// Copyright (C) 2015 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // Common variables. // ========================================================= package { default_applicable_licenses: ["external_minijail_license"], } // Added automatically by a large-scale-change that took the approach of // 'apply every license found to every target'. While this makes sure we respect // every license restriction, it may not be entirely correct. // // e.g. GPL in an MIT project might only apply to the contrib/ directory. // // Please consider splitting the single license below into multiple licenses, // taking care not to lose any license_kind information, and overriding the // default license using the 'licenses: [...]' property on targets as needed. // // For unused files, consider creating a 'fileGroup' with "//visibility:private" // to attach the license to, and including a comment whether the files may be // used in the current project. // // large-scale-change included anything that looked like it might be a license // text as a license_text. e.g. LICENSE, NOTICE, COPYING etc. // // Please consider removing redundant or irrelevant files from 'license_text:'. // See: http://go/android-license-faq license { name: "external_minijail_license", visibility: [":__subpackages__"], license_kinds: [ "SPDX-license-identifier-Apache-2.0", "SPDX-license-identifier-BSD", ], license_text: [ "LICENSE", "NOTICE", ], } libminijailSrcFiles = [ "bpf.c", "landlock_util.c", "libminijail.c", "signal_handler.c", "syscall_filter.c", "syscall_wrapper.c", "system.c", "util.c", ] unittestSrcFiles = [ "testrunner.cc", "test_util.cc", ] minijailCommonLibraries = ["libcap"] cc_defaults { name: "libminijail_flags", cflags: [ "-D_FILE_OFFSET_BITS=64", "-DALLOW_DEBUG_LOGGING", "-DALLOW_DUPLICATE_SYSCALLS", "-DDEFAULT_PIVOT_ROOT=\"/var/empty\"", "-DBINDMOUNT_ALLOWED_PREFIXES=\"\"", "-Wall", "-Werror", ], target: { darwin: { enabled: false, }, }, } // Static library for generated code. // ========================================================= cc_object { name: "libminijail_gen_syscall_obj", vendor_available: true, product_available: true, recovery_available: true, srcs: ["gen_syscalls.c"], cflags: [ "-dD", "-E", "-Wall", "-Werror", ], apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.compos", "com.android.media.swcodec", "com.android.virt", ], min_sdk_version: "29", } cc_genrule { name: "libminijail_gen_syscall", vendor_available: true, product_available: true, recovery_available: true, tool_files: ["gen_syscalls.sh"], cmd: "$(location gen_syscalls.sh) $(in) $(out)", srcs: [":libminijail_gen_syscall_obj"], out: ["libsyscalls.c"], apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.compos", "com.android.media.swcodec", "com.android.virt", ], } cc_object { name: "libminijail_gen_constants_obj", vendor_available: true, product_available: true, recovery_available: true, srcs: ["gen_constants.c"], cflags: [ "-dD", "-E", "-Wall", "-Werror", ], apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.compos", "com.android.media.swcodec", "com.android.virt", ], min_sdk_version: "29", } cc_genrule { name: "libminijail_gen_constants", vendor_available: true, product_available: true, recovery_available: true, tool_files: ["gen_constants.sh"], cmd: "$(location gen_constants.sh) $(in) $(out)", srcs: [":libminijail_gen_constants_obj"], out: ["libconstants.c"], apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.compos", "com.android.media.swcodec", "com.android.virt", ], } cc_library_static { name: "libminijail_generated", vendor_available: true, product_available: true, recovery_available: true, defaults: ["libminijail_flags"], host_supported: true, target: { android: { generated_sources: [ "libminijail_gen_syscall", "libminijail_gen_constants", ], }, host: { srcs: [ "linux-x86/libconstants.gen.c", "linux-x86/libsyscalls.gen.c", ], }, }, apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.compos", "com.android.media.swcodec", "com.android.virt", ], min_sdk_version: "29", } cc_object { name: "libminijail_gen_constants_llvmir", vendor_available: true, product_available: true, recovery_available: true, host_supported: true, cflags: [ "-S", "-O0", "-emit-llvm", ], target: { android: { generated_sources: ["libminijail_gen_constants"], }, host: { srcs: ["linux-x86/libconstants.gen.c"], }, }, } cc_object { name: "libminijail_gen_syscall_llvmir", vendor_available: true, product_available: true, recovery_available: true, host_supported: true, cflags: [ "-S", "-O0", "-emit-llvm", ], target: { android: { generated_sources: ["libminijail_gen_syscall"], }, host: { srcs: ["linux-x86/libsyscalls.gen.c"], }, }, } // libminijail shared and static library for target. // ========================================================= cc_library { name: "libminijail", host_supported: true, vendor_available: true, product_available: true, recovery_available: true, vndk: { enabled: true, }, defaults: ["libminijail_flags"], srcs: libminijailSrcFiles, static: { whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries, }, shared: { static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, }, export_include_dirs: ["."], target: { host: { cflags: [ "-DPRELOADPATH=\"/invalidminijailpreload.so\"", ], }, }, apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.compos", "com.android.media.swcodec", "com.android.virt", ], min_sdk_version: "29", } // Example ASan-ified libminijail shared library for target. // Commented out since it's only needed for local debugging. // ========================================================= //cc_library_shared { // name: "libminijail_asan", // defaults: ["libminijail_flags"], // // sanitize: { // address: true, // }, // relative_install_path: "asan", // srcs: libminijailSrcFiles, // // static_libs: ["libminijail_generated"], // shared_libs: minijailCommonLibraries, // export_include_dirs: ["."], //} // libminijail native unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest // ========================================================= cc_test { name: "libminijail_unittest_gtest", defaults: ["libminijail_flags"], // TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available. //host_supported: true srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { cflags: ["-Wno-writable-strings"], test_suites: ["device-tests"], }, host: { cflags: ["-DPRELOADPATH=\"/invalid\""], }, }, } // Syscall filtering native unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest // ========================================================= cc_test { name: "syscall_filter_unittest_gtest", defaults: ["libminijail_flags"], host_supported: true, srcs: [ "bpf.c", "syscall_filter.c", "syscall_wrapper.c", "util.c", "syscall_filter_unittest.cc", ] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { test_suites: ["device-tests"], }, }, test_options: { unit_test: true, }, data: ["test/*"], } // System functionality unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest // ========================================================= cc_test { name: "mj_system_unittest_gtest", defaults: ["libminijail_flags"], host_supported: true, srcs: [ "syscall_wrapper.c", "system.c", "util.c", "system_unittest.cc", ] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { test_suites: ["device-tests"], }, }, } // Utility functionality unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest // ========================================================= cc_test { name: "mj_util_unittest_gtest", defaults: ["libminijail_flags"], host_supported: true, srcs: [ "util.c", "util_unittest.cc", ] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { test_suites: ["device-tests"], }, }, } // Utility functionality unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest // ========================================================= cc_test { name: "minijail0_cli_unittest_gtest", defaults: ["libminijail_flags"], host_supported: true, cflags: [ "-DPRELOADPATH=\"/invalid\"", ], srcs: libminijailSrcFiles + [ "config_parser.c", "elfparse.c", "minijail0_cli.c", "minijail0_cli_unittest.cc", ] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { test_suites: ["device-tests"], }, }, data: ["test/*"], test_options: { tags: ["no-remote"], } } // Configuration file parser functionality unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/config_parser_unittest_gtest/config_parser_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/config_parser_unittest_gtest/config_parser_unittest_gtest // ========================================================= cc_test { name: "config_parser_unittest_gtest", defaults: ["libminijail_flags"], host_supported: true, srcs: [ "config_parser.c", "util.c", "config_parser_unittest.cc", ] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { test_suites: ["device-tests"], }, }, test_options: { unit_test: true, }, data: ["test/*"], } // libminijail_test executable for brillo_Minijail test. // ========================================================= cc_test { name: "libminijail_test", defaults: ["libminijail_flags"], test_suites: ["device-tests"], gtest: false, srcs: ["test/libminijail_test.cpp"], shared_libs: [ "libbase", "libminijail", ], } // libminijail usage example. // ========================================================= cc_binary { name: "drop_privs", defaults: ["libminijail_flags"], // Don't build with ASan, but leave commented out for easy local debugging. // sanitize: { address: true, }, srcs: ["examples/drop_privs.cpp"], shared_libs: [ "libbase", "libminijail", ], } // minijail0 executable. // This is not currently used on Brillo/Android, // but it's convenient to be able to build it. // ========================================================= cc_binary { name: "minijail0", defaults: ["libminijail_flags"], host_supported: true, cflags: [ "-DPRELOADPATH=\"/invalidminijailpreload.so\"", ], srcs: [ "config_parser.c", "elfparse.c", "minijail0.c", "minijail0_cli.c", ], static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries + ["libminijail"], }