0 5000 chmod 660 /dev/vpqdev copynod /dev/sys-misc chown /dev/sys-misc 0 5000 chmod 660 /dev/sys-misc copynod /dev/gdma_hal_gal0 chown /dev/gdma_hal_gal0 0 5000 chmod 660 /dev/gdma_hal_gal0 copynod /dev/md0 chown /dev/md0 0 5000 chmod 660 /dev/md0 copynod /dev/venus_gpio chmod 660 /dev/venus_gpio chown /dev/venus_gpio 0 5000 copynod /dev/tp chmod 660 /dev/tp chown /dev/tp 0 5000 copynod /dev/mcp_core chmod 660 /dev/mcp_core chown /dev/mcp_core 0 5000 copynod /dev/mcp_dgst chmod 660 /dev/mcp_dgst chown /dev/mcp_dgst 0 5000 copynod /dev/mcp_cipher chmod 660 /dev/mcp_cipher chown /dev/mcp_cipher 0 5000 copynod /dev/mcp_rsa chmod 660 /dev/mcp_rsa chown /dev/mcp_rsa 0 5000 copynod /dev/zero chmod 660 /dev/zero chown /dev/zero 0 5000 copynod /dev/pwm0 chmod 660 /dev/pwm0 chown /dev/pwm0 0 5000 copynod /dev/vivtdev chmod 660 /dev/vivtdev chown /dev/vivtdev 0 5000 copynod /dev/vpqleddev chmod 660 /dev/vpqleddev chown /dev/vpqleddev 0 5000 copynod /dev/vpqmemc chmod 660 /dev/vpqmemc chown /dev/vpqmemc 0 5000 copynod /dev/rtkademod chmod 660 /dev/rtkademod chown /dev/rtkademod 0 5000 copynod /dev/rtkdemod chmod 660 /dev/rtkdemod chown /dev/rtkdemod 0 5000 copynod /dev/rpc100 chmod 660 /dev/rpc100 chown /dev/rpc100 0 5000 link /dev/fb0 /dev/fb copynod /dev/vdec chmod 660 /dev/vdec chown /dev/vdec 0 5000 copynod /dev/venus_iso_gpio chmod 660 /dev/venus_iso_gpio chown /dev/venus_iso_gpio 0 5000 copynod /dev/vo chmod 660 /dev/vo chown /dev/vo 0 5000 copynod /dev/vodev chmod 660 /dev/vodev chown /dev/vodev 0 5000 copynod /dev/hma chmod 660 /dev/hma chown /dev/hma 0 5000 #chrome, native app crash copynod /dev/dma_buf_gm chown /dev/dma_buf_gm 0 5000 chmod 660 /dev/dma_buf_gm endif # set home dir for developer mode setenv HOME /media/developer homedir /media/developer if $emulator == true setenv EGL_PLATFORM wayland endif