blob: 25eb12fdee6ab60be36082927efd0b51f0f3580d [file] [log] [blame]
Dan Willemsen2acbec52017-09-14 17:28:36 -07001// Copyright (C) 2015 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// Common variables.
16// =========================================================
Bob Badour5f579b82021-02-12 21:18:40 -080017package {
18 default_applicable_licenses: ["external_minijail_license"],
19}
20
21// Added automatically by a large-scale-change that took the approach of
22// 'apply every license found to every target'. While this makes sure we respect
23// every license restriction, it may not be entirely correct.
24//
25// e.g. GPL in an MIT project might only apply to the contrib/ directory.
26//
27// Please consider splitting the single license below into multiple licenses,
28// taking care not to lose any license_kind information, and overriding the
29// default license using the 'licenses: [...]' property on targets as needed.
30//
31// For unused files, consider creating a 'fileGroup' with "//visibility:private"
32// to attach the license to, and including a comment whether the files may be
33// used in the current project.
34//
35// large-scale-change included anything that looked like it might be a license
36// text as a license_text. e.g. LICENSE, NOTICE, COPYING etc.
37//
38// Please consider removing redundant or irrelevant files from 'license_text:'.
39// See: http://go/android-license-faq
40license {
41 name: "external_minijail_license",
42 visibility: [":__subpackages__"],
43 license_kinds: [
44 "SPDX-license-identifier-Apache-2.0",
45 "SPDX-license-identifier-BSD",
46 ],
47 license_text: [
48 "LICENSE",
49 "NOTICE",
50 ],
51}
52
Dan Willemsen2acbec52017-09-14 17:28:36 -070053libminijailSrcFiles = [
54 "bpf.c",
Ben Scarlatod7e6e682022-06-30 03:27:30 +000055 "landlock_util.c",
Dan Willemsen2acbec52017-09-14 17:28:36 -070056 "libminijail.c",
57 "signal_handler.c",
58 "syscall_filter.c",
59 "syscall_wrapper.c",
60 "system.c",
61 "util.c",
62]
63
64unittestSrcFiles = [
65 "testrunner.cc",
Zi Lin171ee1e2021-10-13 03:12:18 +000066 "test_util.cc",
Dan Willemsen2acbec52017-09-14 17:28:36 -070067]
68
69minijailCommonLibraries = ["libcap"]
70
71cc_defaults {
72 name: "libminijail_flags",
73 cflags: [
Luis Hector Chavezc3e17722018-10-16 20:43:12 -070074 "-D_FILE_OFFSET_BITS=64",
Mike Frysinger916c6c32018-09-27 14:17:53 -040075 "-DALLOW_DEBUG_LOGGING",
Nicole Anderson-Aubcc8cfd2020-11-10 20:33:27 +000076 "-DALLOW_DUPLICATE_SYSCALLS",
Allen Webbee876072019-02-21 10:56:21 -080077 "-DDEFAULT_PIVOT_ROOT=\"/var/empty\"",
Jorge Lucangeli Obesa8eef8b2022-07-20 19:20:06 -040078 "-DBINDMOUNT_ALLOWED_PREFIXES=\"\"",
Dan Willemsen2acbec52017-09-14 17:28:36 -070079 "-Wall",
80 "-Werror",
81 ],
82 target: {
83 darwin: {
84 enabled: false,
85 },
86 },
87}
88
89// Static library for generated code.
