You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
563 lines
14 KiB
563 lines
14 KiB
// Copyright (C) 2015 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
// Common variables.
|
|
// =========================================================
|
|
package {
|
|
default_applicable_licenses: ["external_minijail_license"],
|
|
}
|
|
|
|
// Added automatically by a large-scale-change that took the approach of
|
|
// 'apply every license found to every target'. While this makes sure we respect
|
|
// every license restriction, it may not be entirely correct.
|
|
//
|
|
// e.g. GPL in an MIT project might only apply to the contrib/ directory.
|
|
//
|
|
// Please consider splitting the single license below into multiple licenses,
|
|
// taking care not to lose any license_kind information, and overriding the
|
|
// default license using the 'licenses: [...]' property on targets as needed.
|
|
//
|
|
// For unused files, consider creating a 'fileGroup' with "//visibility:private"
|
|
// to attach the license to, and including a comment whether the files may be
|
|
// used in the current project.
|
|
//
|
|
// large-scale-change included anything that looked like it might be a license
|
|
// text as a license_text. e.g. LICENSE, NOTICE, COPYING etc.
|
|
//
|
|
// Please consider removing redundant or irrelevant files from 'license_text:'.
|
|
// See: http://go/android-license-faq
|
|
license {
|
|
name: "external_minijail_license",
|
|
visibility: [":__subpackages__"],
|
|
license_kinds: [
|
|
"SPDX-license-identifier-Apache-2.0",
|
|
"SPDX-license-identifier-BSD",
|
|
],
|
|
license_text: [
|
|
"LICENSE",
|
|
"NOTICE",
|
|
],
|
|
}
|
|
|
|
libminijailSrcFiles = [
|
|
"bpf.c",
|
|
"libminijail.c",
|
|
"signal_handler.c",
|
|
"syscall_filter.c",
|
|
"syscall_wrapper.c",
|
|
"system.c",
|
|
"util.c",
|
|
]
|
|
|
|
unittestSrcFiles = [
|
|
"testrunner.cc",
|
|
]
|
|
|
|
minijailCommonLibraries = ["libcap"]
|
|
|
|
cc_defaults {
|
|
name: "libminijail_flags",
|
|
cflags: [
|
|
"-D_FILE_OFFSET_BITS=64",
|
|
"-DALLOW_DEBUG_LOGGING",
|
|
"-DALLOW_DUPLICATE_SYSCALLS",
|
|
"-DDEFAULT_PIVOT_ROOT=\"/var/empty\"",
|
|
"-Wall",
|
|
"-Werror",
|
|
],
|
|
c_std: "gnu11",
|
|
target: {
|
|
darwin: {
|
|
enabled: false,
|
|
},
|
|
},
|
|
}
|
|
|
|
// Static library for generated code.
|
|
// =========================================================
|
|
cc_object {
|
|
name: "libminijail_gen_syscall_obj",
|
|
vendor_available: true,
|
|
product_available: true,
|
|
recovery_available: true,
|
|
header_libs: ["libc_headers"], // TODO(b/153662223): Clean this up.
|
|
srcs: ["gen_syscalls.c"],
|
|
cflags: [
|
|
"-dD",
|
|
"-E",
|
|
"-Wall",
|
|
"-Werror",
|
|
],
|
|
apex_available: [
|
|
"//apex_available:platform",
|
|
"com.android.adbd",
|
|
"com.android.media.swcodec",
|
|
"com.android.virt",
|
|
],
|
|
min_sdk_version: "29",
|
|
}
|
|
|
|
cc_genrule {
|
|
name: "libminijail_gen_syscall",
|
|
vendor_available: true,
|
|
product_available: true,
|
|
recovery_available: true,
|
|
tool_files: ["gen_syscalls.sh"],
|
|
cmd: "$(location gen_syscalls.sh) $(in) $(out)",
|
|
srcs: [":libminijail_gen_syscall_obj"],
|
|
out: ["libsyscalls.c"],
|
|
apex_available: [
|
|
"//apex_available:platform",
|
|
"com.android.adbd",
|
|
"com.android.media.swcodec",
|
|
"com.android.virt",
|
|
],
|
|
}
|
|
|
|
cc_object {
|
|
name: "libminijail_gen_constants_obj",
|
|
vendor_available: true,
|
|
product_available: true,
|
|
recovery_available: true,
|
|
header_libs: ["libc_headers"], // TODO(b/153662223): Clean this up.
