| // Copyright (C) 2015 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| // Common variables. |
| // ========================================================= |
| package { |
| default_applicable_licenses: ["external_minijail_license"], |
| } |
| |
| // Added automatically by a large-scale-change that took the approach of |
| // 'apply every license found to every target'. While this makes sure we respect |
| // every license restriction, it may not be entirely correct. |
| // |
| // e.g. GPL in an MIT project might only apply to the contrib/ directory. |
| // |
| // Please consider splitting the single license below into multiple licenses, |
| // taking care not to lose any license_kind information, and overriding the |
| // default license using the 'licenses: [...]' property on targets as needed. |
| // |
| // For unused files, consider creating a 'fileGroup' with "//visibility:private" |
| // to attach the license to, and including a comment whether the files may be |
| // used in the current project. |
| // |
| // large-scale-change included anything that looked like it might be a license |
| // text as a license_text. e.g. LICENSE, NOTICE, COPYING etc. |
| // |
| // Please consider removing redundant or irrelevant files from 'license_text:'. |
| // See: http://go/android-license-faq |
| license { |
| name: "external_minijail_license", |
| visibility: [":__subpackages__"], |
| license_kinds: [ |
| "SPDX-license-identifier-Apache-2.0", |
| "SPDX-license-identifier-BSD", |
| ], |
| license_text: [ |
| "LICENSE", |
| "NOTICE", |
| ], |
| } |
| |
| libminijailSrcFiles = [ |
| "bpf.c", |
| "landlock_util.c", |
| "libminijail.c", |
| "signal_handler.c", |
| "syscall_filter.c", |
| "syscall_wrapper.c", |
| "system.c", |
| "util.c", |
| ] |
| |
| unittestSrcFiles = [ |
| "testrunner.cc", |
| "test_util.cc", |
| ] |
| |
| minijailCommonLibraries = ["libcap"] |
| |
| cc_defaults { |
| name: "libminijail_flags", |
| cflags: [ |
| "-D_FILE_OFFSET_BITS=64", |
| "-DALLOW_DEBUG_LOGGING", |
| "-DALLOW_DUPLICATE_SYSCALLS", |
| "-DDEFAULT_PIVOT_ROOT=\"/var/empty\"", |
| "-DBINDMOUNT_ALLOWED_PREFIXES=\"\"", |
| "-Wall", |
| "-Werror", |
| ], |
| target: { |
| darwin: { |
| enabled: false, |
| }, |
| }, |
| } |
| |
| // Static library for generated code. |
| // ========================================================= |
| cc_object { |
| name: "libminijail_gen_syscall_obj", |
| vendor_available: true, |
| product_available: true, |
| recovery_available: true, |
| srcs: ["gen_syscalls.c"], |
| cflags: [ |
| "-dD", |
| "-E", |
| "-Wall", |
| "-Werror", |
| ], |
| apex_available: [ |
| "//apex_available:platform", |
| "com.android.adbd", |
| "com.android.compos", |
| "com.android.media.swcodec", |
| "com.android.virt", |
| ], |
| min_sdk_version: "29", |
| } |
| |
| cc_genrule { |
| name: "libminijail_gen_syscall", |
| vendor_available: true, |
| product_available: true, |
| recovery_available: true, |
| tool_files: ["gen_syscalls.sh"], |
| cmd: "$(location gen_syscalls.sh) $(in) $(out)", |
| srcs: [":libminijail_gen_syscall_obj"], |
| out: ["libsyscalls.c"], |
| apex_available: [ |
| "//apex_available:platform", |
| "com.android.adbd", |
| "com.android.compos", |
| "com.android.media.swcodec", |
| "com.android.virt", |
| ], |
| } |
| |
| cc_object { |
| name: "libminijail_gen_constants_obj", |
| vendor_available: true, |
| product_available: true, |
| recovery_available: true, |
| srcs: ["gen_constants.c"], |
| cflags: [ |
| "-dD", |
| "-E", |
| "-Wall", |
| "-Werror", |
| ], |
| apex_available: [ |
| "//apex_available:platform", |
| "com.android.adbd", |
| "com.android.compos", |
| "com.android.media.swcodec", |
| "com.android.virt", |
| ], |
| min_sdk_version: "29", |
| } |
| |
| cc_genrule { |
| name: "libminijail_gen_constants", |
| vendor_available: true, |
| product_available: true, |
| recovery_available: true, |
| tool_files: ["gen_constants.sh"], |
| cmd: "$(location gen_constants.sh) $(in) $(out)", |
| srcs: [":libminijail_gen_constants_obj"], |
| out: ["libconstants.c"], |
| apex_available: [ |
| "//apex_available:platform", |
| "com.android.adbd", |
| "com.android.compos", |
| "com.android.media.swcodec", |
| "com.android.virt", |
| ], |
| } |
| |
| cc_library_static { |
| name: "libminijail_generated", |
| vendor_available: true, |
| product_available: true, |
| recovery_available: true, |
| defaults: ["libminijail_flags"], |
| host_supported: true, |
| |
| target: { |
| android: { |
| generated_sources: [ |
| "libminijail_gen_syscall", |
