aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Android.mk48
-rw-r--r--arch.h2
-rw-r--r--bpf.h7
-rwxr-xr-xgen_syscalls.sh15
-rw-r--r--libminijail.c25
-rw-r--r--signal_handler.c (renamed from signal.c)2
-rw-r--r--signal_handler.h (renamed from signal.h)8
-rw-r--r--util.c4
8 files changed, 86 insertions, 25 deletions
diff --git a/Android.mk b/Android.mk
new file mode 100644
index 0000000..ba6179f
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1,48 @@
+# Copyright (C) 2015 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+# Common variables
+# ========================================================
+
+minijailCommonCFlags := -D__BRILLO__ -Wall -Werror \
+ -Wno-unused-function -Wno-unused-parameter
+minijailCommonSharedLibraries := libcap-ng
+
+# libminijail shared library for target
+# ========================================================
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := libminijail
+
+# LOCAL_MODULE_CLASS must be defined before calling $(local-generated-sources-dir)
+LOCAL_MODULE_CLASS := SHARED_LIBRARIES
+intermediates := $(local-generated-sources-dir)
+GEN := $(intermediates)/libsyscalls.c
+$(GEN): PRIVATE_CUSTOM_TOOL = $< $(lastword $(CLANG)) $@
+$(GEN): $(LOCAL_PATH)/gen_syscalls.sh
+ $(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
+
+LOCAL_CFLAGS := $(minijailCommonCFlags)
+LOCAL_CLANG := true
+LOCAL_SRC_FILES := \
+ bpf.c \
+ libminijail.c \
+ signal_handler.c \
+ syscall_filter.c \
+ util.c
+LOCAL_SHARED_LIBRARIES := $(minijailCommonSharedLibraries)
+include $(BUILD_SHARED_LIBRARY)
diff --git a/arch.h b/arch.h
index cfe6122..652f072 100644
--- a/arch.h
+++ b/arch.h
@@ -24,6 +24,8 @@
# define EM_ARM 40
# endif
# define ARCH_NR AUDIT_ARCH_ARM
+#elif defined(__aarch64__)
+# define ARCH_NR AUDIT_ARCH_AARCH64
#elif defined(__hppa__)
# define ARCH_NR AUDIT_ARCH_PARISC
#elif defined(__ia64__)
diff --git a/bpf.h b/bpf.h
index 7cbc5dd..fdf8279 100644
--- a/bpf.h
+++ b/bpf.h
@@ -84,14 +84,11 @@ struct seccomp_data {
#define bpf_comp_jset bpf_comp_jset64
/* Ensure that we load the logically correct offset. */
-#if defined(__LITTLE_ENDIAN)
+#if defined(__LITTLE_ENDIAN__)
#define LO_ARG(idx) offsetof(struct seccomp_data, args[(idx)])
#define HI_ARG(idx) offsetof(struct seccomp_data, args[(idx)]) + sizeof(__u32)
-#elif defined(__BIG_ENDIAN)
-#define LO_ARG(idx) offsetof(struct seccomp_data, args[(idx)]) + sizeof(__u32)
-#define HI_ARG(idx) offsetof(struct seccomp_data, args[(idx)])
#else
-#error "Unknown endianness"
+#error "Unsupported endianness"
#endif
#else
diff --git a/gen_syscalls.sh b/gen_syscalls.sh
index 3121b42..a01d500 100755
--- a/gen_syscalls.sh
+++ b/gen_syscalls.sh
@@ -12,18 +12,13 @@
set -e
-if [ $# -ne 1 ] && [ $# -ne 3 ]; then
- echo "Usage: $(basename "$0") OUTFILE"
- echo "Usage: $(basename "$0") CC CFLAGS OUTFILE"
+if [ $# -ne 2 ]; then
+ echo "Usage: $(basename "$0") CC OUTFILE"
exit 1
fi
-if [ $# -eq 3 ]; then
- CC="$1"
- shift
- CFLAGS="$1"
- shift
-fi
+CC="$1"
+shift
OUTFILE="$1"
# sed expression which extracts system calls that are
@@ -43,7 +38,7 @@ cat <<-EOF > "${OUTFILE}"
#include "libsyscalls.h"
const struct syscall_entry syscall_table[] = {
$(echo '#include <asm/unistd.h>' | \
- ${CC} ${CFLAGS} -dD - -E | sed -rne "${SED_MULTILINE}")
+ ${CC} -dD - -E | sed -rne "${SED_MULTILINE}")
{ NULL, -1 },
};
EOF
