1*e1997b9aSAndroid Build Coastguard Workerservice odsign /system/bin/odsign 2*e1997b9aSAndroid Build Coastguard Worker class core 3*e1997b9aSAndroid Build Coastguard Worker user root 4*e1997b9aSAndroid Build Coastguard Worker group system 5*e1997b9aSAndroid Build Coastguard Worker disabled # does not start with the core class 6*e1997b9aSAndroid Build Coastguard Worker # We need SYS_NICE in order to allow the crosvm child process to use it. 7*e1997b9aSAndroid Build Coastguard Worker # (b/322197421). odsign itself never uses it (and isn't allowed to by 8*e1997b9aSAndroid Build Coastguard Worker # SELinux). 9*e1997b9aSAndroid Build Coastguard Worker capabilities SYS_NICE 10*e1997b9aSAndroid Build Coastguard Worker 11*e1997b9aSAndroid Build Coastguard Worker# Note that odsign is not oneshot, but stopped manually when it exits. This 12*e1997b9aSAndroid Build Coastguard Worker# ensures that if odsign crashes during a module update, apexd will detect 13*e1997b9aSAndroid Build Coastguard Worker# those crashes and roll back the update. 14