| "libminijail_gen_constants", |
| ], |
| }, |
| host: { |
| srcs: [ |
| "linux-x86/libconstants.gen.c", |
| "linux-x86/libsyscalls.gen.c", |
| ], |
| }, |
| }, |
| apex_available: [ |
| "//apex_available:platform", |
| "com.android.adbd", |
| "com.android.compos", |
| "com.android.media.swcodec", |
| "com.android.virt", |
| ], |
| min_sdk_version: "29", |
| } |
| |
| cc_object { |
| name: "libminijail_gen_constants_llvmir", |
| vendor_available: true, |
| product_available: true, |
| recovery_available: true, |
| host_supported: true, |
| cflags: [ |
| "-S", |
| "-O0", |
| "-emit-llvm", |
| ], |
| |
| target: { |
| android: { |
| generated_sources: ["libminijail_gen_constants"], |
| }, |
| host: { |
| srcs: ["linux-x86/libconstants.gen.c"], |
| }, |
| }, |
| } |
| |
| cc_object { |
| name: "libminijail_gen_syscall_llvmir", |
| vendor_available: true, |
| product_available: true, |
| recovery_available: true, |
| host_supported: true, |
| cflags: [ |
| "-S", |
| "-O0", |
| "-emit-llvm", |
| ], |
| |
| target: { |
| android: { |
| generated_sources: ["libminijail_gen_syscall"], |
| }, |
| host: { |
| srcs: ["linux-x86/libsyscalls.gen.c"], |
| }, |
| }, |
| } |
| |
| // libminijail shared and static library for target. |
| // ========================================================= |
| cc_library { |
| name: "libminijail", |
| host_supported: true, |
| |
| vendor_available: true, |
| product_available: true, |
| recovery_available: true, |
| vndk: { |
| enabled: true, |
| }, |
| |
| defaults: ["libminijail_flags"], |
| |
| srcs: libminijailSrcFiles, |
| |
| static: { |
| whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries, |
| }, |
| shared: { |
| static_libs: ["libminijail_generated"], |
| shared_libs: minijailCommonLibraries, |
| }, |
| export_include_dirs: ["."], |
| |
| target: { |
| host: { |
| cflags: [ |
| "-DPRELOADPATH=\"/invalidminijailpreload.so\"", |
| ], |
| }, |
| }, |
| apex_available: [ |
| "//apex_available:platform", |
| "com.android.adbd", |
| "com.android.compos", |
| "com.android.media.swcodec", |
| "com.android.virt", |
| ], |
| min_sdk_version: "29", |
| } |
| |
| // Example ASan-ified libminijail shared library for target. |
| // Commented out since it's only needed for local debugging. |
| // ========================================================= |
| //cc_library_shared { |
| // name: "libminijail_asan", |
| // defaults: ["libminijail_flags"], |
| // |
| // sanitize: { |
| // address: true, |
| // }, |
| // relative_install_path: "asan", |
| // srcs: libminijailSrcFiles, |
| // |
| // static_libs: ["libminijail_generated"], |
| // shared_libs: minijailCommonLibraries, |
| // export_include_dirs: ["."], |
| //} |
| |
| // libminijail native unit tests using gtest. |
| // |
| // For a device, run with: |
| // adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest |
| // |
| // For host, run with: |
| // out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest |
| // ========================================================= |
| cc_test { |
| name: "libminijail_unittest_gtest", |
| defaults: ["libminijail_flags"], |
| // TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available. |
| //host_supported: true |
| |
| srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles, |
| |
| static_libs: ["libminijail_generated"], |
| shared_libs: minijailCommonLibraries, |
| |
| target: { |
| android: { |
| cflags: ["-Wno-writable-strings"], |
| test_suites: ["device-tests"], |
| }, |
| host: { |
| cflags: ["-DPRELOADPATH=\"/invalid\""], |
| }, |
| }, |
| } |
| |
| // Syscall filtering native unit tests using gtest. |
| // |
| // For a device, run with: |
| // adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest |
| // |
| // For host, run with: |
| // out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest |
| // ========================================================= |
| cc_test { |
| name: "syscall_filter_unittest_gtest", |
| defaults: ["libminijail_flags"], |
| host_supported: true, |
| |
| srcs: [ |
| "bpf.c", |
| "syscall_filter.c", |
| "syscall_wrapper.c", |
| "util.c", |
| "syscall_filter_unittest.cc", |
| ] + unittestSrcFiles, |
| |
| static_libs: ["libminijail_generated"], |
| shared_libs: minijailCommonLibraries, |
| |
| target: { |
| android: { |
| test_suites: ["device-tests"], |
| }, |
| }, |
| test_options: { |
| unit_test: true, |
| }, |
| data: ["test/*"], |
| } |
| |
| // System functionality unit tests using gtest. |
| // |
| // For a device, run with: |
| // adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest |
| // |
| // For host, run with: |
| // out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest |
| // ========================================================= |
| cc_test { |
| name: "mj_system_unittest_gtest", |
| defaults: ["libminijail_flags"], |
| host_supported: true, |
| |
| srcs: [ |
| "syscall_wrapper.c", |
| "system.c", |
| "util.c", |
| "system_unittest.cc", |
| ] + unittestSrcFiles, |
| |
| static_libs: ["libminijail_generated"], |
| shared_libs: minijailCommonLibraries, |
| |
| target: { |
| android: { |
| test_suites: ["device-tests"], |
| }, |
| }, |
| } |
| |
| // Utility functionality unit tests using gtest. |
| // |
| // For a device, run with: |
| // adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest |
| // |
| // For host, run with: |
| // out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest |
| // ========================================================= |
| cc_test { |
| name: "mj_util_unittest_gtest", |
| defaults: ["libminijail_flags"], |
| host_supported: true, |
| |
| srcs: [ |
| "util.c", |
| "util_unittest.cc", |
| ] + unittestSrcFiles, |
| |
| static_libs: ["libminijail_generated"], |
| shared_libs: minijailCommonLibraries, |
| |
| target: { |
| android: { |
| test_suites: ["device-tests"], |
| }, |
| }, |
| } |
| |
| // Utility functionality unit tests using gtest. |
| // |
| // For a device, run with: |
| // adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest |
| // |
| // For host, run with: |
| // out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest |
| // ========================================================= |
| cc_test { |
| name: "minijail0_cli_unittest_gtest", |
| defaults: ["libminijail_flags"], |
| host_supported: true, |
| |
| cflags: [ |
| "-DPRELOADPATH=\"/invalid\"", |
| ], |
| srcs: libminijailSrcFiles + [ |
| "config_parser.c", |
| "elfparse.c", |
| "minijail0_cli.c", |
| "minijail0_cli_unittest.cc", |
| ] + unittestSrcFiles, |
| |
| static_libs: ["libminijail_generated"], |
| shared_libs: minijailCommonLibraries, |
| |
| target: { |
| android: { |
| test_suites: ["device-tests"], |
| }, |
| }, |
| data: ["test/*"], |
| test_options: { |
| tags: ["no-remote"], |
| } |
| } |
| |
| |
| // Configuration file parser functionality unit tests using gtest. |
| // |
| // For a device, run with: |
| // adb shell /data/nativetest/config_parser_unittest_gtest/config_parser_unittest_gtest |
| // |
| // For host, run with: |
| // out/host/linux-x86/nativetest(64)/config_parser_unittest_gtest/config_parser_unittest_gtest |
| // ========================================================= |
| cc_test { |
| name: "config_parser_unittest_gtest", |
| defaults: ["libminijail_flags"], |
| host_supported: true, |
| |
| srcs: [ |
| "config_parser.c", |
| "util.c", |
| "config_parser_unittest.cc", |
| ] + unittestSrcFiles, |
| |
| static_libs: ["libminijail_generated"], |
| shared_libs: minijailCommonLibraries, |
| |
| target: { |
| android: { |
| test_suites: ["device-tests"], |
| }, |
| }, |
| test_options: { |
| unit_test: true, |
| }, |
| data: ["test/*"], |
| } |
| |
| // libminijail_test executable for brillo_Minijail test. |
| // ========================================================= |
| cc_test { |
| name: "libminijail_test", |
| defaults: ["libminijail_flags"], |
| test_suites: ["device-tests"], |
| |
| gtest: false, |
| |
| srcs: ["test/libminijail_test.cpp"], |
| |
| shared_libs: [ |
| "libbase", |
| "libminijail", |
| ], |
| } |
| |
| // libminijail usage example. |
| // ========================================================= |
| cc_binary { |
| name: "drop_privs", |
| defaults: ["libminijail_flags"], |
| |
| // Don't build with ASan, but leave commented out for easy local debugging. |
| // sanitize: { address: true, }, |
| srcs: ["examples/drop_privs.cpp"], |
| |
| shared_libs: [ |
| "libbase", |
| "libminijail", |
| ], |
| } |
| |
| // minijail0 executable. |
| // This is not currently used on Brillo/Android, |
| // but it's convenient to be able to build it. |
| // ========================================================= |
| cc_binary { |
| name: "minijail0", |
| defaults: ["libminijail_flags"], |
| host_supported: true, |
| |
| cflags: [ |
| "-DPRELOADPATH=\"/invalidminijailpreload.so\"", |
| ], |
| srcs: [ |
| "config_parser.c", |
| "elfparse.c", |
| "minijail0.c", |
| "minijail0_cli.c", |
| ], |
| |
| static_libs: ["libminijail_generated"], |
| shared_libs: minijailCommonLibraries + ["libminijail"], |
| } |