diff --git a/libminijail.c b/libminijail.c
index 0dab24d..1c54a40 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -36,7 +36,7 @@
#include "libminijail.h"
#include "libminijail-private.h"
-#include "signal.h"
+#include "signal_handler.h"
#include "syscall_filter.h"
#include "util.h"
@@ -203,9 +203,14 @@ int API minijail_change_user(struct minijail *j, const char *user)
int API minijail_change_group(struct minijail *j, const char *group)
{
- char *buf = NULL;
- struct group gr;
struct group *pgr = NULL;
+
+#if defined(__BRILLO__)
+ /* Android does not implement getgrnam_r(). */
+ pgr = getgrnam(group);
+#else
+ struct group gr;
+ char *buf = NULL;
ssize_t sz = sysconf(_SC_GETGR_R_SIZE_MAX);
if (sz == -1)
sz = 65536; /* and mine is as good as yours, really */
@@ -225,6 +230,7 @@ int API minijail_change_group(struct minijail *j, const char *group)
*/
free(buf);
/* getgrnam_r(3) does *not* set errno when |pgr| is NULL. */
+#endif
if (!pgr)
return -1;
minijail_change_gid(j, pgr->gr_gid);
@@ -683,6 +689,13 @@ static int run_cap_valid(unsigned int cap)
void drop_caps(const struct minijail *j)
{
+#if defined(__BRILLO__)
+ /*
+ * Temporarily disable capabilities support until Minijail can use
+ * libcap-ng.
+ */
+ (void) j;
+#else
cap_t caps = cap_get_proc();
cap_value_t flag[1];
const uint64_t one = 1;
@@ -738,6 +751,7 @@ void drop_caps(const struct minijail *j)
die("can't apply final cleaned capset");
cap_free(caps);
+#endif
}
void set_seccomp_filter(const struct minijail *j)
@@ -943,6 +957,10 @@ int API minijail_to_fd(struct minijail *j, int fd)
int setup_preload(void)
{
+#if defined(__BRILLO__)
+ /* Don't use LDPRELOAD on Brillo. */
+ return 0;
+#else
char *oldenv = getenv(kLdPreloadEnvVar) ? : "";
char *newenv = malloc(strlen(oldenv) + 2 + strlen(PRELOADPATH));
if (!newenv)
@@ -956,6 +974,7 @@ int setup_preload(void)
setenv(kLdPreloadEnvVar, newenv, 1);
free(newenv);
return 0;
+#endif
}
int setup_pipe(int fds[2])
diff --git a/signal.c b/signal_handler.c
index 7342e04..dd0ea4f 100644
--- a/signal.c
+++ b/signal_handler.c
@@ -16,7 +16,7 @@
#include <signal.h>
#include <string.h>
-#include "signal.h"
+#include "signal_handler.h"
#include "util.h"
diff --git a/signal.h b/signal_handler.h
index d68bbb2..939a582 100644
--- a/signal.h
+++ b/signal_handler.h
@@ -1,4 +1,4 @@
-/* signal.h
+/* signal_handler.h
* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
@@ -6,9 +6,9 @@
* Signal handling functions.
*/
-#ifndef SIGNAL_H
-#define SIGNAL_H
+#ifndef SIGNAL_HANDLER_H
+#define SIGNAL_HANDLER_H
int install_sigsys_handler();
-#endif /* SIGNAL_H */
+#endif /* SIGNAL_HANDLER_H */
diff --git a/util.c b/util.c
index f05bf07..550ed78 100644
--- a/util.c
+++ b/util.c
@@ -29,8 +29,8 @@ const char *log_syscalls[] = { "connect", "sendto" };
const char *log_syscalls[] = { "socketcall", "time" };
#elif defined(__arm__)
const char *log_syscalls[] = { "connect", "gettimeofday", "send" };
-#elif defined(__powerpc__) || defined(__ia64__) || defined(__hppa__) || \
- defined(__sparc__) || defined(__mips__)
+#elif defined(__aarch64__) || defined(__powerpc__) || defined(__ia64__) || \
+ defined(__hppa__) || defined(__sparc__) || defined(__mips__)
const char *log_syscalls[] = { "connect", "send" };
#else
#error "Unsupported platform"
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 15:04:30 +0000