|
|
srcs: ["gen_constants.c"],
|
|
cflags: [
|
|
"-dD",
|
|
"-E",
|
|
"-Wall",
|
|
"-Werror",
|
|
],
|
|
apex_available: [
|
|
"//apex_available:platform",
|
|
"com.android.adbd",
|
|
"com.android.media.swcodec",
|
|
"com.android.virt",
|
|
],
|
|
min_sdk_version: "29",
|
|
}
|
|
|
|
cc_genrule {
|
|
name: "libminijail_gen_constants",
|
|
vendor_available: true,
|
|
product_available: true,
|
|
recovery_available: true,
|
|
tool_files: ["gen_constants.sh"],
|
|
cmd: "$(location gen_constants.sh) $(in) $(out)",
|
|
srcs: [":libminijail_gen_constants_obj"],
|
|
out: ["libconstants.c"],
|
|
apex_available: [
|
|
"//apex_available:platform",
|
|
"com.android.adbd",
|
|
"com.android.media.swcodec",
|
|
"com.android.virt",
|
|
],
|
|
}
|
|
|
|
cc_library_static {
|
|
name: "libminijail_generated",
|
|
vendor_available: true,
|
|
product_available: true,
|
|
recovery_available: true,
|
|
defaults: ["libminijail_flags"],
|
|
host_supported: true,
|
|
|
|
target: {
|
|
android: {
|
|
generated_sources: [
|
|
"libminijail_gen_syscall",
|
|
"libminijail_gen_constants",
|
|
],
|
|
},
|
|
host: {
|
|
srcs: [
|
|
"linux-x86/libconstants.gen.c",
|
|
"linux-x86/libsyscalls.gen.c",
|
|
],
|
|
},
|
|
},
|
|
apex_available: [
|
|
"//apex_available:platform",
|
|
"com.android.adbd",
|
|
"com.android.media.swcodec",
|
|
"com.android.virt",
|
|
],
|
|
min_sdk_version: "29",
|
|
}
|
|
|
|
cc_object {
|
|
name: "libminijail_gen_constants_llvmir",
|
|
vendor_available: true,
|
|
product_available: true,
|
|
recovery_available: true,
|
|
host_supported: true,
|
|
header_libs: ["libc_headers"], // TODO(b/153662223): Clean this up.
|
|
cflags: [
|
|
"-S",
|
|
"-O0",
|
|
"-emit-llvm",
|
|
],
|
|
|
|
target: {
|
|
android: {
|
|
generated_sources: ["libminijail_gen_constants"],
|
|
},
|
|
host: {
|
|
srcs: ["linux-x86/libconstants.gen.c"],
|
|
},
|
|
},
|
|
}
|
|
|
|
cc_object {
|
|
name: "libminijail_gen_syscall_llvmir",
|
|
vendor_available: true,
|
|
product_available: true,
|
|
recovery_available: true,
|
|
host_supported: true,
|
|
header_libs: ["libc_headers"], // TODO(b/153662223): Clean this up.
|
|
cflags: [
|
|
"-S",
|
|
"-O0",
|
|
"-emit-llvm",
|
|
],
|
|
|
|
target: {
|
|
android: {
|
|
generated_sources: ["libminijail_gen_syscall"],
|
|
},
|
|
host: {
|
|
srcs: ["linux-x86/libsyscalls.gen.c"],
|
|
},
|
|
},
|
|
}
|
|
|
|
// libminijail shared and static library for target.
|
|
// =========================================================
|
|
cc_library {
|
|
name: "libminijail",
|
|
host_supported: true,
|
|
|
|
vendor_available: true,
|
|
product_available: true,
|
|
recovery_available: true,
|
|
vndk: {
|
|
enabled: true,
|
|
},
|
|
|
|
defaults: ["libminijail_flags"],
|
|
|
|
srcs: libminijailSrcFiles,
|
|
|
|
static: {
|
|
whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries,
|
|
},
|
|
shared: {
|
|
static_libs: ["libminijail_generated"],
|
|
shared_libs: minijailCommonLibraries,
|
|
},
|
|
export_include_dirs: ["."],
|
|
|
|
target: {
|
|
host: {
|
|
cflags: [
|
|
"-DPRELOADPATH=\"/invalidminijailpreload.so\"",
|
|
],
|
|
},
|
|
},
|
|
apex_available: [
|
|
"//apex_available:platform",
|
|
"com.android.adbd",
|
|
"com.android.media.swcodec",
|
|
"com.android.virt",
|
|
],
|
|
min_sdk_version: "29",
|
|
}
|
|
|
|
// Example ASan-ified libminijail shared library for target.