90// =========================================================
91cc_object {
92 name: "libminijail_gen_syscall_obj",
93 vendor_available: true,
Justin Yuned25bf32020-11-11 18:21:21 +090094 product_available: true,
Jiyong Park85e7a262018-05-24 14:09:04 +090095 recovery_available: true,
Dan Willemsen2acbec52017-09-14 17:28:36 -070096 srcs: ["gen_syscalls.c"],
97 cflags: [
98 "-dD",
99 "-E",
Chih-Hung Hsiehed6a82e2017-10-04 10:54:11 -0700100 "-Wall",
101 "-Werror",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700102 ],
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900103 apex_available: [
104 "//apex_available:platform",
105 "com.android.adbd",
Victor Hsieh14ad2ce2021-05-11 12:36:06 -0700106 "com.android.compos",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900107 "com.android.media.swcodec",
Jiyong Park1081a942020-12-07 15:09:28 +0900108 "com.android.virt",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900109 ],
Jooyung Han42b623b2020-04-16 18:48:30 +0900110 min_sdk_version: "29",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700111}
112
113cc_genrule {
114 name: "libminijail_gen_syscall",
115 vendor_available: true,
Justin Yuned25bf32020-11-11 18:21:21 +0900116 product_available: true,
Jiyong Park85e7a262018-05-24 14:09:04 +0900117 recovery_available: true,
Dan Willemsen2acbec52017-09-14 17:28:36 -0700118 tool_files: ["gen_syscalls.sh"],
119 cmd: "$(location gen_syscalls.sh) $(in) $(out)",
120 srcs: [":libminijail_gen_syscall_obj"],
121 out: ["libsyscalls.c"],
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900122 apex_available: [
123 "//apex_available:platform",
124 "com.android.adbd",
Victor Hsieh14ad2ce2021-05-11 12:36:06 -0700125 "com.android.compos",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900126 "com.android.media.swcodec",
Jiyong Park1081a942020-12-07 15:09:28 +0900127 "com.android.virt",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900128 ],
Dan Willemsen2acbec52017-09-14 17:28:36 -0700129}
130
131cc_object {
132 name: "libminijail_gen_constants_obj",
133 vendor_available: true,
Justin Yuned25bf32020-11-11 18:21:21 +0900134 product_available: true,
Jiyong Park85e7a262018-05-24 14:09:04 +0900135 recovery_available: true,
Dan Willemsen2acbec52017-09-14 17:28:36 -0700136 srcs: ["gen_constants.c"],
137 cflags: [
138 "-dD",
139 "-E",
Chih-Hung Hsiehed6a82e2017-10-04 10:54:11 -0700140 "-Wall",
141 "-Werror",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700142 ],
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900143 apex_available: [
144 "//apex_available:platform",
145 "com.android.adbd",
Victor Hsieh14ad2ce2021-05-11 12:36:06 -0700146 "com.android.compos",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900147 "com.android.media.swcodec",
Jiyong Park1081a942020-12-07 15:09:28 +0900148 "com.android.virt",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900149 ],
Jooyung Han42b623b2020-04-16 18:48:30 +0900150 min_sdk_version: "29",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700151}
152
153cc_genrule {
154 name: "libminijail_gen_constants",
155 vendor_available: true,
Justin Yuned25bf32020-11-11 18:21:21 +0900156 product_available: true,
Jiyong Park85e7a262018-05-24 14:09:04 +0900157 recovery_available: true,
Dan Willemsen2acbec52017-09-14 17:28:36 -0700158 tool_files: ["gen_constants.sh"],
159 cmd: "$(location gen_constants.sh) $(in) $(out)",
160 srcs: [":libminijail_gen_constants_obj"],
161 out: ["libconstants.c"],
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900162 apex_available: [
163 "//apex_available:platform",
164 "com.android.adbd",
Victor Hsieh14ad2ce2021-05-11 12:36:06 -0700165 "com.android.compos",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900166 "com.android.media.swcodec",
Jiyong Park1081a942020-12-07 15:09:28 +0900167 "com.android.virt",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900168 ],
Dan Willemsen2acbec52017-09-14 17:28:36 -0700169}
170
171cc_library_static {
172 name: "libminijail_generated",
173 vendor_available: true,
Justin Yuned25bf32020-11-11 18:21:21 +0900174 product_available: true,
Jiyong Park85e7a262018-05-24 14:09:04 +0900175 recovery_available: true,
