blob: fc25a100ca4692e5cd0413b184e86ce5fa86258a [file] [log] [blame] [edit]
// Copyright (C) 2015 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Common variables.
// =========================================================
package {
default_applicable_licenses: ["external_minijail_license"],
}
// Added automatically by a large-scale-change that took the approach of
// 'apply every license found to every target'. While this makes sure we respect
// every license restriction, it may not be entirely correct.
//
// e.g. GPL in an MIT project might only apply to the contrib/ directory.
//
// Please consider splitting the single license below into multiple licenses,
// taking care not to lose any license_kind information, and overriding the
// default license using the 'licenses: [...]' property on targets as needed.
//
// For unused files, consider creating a 'fileGroup' with "//visibility:private"
// to attach the license to, and including a comment whether the files may be
// used in the current project.
//
// large-scale-change included anything that looked like it might be a license
// text as a license_text. e.g. LICENSE, NOTICE, COPYING etc.
//
// Please consider removing redundant or irrelevant files from 'license_text:'.
// See: http://go/android-license-faq
license {
name: "external_minijail_license",
visibility: [":__subpackages__"],
license_kinds: [
"SPDX-license-identifier-Apache-2.0",
"SPDX-license-identifier-BSD",
],
license_text: [
"LICENSE",
"NOTICE",
],
}
libminijailSrcFiles = [
"bpf.c",
"landlock_util.c",
"libminijail.c",
"signal_handler.c",
"syscall_filter.c",
"syscall_wrapper.c",
"system.c",
"util.c",
]
unittestSrcFiles = [
"testrunner.cc",
"test_util.cc",
]
minijailCommonLibraries = ["libcap"]
cc_defaults {
name: "libminijail_flags",
cflags: [
"-D_FILE_OFFSET_BITS=64",
"-DALLOW_DEBUG_LOGGING",
"-DALLOW_DUPLICATE_SYSCALLS",
"-DDEFAULT_PIVOT_ROOT=\"/var/empty\"",
"-DBINDMOUNT_ALLOWED_PREFIXES=\"\"",
"-Wall",
"-Werror",
],
target: {
darwin: {
enabled: false,
},
},
}
// Static library for generated code.
// =========================================================
cc_object {
name: "libminijail_gen_syscall_obj",
vendor_available: true,
product_available: true,
recovery_available: true,
srcs: ["gen_syscalls.c"],
cflags: [
"-dD",
"-E",
"-Wall",
"-Werror",
],
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.compos",
"com.android.media.swcodec",
"com.android.virt",
],
min_sdk_version: "29",
}
cc_genrule {
name: "libminijail_gen_syscall",
vendor_available: true,
product_available: true,
recovery_available: true,
tool_files: ["gen_syscalls.sh"],
cmd: "$(location gen_syscalls.sh) $(in) $(out)",
srcs: [":libminijail_gen_syscall_obj"],
out: ["libsyscalls.c"],
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.compos",
"com.android.media.swcodec",
"com.android.virt",
],
}
cc_object {
name: "libminijail_gen_constants_obj",
vendor_available: true,
product_available: true,
recovery_available: true,
srcs: ["gen_constants.c"],
cflags: [
"-dD",
"-E",
"-Wall",
"-Werror",
],
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.compos",
"com.android.media.swcodec",
"com.android.virt",
],
min_sdk_version: "29",
}
cc_genrule {
name: "libminijail_gen_constants",
vendor_available: true,
product_available: true,
recovery_available: true,
tool_files: ["gen_constants.sh"],
cmd: "$(location gen_constants.sh) $(in) $(out)",
srcs: [":libminijail_gen_constants_obj"],
out: ["libconstants.c"],
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.compos",
"com.android.media.swcodec",
"com.android.virt",
],
}
cc_library_static {
name: "libminijail_generated",
vendor_available: true,
product_available: true,
recovery_available: true,
defaults: ["libminijail_flags"],
host_supported: true,
target: {
android: {
generated_sources: [
"libminijail_gen_syscall",
"libminijail_gen_constants",
],
},
host: {
srcs: [
"linux-x86/libconstants.gen.c",
"linux-x86/libsyscalls.gen.c",
],
},
},
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.compos",
"com.android.media.swcodec",
"com.android.virt",
],
min_sdk_version: "29",
}
cc_object {
name: "libminijail_gen_constants_llvmir",
vendor_available: true,
product_available: true,
recovery_available: true,
host_supported: true,
cflags: [
"-S",
"-O0",
"-emit-llvm",
],
target: {
android: {
generated_sources: ["libminijail_gen_constants"],
},
host: {
srcs: ["linux-x86/libconstants.gen.c"],
},
},
}
cc_object {
name: "libminijail_gen_syscall_llvmir",
vendor_available: true,
product_available: true,
recovery_available: true,
host_supported: true,
cflags: [
"-S",
"-O0",
"-emit-llvm",
],
target: {
android: {
generated_sources: ["libminijail_gen_syscall"],
},
host: {
srcs: ["linux-x86/libsyscalls.gen.c"],
},
},
}
// libminijail shared and static library for target.
