You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
194 lines
5.5 KiB
194 lines
5.5 KiB
#!/bin/bash
|
|
#
|
|
# This script must be run in the location of the script!
|
|
#
|
|
# This script generates Android.bp files for this and all subdirs of this
|
|
#
|
|
DIR="${ANDROID_BUILD_TOP}/external/crosvm/seccomp"
|
|
|
|
function remove_trailing_slash {
|
|
if [[ $1 == "/" ]]; then
|
|
echo $i
|
|
else
|
|
echo ${1%/}
|
|
fi
|
|
}
|
|
|
|
set -o errexit
|
|
|
|
function check_location() {
|
|
local my_loc="$(realpath ${DIR})"
|
|
my_loc=$(remove_trailing_slash ${my_loc})
|
|
|
|
local my_pwd="$(realpath $PWD)"
|
|
my_pwd="$(remove_trailing_slash ${my_pwd})"
|
|
if [[ "${my_loc}" != "${my_pwd}" ]]; then
|
|
echo ${my_loc}
|
|
echo ${my_pwd}
|
|
>&2 echo "the script location must be run where the script is located"
|
|
exit 10
|
|
fi
|
|
}
|
|
|
|
my_name=`basename $0`
|
|
all_archs=("x86_64" "aarch64" "arm" "x86")
|
|
seccomp_archs=("x86_64" "aarch64")
|
|
|
|
# define arch dir pattern: e.g. ${ARCH}-linux-gnu
|
|
function get_arch_dir() {
|
|
local suffix="-linux-gnu"
|
|
local arch=$1
|
|
echo ${arch}${suffix}
|
|
}
|
|
|
|
# convert seccomp arch to bp arch
|
|
function get_bp_arch() {
|
|
[ $1 = "aarch64" ] && echo "arm64" || echo $1
|
|
}
|
|
|
|
# utility function to enumerate policy files
|
|
#
|
|
# 1: seccomp dir to scan
|
|
function scan_policy_name() {
|
|
local seccomp_dir=$1
|
|
(
|
|
# pushd but no output to stdout/stderr
|
|
# the output is taken and used by the caller
|
|
pushd $seccomp_dir > /dev/null 2>&1
|
|
ls --hide=common_device.policy --hide=common_device.frequency -1
|
|
popd > /dev/null 2>&1
|
|
)
|
|
}
|
|
|
|
function gen_license() {
|
|
local cchars=${1:-"//"}
|
|
local year=${2:-"2020"}
|
|
cat <<EOF
|
|
${cchars} Autogenerated via ${my_name}
|
|
${cchars}
|
|
${cchars} Copyright (C) ${year} The Android Open Source Project
|
|
${cchars}
|
|
${cchars} Licensed under the Apache License, Version 2.0 (the "License");
|
|
${cchars} you may not use this file except in compliance with the License.
|
|
${cchars} You may obtain a copy of the License at
|
|
${cchars}
|
|
${cchars} http://www.apache.org/licenses/LICENSE-2.0
|
|
${cchars}
|
|
${cchars} Unless required by applicable law or agreed to in writing, software
|
|
${cchars} distributed under the License is distributed on an "AS IS" BASIS,
|
|
${cchars} WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
${cchars} See the License for the specific language governing permissions and
|
|
${cchars} limitations under the License.