Dan Willemsen2acbec52017-09-14 17:28:36 -0700176 defaults: ["libminijail_flags"],
177 host_supported: true,
178
179 target: {
180 android: {
181 generated_sources: [
182 "libminijail_gen_syscall",
183 "libminijail_gen_constants",
184 ],
185 },
186 host: {
187 srcs: [
188 "linux-x86/libconstants.gen.c",
189 "linux-x86/libsyscalls.gen.c",
190 ],
191 },
192 },
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900193 apex_available: [
194 "//apex_available:platform",
195 "com.android.adbd",
Victor Hsieh14ad2ce2021-05-11 12:36:06 -0700196 "com.android.compos",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900197 "com.android.media.swcodec",
Jiyong Park1081a942020-12-07 15:09:28 +0900198 "com.android.virt",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900199 ],
Jooyung Han42b623b2020-04-16 18:48:30 +0900200 min_sdk_version: "29",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700201}
202
Luis Hector Chavezc90ec152019-12-13 09:12:33 -0800203cc_object {
204 name: "libminijail_gen_constants_llvmir",
205 vendor_available: true,
Justin Yuned25bf32020-11-11 18:21:21 +0900206 product_available: true,
Luis Hector Chavezc90ec152019-12-13 09:12:33 -0800207 recovery_available: true,
208 host_supported: true,
209 cflags: [
210 "-S",
211 "-O0",
212 "-emit-llvm",
213 ],
214
215 target: {
216 android: {
217 generated_sources: ["libminijail_gen_constants"],
218 },
219 host: {
220 srcs: ["linux-x86/libconstants.gen.c"],
221 },
222 },
223}
224
225cc_object {
226 name: "libminijail_gen_syscall_llvmir",
227 vendor_available: true,
Justin Yuned25bf32020-11-11 18:21:21 +0900228 product_available: true,
Luis Hector Chavezc90ec152019-12-13 09:12:33 -0800229 recovery_available: true,
230 host_supported: true,
231 cflags: [
232 "-S",
233 "-O0",
234 "-emit-llvm",
235 ],
236
237 target: {
238 android: {
239 generated_sources: ["libminijail_gen_syscall"],
240 },
241 host: {
242 srcs: ["linux-x86/libsyscalls.gen.c"],
243 },
244 },
245}
246
Dan Willemsen2acbec52017-09-14 17:28:36 -0700247// libminijail shared and static library for target.
248// =========================================================
249cc_library {
250 name: "libminijail",
Luis Hector Chavez413af652018-04-19 20:15:13 -0700251 host_supported: true,
Logan Chien9460f602017-11-21 20:32:45 +0800252
Dan Willemsen2acbec52017-09-14 17:28:36 -0700253 vendor_available: true,
Justin Yuned25bf32020-11-11 18:21:21 +0900254 product_available: true,
Jiyong Park85e7a262018-05-24 14:09:04 +0900255 recovery_available: true,
Logan Chien9460f602017-11-21 20:32:45 +0800256 vndk: {
257 enabled: true,
258 },
259
Dan Willemsen2acbec52017-09-14 17:28:36 -0700260 defaults: ["libminijail_flags"],
261
262 srcs: libminijailSrcFiles,
263
264 static: {
265 whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries,
266 },
267 shared: {
268 static_libs: ["libminijail_generated"],
269 shared_libs: minijailCommonLibraries,
270 },
271 export_include_dirs: ["."],
Luis Hector Chavez413af652018-04-19 20:15:13 -0700272
273 target: {
274 host: {
275 cflags: [
276 "-DPRELOADPATH=\"/invalidminijailpreload.so\"",
277 ],
278 },
279 },
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900280 apex_available: [
281 "//apex_available:platform",
282 "com.android.adbd",
Victor Hsieh14ad2ce2021-05-11 12:36:06 -0700283 "com.android.compos",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900284 "com.android.media.swcodec",
Jiyong Park1081a942020-12-07 15:09:28 +0900285 "com.android.virt",
Jiyong Parke3a5cae2020-04-08 22:37:24 +0900286 ],
Jooyung Han42b623b2020-04-16 18:48:30 +0900287 min_sdk_version: "29",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700288}
289
290// Example ASan-ified libminijail shared library for target.
291// Commented out since it's only needed for local debugging.
292// =========================================================
293//cc_library_shared {
294// name: "libminijail_asan",
295// defaults: ["libminijail_flags"],
296//
297// sanitize: {
298// address: true,
299// },
300// relative_install_path: "asan",
301// srcs: libminijailSrcFiles,
302//
303// static_libs: ["libminijail_generated"],
304// shared_libs: minijailCommonLibraries,
305// export_include_dirs: ["."],
306//}
307
308// libminijail native unit tests using gtest.