|
|
// Commented out since it's only needed for local debugging.
|
|
// =========================================================
|
|
//cc_library_shared {
|
|
// name: "libminijail_asan",
|
|
// defaults: ["libminijail_flags"],
|
|
//
|
|
// sanitize: {
|
|
// address: true,
|
|
// },
|
|
// relative_install_path: "asan",
|
|
// srcs: libminijailSrcFiles,
|
|
//
|
|
// static_libs: ["libminijail_generated"],
|
|
// shared_libs: minijailCommonLibraries,
|
|
// export_include_dirs: ["."],
|
|
//}
|
|
|
|
// libminijail native unit tests using gtest.
|
|
//
|
|
// For a device, run with:
|
|
// adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest
|
|
//
|
|
// For host, run with:
|
|
// out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest
|
|
// =========================================================
|
|
cc_test {
|
|
name: "libminijail_unittest_gtest",
|
|
defaults: ["libminijail_flags"],
|
|
// TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available.
|
|
//host_supported: true
|
|
|
|
srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles,
|
|
|
|
static_libs: ["libminijail_generated"],
|
|
shared_libs: minijailCommonLibraries,
|
|
|
|
target: {
|
|
android: {
|
|
cflags: ["-Wno-writable-strings"],
|
|
test_suites: ["device-tests"],
|
|
},
|
|
host: {
|
|
cflags: ["-DPRELOADPATH=\"/invalid\""],
|
|
},
|
|
},
|
|
}
|
|
|
|
// Syscall filtering native unit tests using gtest.
|
|
//
|
|
// For a device, run with:
|
|
// adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
|
|
//
|
|
// For host, run with:
|
|
// out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
|
|
// =========================================================
|
|
cc_test {
|
|
name: "syscall_filter_unittest_gtest",
|
|
defaults: ["libminijail_flags"],
|
|
host_supported: true,
|
|
|
|
srcs: [
|
|
"bpf.c",
|
|
"syscall_filter.c",
|
|
"syscall_wrapper.c",
|
|
"util.c",
|
|
"syscall_filter_unittest.cc",
|
|
] + unittestSrcFiles,
|
|
|
|
static_libs: ["libminijail_generated"],
|
|
shared_libs: minijailCommonLibraries,
|
|
|
|
target: {
|
|
android: {
|
|
test_suites: ["device-tests"],
|
|
},
|
|
},
|
|
test_options: {
|
|
unit_test: true,
|
|
},
|
|
data: ["test/*"],
|
|
}
|
|
|
|
// System functionality unit tests using gtest.
|
|
//
|
|
// For a device, run with:
|
|
// adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest
|
|
//
|
|
// For host, run with:
|
|
// out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest
|
|
// =========================================================
|
|
cc_test {
|
|
name: "mj_system_unittest_gtest",
|
|
defaults: ["libminijail_flags"],
|
|
host_supported: true,
|
|
|
|
srcs: [
|
|
"syscall_wrapper.c",
|
|
"system.c",
|
|
"util.c",
|
|
"system_unittest.cc",
|
|
] + unittestSrcFiles,
|
|
|
|
static_libs: ["libminijail_generated"],
|
|
shared_libs: minijailCommonLibraries,
|
|
|
|
target: {
|
|
android: {
|
|
test_suites: ["device-tests"],
|
|
},
|
|
},
|
|
}
|
|
|
|
// Utility functionality unit tests using gtest.
|
|
//
|
|
// For a device, run with:
|
|
// adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest
|
|
//
|
|
// For host, run with:
|
|
// out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest
|
|
// =========================================================
|
|
cc_test {
|
|
name: "mj_util_unittest_gtest",
|
|
defaults: ["libminijail_flags"],
|
|
host_supported: true,
|
|
|
|
srcs: [
|
|
"util.c",
|
|
"util_unittest.cc",
|
|
] + unittestSrcFiles,
|
|
|
|
static_libs: ["libminijail_generated"],
|
|
shared_libs: minijailCommonLibraries,
|
|
|
|
target: {
|
|
android: {
|
|
test_suites: ["device-tests"],
|
|
},
|
|
},
|
|
}
|
|
|
|
// Utility functionality unit tests using gtest.