|
|
|
|
EOF
|
|
}
|
|
|
|
function gen_blueprint_boilerplate() {
|
|
cat <<EOF
|
|
genrule_defaults {
|
|
name: "crosvm_inline_seccomp_policy_x86_64",
|
|
cmd: "\$(location policy-inliner.sh) \$(location x86_64/common_device.policy) < \$(in) > \$(out)",
|
|
tool_files: [
|
|
"policy-inliner.sh",
|
|
"x86_64/common_device.policy",
|
|
],
|
|
}
|
|
|
|
genrule_defaults {
|
|
name: "crosvm_inline_seccomp_policy_aarch64",
|
|
cmd: "\$(location policy-inliner.sh) \$(location aarch64/common_device.policy) < \$(in) > \$(out)",
|
|
tool_files: [
|
|
"policy-inliner.sh",
|
|
"aarch64/common_device.policy",
|
|
],
|
|
}
|
|
|
|
EOF
|
|
}
|
|
|
|
function gen_blueprint_arch_policy_files() {
|
|
local archs=("$@")
|
|
declare -A policy_genrules
|
|
for arch in ${archs[@]}; do
|
|
for file in $(scan_policy_name ${arch}); do
|
|
local base_name="$(basename $file)"
|
|
policy_genrules[${base_name}]="${policy_genrules[${base_name}]} $arch"
|
|
done
|
|
done
|
|
for file in "${!policy_genrules[@]}"; do
|
|
for arch in ${policy_genrules[$file]}; do
|
|
echo "genrule {"
|
|
echo " name: \"${file}_inline_${arch}\","
|
|
echo " defaults: [\"crosvm_inline_seccomp_policy_${arch}\"],"
|
|
echo " out: [\"${file}\"],"
|
|
echo " srcs: [\"${arch}/${file}\"],"
|
|
echo "}"
|
|
echo
|
|
if [[ $arch != "arm" ]]; then
|
|
echo "prebuilt_usr_share_host {"
|
|
echo " name: \"${file}_${arch}\","
|
|
echo " filename: \"${file}\","
|
|
echo " relative_install_path: \"crosvm/$(get_arch_dir ${arch})/seccomp\","
|
|
echo " src: \":${file}_inline_${arch}\","
|
|
echo "}"
|
|
echo
|
|
fi
|
|
done
|
|
echo "prebuilt_etc {"
|
|
echo " name: \"${file}\","
|
|
echo " relative_install_path: \"seccomp_policy/crosvm\","
|
|
declare -a target_archs
|
|
echo " arch: {"
|
|
declare -a disabled_archs=${all_archs[@]}
|
|
for arch in ${policy_genrules[$file]}; do
|
|
disabled_archs=("${disabled_archs[@]/$arch}")
|
|
local bp_arch=$(get_bp_arch ${arch})
|
|
echo " ${bp_arch}: {"
|
|
echo " src: \":${file}_inline_${arch}\","
|
|
echo " },"
|
|
done
|
|
echo " },"
|
|
echo " target: {"
|
|
for arch in ${disabled_archs[@]}; do
|
|
local bp_arch=$(get_bp_arch ${arch})
|
|
echo " android_${bp_arch}: {"
|
|
echo " enabled: false,"
|
|
echo " },"
|
|
done
|
|
echo " },"
|
|
echo "}"
|
|
echo
|
|
done
|
|
}
|
|
|
|
function gen_crosvm_seccomp_policy_product_packages_mk_fragment() {
|
|
local archs=("$@")
|
|
declare -A policy_genrules
|
|
for arch in ${archs[@]}; do
|
|
for file in $(scan_policy_name ${arch}); do
|
|
local base_name="$(basename $file)"
|
|
policy_genrules[${base_name}]="${policy_genrules[${base_name}]} $arch"
|
|
done
|
|
done
|
|
echo "PRODUCT_PACKAGES += \\"
|
|
for file in "${!policy_genrules[@]}"; do
|
|
echo " ${file} \\"
|
|
done | sort
|
|
echo
|
|
|
|
echo "# TODO: Remove this when crosvm is added to generic system image"
|
|
echo "PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \\"
|
|
for file in "${!policy_genrules[@]}"; do
|
|
echo " system/etc/seccomp_policy/crosvm/${file} \\"
|
|
done | sort
|
|
}
|
|
|
|
# main
|
|
check_location
|
|
gen_license >Android.bp
|
|
gen_license \# >crosvm_seccomp_policy_product_packages.mk
|
|
gen_blueprint_boilerplate >>Android.bp
|
|
gen_blueprint_arch_policy_files "${seccomp_archs[@]}" >>Android.bp
|
|
gen_crosvm_seccomp_policy_product_packages_mk_fragment \
|
|
"${seccomp_archs[@]}" >>crosvm_seccomp_policy_product_packages.mk
|