309//
310// For a device, run with:
311// adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest
312//
313// For host, run with:
314// out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest
315// =========================================================
316cc_test {
317 name: "libminijail_unittest_gtest",
318 defaults: ["libminijail_flags"],
319 // TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available.
320 //host_supported: true
321
322 srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles,
323
324 static_libs: ["libminijail_generated"],
325 shared_libs: minijailCommonLibraries,
326
327 target: {
328 android: {
329 cflags: ["-Wno-writable-strings"],
330 test_suites: ["device-tests"],
331 },
332 host: {
333 cflags: ["-DPRELOADPATH=\"/invalid\""],
334 },
335 },
336}
337
338// Syscall filtering native unit tests using gtest.
339//
340// For a device, run with:
341// adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
342//
343// For host, run with:
344// out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
345// =========================================================
346cc_test {
347 name: "syscall_filter_unittest_gtest",
348 defaults: ["libminijail_flags"],
349 host_supported: true,
350
351 srcs: [
352 "bpf.c",
353 "syscall_filter.c",
Luis Héctor Chávez01b628c2021-01-03 05:46:57 -0800354 "syscall_wrapper.c",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700355 "util.c",
356 "syscall_filter_unittest.cc",
357 ] + unittestSrcFiles,
358
359 static_libs: ["libminijail_generated"],
360 shared_libs: minijailCommonLibraries,
361
362 target: {
363 android: {
364 test_suites: ["device-tests"],
365 },
366 },
Julien Desprez28fd8402021-02-10 11:01:17 -0800367 test_options: {
368 unit_test: true,
369 },
370 data: ["test/*"],
Dan Willemsen2acbec52017-09-14 17:28:36 -0700371}
372
373// System functionality unit tests using gtest.
374//
375// For a device, run with:
Jorge Lucangeli Obes1ed75bc2018-01-25 14:06:42 -0500376// adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest
Dan Willemsen2acbec52017-09-14 17:28:36 -0700377//
378// For host, run with:
Jorge Lucangeli Obes1ed75bc2018-01-25 14:06:42 -0500379// out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest
Dan Willemsen2acbec52017-09-14 17:28:36 -0700380// =========================================================
381cc_test {
Jorge Lucangeli Obes1ed75bc2018-01-25 14:06:42 -0500382 name: "mj_system_unittest_gtest",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700383 defaults: ["libminijail_flags"],
384 host_supported: true,
385
386 srcs: [
Luis Héctor Chávez01b628c2021-01-03 05:46:57 -0800387 "syscall_wrapper.c",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700388 "system.c",
389 "util.c",
390 "system_unittest.cc",
391 ] + unittestSrcFiles,
392
393 static_libs: ["libminijail_generated"],
394 shared_libs: minijailCommonLibraries,
395
396 target: {
397 android: {
398 test_suites: ["device-tests"],
399 },
400 },
401}
402
Mike Frysinger32c39922018-01-17 17:09:54 -0500403// Utility functionality unit tests using gtest.
404//
405// For a device, run with:
Jorge Lucangeli Obes1ed75bc2018-01-25 14:06:42 -0500406// adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest
Mike Frysinger32c39922018-01-17 17:09:54 -0500407//
408// For host, run with:
Jorge Lucangeli Obes1ed75bc2018-01-25 14:06:42 -0500409// out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest
Mike Frysinger32c39922018-01-17 17:09:54 -0500410// =========================================================
411cc_test {
Jorge Lucangeli Obes1ed75bc2018-01-25 14:06:42 -0500412 name: "mj_util_unittest_gtest",
Mike Frysinger32c39922018-01-17 17:09:54 -0500413 defaults: ["libminijail_flags"],
414 host_supported: true,
415
416 srcs: [
417 "util.c",
418 "util_unittest.cc",
419 ] + unittestSrcFiles,
420
421 static_libs: ["libminijail_generated"],
422 shared_libs: minijailCommonLibraries,
423
424 target: {
425 android: {
426 test_suites: ["device-tests"],
427 },
428 },
429}
430
Mike Frysinger4d2a81e2018-01-22 16:43:33 -0500431// Utility functionality unit tests using gtest.