|
|
//
|
|
// For a device, run with:
|
|
// adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
|
|
//
|
|
// For host, run with:
|
|
// out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
|
|
// =========================================================
|
|
cc_test {
|
|
name: "minijail0_cli_unittest_gtest",
|
|
defaults: ["libminijail_flags"],
|
|
host_supported: true,
|
|
|
|
cflags: [
|
|
"-DPRELOADPATH=\"/invalid\"",
|
|
],
|
|
srcs: libminijailSrcFiles + [
|
|
"elfparse.c",
|
|
"minijail0_cli.c",
|
|
"minijail0_cli_unittest.cc",
|
|
] + unittestSrcFiles,
|
|
|
|
static_libs: ["libminijail_generated"],
|
|
shared_libs: minijailCommonLibraries,
|
|
|
|
target: {
|
|
android: {
|
|
test_suites: ["device-tests"],
|
|
},
|
|
},
|
|
}
|
|
|
|
// libminijail_test executable for brillo_Minijail test.
|
|
// =========================================================
|
|
cc_test {
|
|
name: "libminijail_test",
|
|
defaults: ["libminijail_flags"],
|
|
test_suites: ["device-tests"],
|
|
|
|
gtest: false,
|
|
|
|
srcs: ["test/libminijail_test.cpp"],
|
|
|
|
shared_libs: [
|
|
"libbase",
|
|
"libminijail",
|
|
],
|
|
}
|
|
|
|
// libminijail usage example.
|
|
// =========================================================
|
|
cc_binary {
|
|
name: "drop_privs",
|
|
defaults: ["libminijail_flags"],
|
|
|
|
// Don't build with ASan, but leave commented out for easy local debugging.
|
|
// sanitize: { address: true, },
|
|
srcs: ["examples/drop_privs.cpp"],
|
|
|
|
shared_libs: [
|
|
"libbase",
|
|
"libminijail",
|
|
],
|
|
}
|
|
|
|
// minijail0 executable.
|
|
// This is not currently used on Brillo/Android,
|
|
// but it's convenient to be able to build it.
|
|
// =========================================================
|
|
cc_binary {
|
|
name: "minijail0",
|
|
defaults: ["libminijail_flags"],
|
|
host_supported: true,
|
|
|
|
cflags: [
|
|
"-DPRELOADPATH=\"/invalidminijailpreload.so\"",
|
|
],
|
|
srcs: [
|
|
"elfparse.c",
|
|
"minijail0.c",
|
|
"minijail0_cli.c",
|
|
],
|
|
|
|
static_libs: ["libminijail_generated"],
|
|
shared_libs: minijailCommonLibraries + ["libminijail"],
|
|
}
|
|
|
|
rust_defaults {
|
|
name: "libminijail_rust_defaults",
|
|
target: {
|
|
darwin: {
|
|
enabled: false,
|
|
},
|
|
},
|
|
}
|
|
|
|
// This target was generated by cargo2android.py --run --device, with some
|
|
// manual fixes.
|
|
rust_library {
|
|
name: "libminijail_sys",
|
|
defaults: ["libminijail_rust_defaults"],
|
|
host_supported: true,
|
|
crate_name: "minijail_sys",
|
|
srcs: ["rust/minijail-sys/lib.rs"],
|
|
edition: "2018",
|
|
rustlibs: [
|
|
"liblibc",
|
|
],
|
|
shared_libs: [
|
|
"libcap",
|
|
"libminijail",
|
|
],
|
|
apex_available: [
|
|
"//apex_available:platform",
|
|
"com.android.virt",
|
|
],
|
|
}
|
|
|
|
// This target was generated by cargo2android.py --run --device, with some
|
|
// manual fixes.
|
|
rust_library {
|
|
name: "libminijail_rust",
|
|
defaults: ["libminijail_rust_defaults"],
|
|
host_supported: true,
|
|
crate_name: "minijail",
|
|
srcs: ["rust/minijail/src/lib.rs"],
|
|
edition: "2018",
|
|
rustlibs: [
|
|
"liblibc",
|
|
"libminijail_sys",
|
|
],
|
|
apex_available: [
|
|
"//apex_available:platform",
|
|
"com.android.virt",
|
|
],
|
|
}
|