// =========================================================
cc_library {
name: "libminijail",
host_supported: true,
vendor_available: true,
product_available: true,
recovery_available: true,
vndk: {
enabled: true,
},
defaults: ["libminijail_flags"],
srcs: libminijailSrcFiles,
static: {
whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries,
},
shared: {
static_libs: ["libminijail_generated"],
shared_libs: minijailCommonLibraries,
},
export_include_dirs: ["."],
target: {
host: {
cflags: [
"-DPRELOADPATH=\"/invalidminijailpreload.so\"",
],
},
},
apex_available: [
"//apex_available:platform",
"com.android.adbd",
"com.android.compos",
"com.android.media.swcodec",
"com.android.virt",
],
min_sdk_version: "29",
}
// Example ASan-ified libminijail shared library for target.
// Commented out since it's only needed for local debugging.
// =========================================================
//cc_library_shared {
// name: "libminijail_asan",
// defaults: ["libminijail_flags"],
//
// sanitize: {
// address: true,
// },
// relative_install_path: "asan",
// srcs: libminijailSrcFiles,
//
// static_libs: ["libminijail_generated"],
// shared_libs: minijailCommonLibraries,
// export_include_dirs: ["."],
//}
// libminijail native unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest
// =========================================================
cc_test {
name: "libminijail_unittest_gtest",
defaults: ["libminijail_flags"],
// TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available.
//host_supported: true
srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles,
static_libs: ["libminijail_generated"],
shared_libs: minijailCommonLibraries,
target: {
android: {
cflags: ["-Wno-writable-strings"],
test_suites: ["device-tests"],
},
host: {
cflags: ["-DPRELOADPATH=\"/invalid\""],
},
},
}
// Syscall filtering native unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
// =========================================================
cc_test {
name: "syscall_filter_unittest_gtest",
defaults: ["libminijail_flags"],
host_supported: true,
srcs: [
"bpf.c",
"syscall_filter.c",
"syscall_wrapper.c",
"util.c",
"syscall_filter_unittest.cc",
] + unittestSrcFiles,
static_libs: ["libminijail_generated"],
shared_libs: minijailCommonLibraries,
target: {
android: {
test_suites: ["device-tests"],
},
},
test_options: {
unit_test: true,
},
data: ["test/*"],
}
// System functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest
// =========================================================
cc_test {
name: "mj_system_unittest_gtest",
defaults: ["libminijail_flags"],
host_supported: true,
srcs: [
"syscall_wrapper.c",
"system.c",
"util.c",
"system_unittest.cc",
] + unittestSrcFiles,
static_libs: ["libminijail_generated"],
shared_libs: minijailCommonLibraries,
target: {
android: {
test_suites: ["device-tests"],
},
},
}
// Utility functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest
// =========================================================
cc_test {
name: "mj_util_unittest_gtest",
defaults: ["libminijail_flags"],
host_supported: true,
srcs: [
"util.c",
"util_unittest.cc",
] + unittestSrcFiles,
static_libs: ["libminijail_generated"],
shared_libs: minijailCommonLibraries,
target: {
android: {
test_suites: ["device-tests"],
},
},
}
// Utility functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
// =========================================================
cc_test {
name: "minijail0_cli_unittest_gtest",
defaults: ["libminijail_flags"],
host_supported: true,
cflags: [
"-DPRELOADPATH=\"/invalid\"",
],
srcs: libminijailSrcFiles + [
"config_parser.c",
"elfparse.c",
"minijail0_cli.c",
"minijail0_cli_unittest.cc",
] + unittestSrcFiles,
static_libs: ["libminijail_generated"],
shared_libs: minijailCommonLibraries,
target: {
android: {
test_suites: ["device-tests"],
},
},
data: ["test/*"],
test_options: {
tags: ["no-remote"],
}
}
// Configuration file parser functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/config_parser_unittest_gtest/config_parser_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/config_parser_unittest_gtest/config_parser_unittest_gtest
// =========================================================
cc_test {
name: "config_parser_unittest_gtest",
defaults: ["libminijail_flags"],
host_supported: true,
srcs: [
"config_parser.c",
"util.c",
"config_parser_unittest.cc",
] + unittestSrcFiles,
static_libs: ["libminijail_generated"],
shared_libs: minijailCommonLibraries,
target: {
android: {
test_suites: ["device-tests"],
},
},
test_options: {
unit_test: true,
},
data: ["test/*"],
}
// libminijail_test executable for brillo_Minijail test.
// =========================================================
cc_test {
name: "libminijail_test",
defaults: ["libminijail_flags"],
test_suites: ["device-tests"],
gtest: false,
srcs: ["test/libminijail_test.cpp"],
shared_libs: [
"libbase",
"libminijail",
],
}
// libminijail usage example.
// =========================================================
cc_binary {
name: "drop_privs",
defaults: ["libminijail_flags"],
// Don't build with ASan, but leave commented out for easy local debugging.
// sanitize: { address: true, },
srcs: ["examples/drop_privs.cpp"],
shared_libs: [
"libbase",
"libminijail",
],
}
// minijail0 executable.
// This is not currently used on Brillo/Android,
// but it's convenient to be able to build it.
// =========================================================
cc_binary {
name: "minijail0",
defaults: ["libminijail_flags"],
host_supported: true,
cflags: [
"-DPRELOADPATH=\"/invalidminijailpreload.so\"",
],
srcs: [
"config_parser.c",
"elfparse.c",
"minijail0.c",
"minijail0_cli.c",
],
static_libs: ["libminijail_generated"],
shared_libs: minijailCommonLibraries + ["libminijail"],
}