432//
433// For a device, run with:
434// adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
435//
436// For host, run with:
437// out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
438// =========================================================
439cc_test {
440 name: "minijail0_cli_unittest_gtest",
441 defaults: ["libminijail_flags"],
442 host_supported: true,
443
444 cflags: [
445 "-DPRELOADPATH=\"/invalid\"",
446 ],
447 srcs: libminijailSrcFiles + [
Zi Lin44461c72021-11-16 18:37:27 +0000448 "config_parser.c",
Mike Frysinger4d2a81e2018-01-22 16:43:33 -0500449 "elfparse.c",
450 "minijail0_cli.c",
451 "minijail0_cli_unittest.cc",
452 ] + unittestSrcFiles,
453
454 static_libs: ["libminijail_generated"],
455 shared_libs: minijailCommonLibraries,
456
457 target: {
458 android: {
459 test_suites: ["device-tests"],
460 },
461 },
Zi Lin44461c72021-11-16 18:37:27 +0000462 data: ["test/*"],
Mike Frysinger4d2a81e2018-01-22 16:43:33 -0500463}
464
Zi Lin5158f552021-10-27 00:55:52 +0000465
466// Configuration file parser functionality unit tests using gtest.
467//
468// For a device, run with:
469// adb shell /data/nativetest/config_parser_unittest_gtest/config_parser_unittest_gtest
470//
471// For host, run with:
472// out/host/linux-x86/nativetest(64)/config_parser_unittest_gtest/config_parser_unittest_gtest
473// =========================================================
474cc_test {
475 name: "config_parser_unittest_gtest",
476 defaults: ["libminijail_flags"],
477 host_supported: true,
478
479 srcs: [
480 "config_parser.c",
481 "util.c",
482 "config_parser_unittest.cc",
483 ] + unittestSrcFiles,
484
485 static_libs: ["libminijail_generated"],
486 shared_libs: minijailCommonLibraries,
487
488 target: {
489 android: {
490 test_suites: ["device-tests"],
491 },
492 },
493 test_options: {
494 unit_test: true,
495 },
496 data: ["test/*"],
497}
498
Dan Willemsen2acbec52017-09-14 17:28:36 -0700499// libminijail_test executable for brillo_Minijail test.
500// =========================================================
501cc_test {
502 name: "libminijail_test",
503 defaults: ["libminijail_flags"],
504 test_suites: ["device-tests"],
505
506 gtest: false,
507
508 srcs: ["test/libminijail_test.cpp"],
509
510 shared_libs: [
511 "libbase",
512 "libminijail",
513 ],
514}
515
516// libminijail usage example.
517// =========================================================
518cc_binary {
519 name: "drop_privs",
520 defaults: ["libminijail_flags"],
521
522 // Don't build with ASan, but leave commented out for easy local debugging.
523 // sanitize: { address: true, },
524 srcs: ["examples/drop_privs.cpp"],
525
526 shared_libs: [
527 "libbase",
528 "libminijail",
529 ],
530}
531
532// minijail0 executable.
533// This is not currently used on Brillo/Android,
534// but it's convenient to be able to build it.
535// =========================================================
536cc_binary {
537 name: "minijail0",
538 defaults: ["libminijail_flags"],
Luis Hector Chavez413af652018-04-19 20:15:13 -0700539 host_supported: true,
Dan Willemsen2acbec52017-09-14 17:28:36 -0700540
541 cflags: [
Dan Willemsen2acbec52017-09-14 17:28:36 -0700542 "-DPRELOADPATH=\"/invalidminijailpreload.so\"",
543 ],
544 srcs: [
Zi Lin44461c72021-11-16 18:37:27 +0000545 "config_parser.c",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700546 "elfparse.c",
547 "minijail0.c",
Mike Frysinger5ef22ca2018-01-20 13:42:10 -0500548 "minijail0_cli.c",
Dan Willemsen2acbec52017-09-14 17:28:36 -0700549 ],
550
551 static_libs: ["libminijail_generated"],
552 shared_libs: minijailCommonLibraries + ["libminijail"],
553}