// Copyright (C) 2015 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // Common variables. // ========================================================= libminijailSrcFiles = [ "bpf.c", "libminijail.c", "signal_handler.c", "syscall_filter.c", "syscall_wrapper.c", "system.c", "util.c", ] unittestSrcFiles = [ "testrunner.cc", ] minijailCommonLibraries = ["libcap"] cc_defaults { name: "libminijail_flags", cflags: [ "-D_FILE_OFFSET_BITS=64", "-DALLOW_DEBUG_LOGGING", "-DDEFAULT_PIVOT_ROOT=\"/var/empty\"", "-Wall", "-Werror", ], target: { darwin: { enabled: false, }, }, } // Static library for generated code. // ========================================================= cc_object { name: "libminijail_gen_syscall_obj", vendor_available: true, recovery_available: true, srcs: ["gen_syscalls.c"], cflags: [ "-dD", "-E", "-Wall", "-Werror", ], apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.media.swcodec", ], min_sdk_version: "29", } cc_genrule { name: "libminijail_gen_syscall", vendor_available: true, recovery_available: true, tool_files: ["gen_syscalls.sh"], cmd: "$(location gen_syscalls.sh) $(in) $(out)", srcs: [":libminijail_gen_syscall_obj"], out: ["libsyscalls.c"], apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.media.swcodec", ], } cc_object { name: "libminijail_gen_constants_obj", vendor_available: true, recovery_available: true, srcs: ["gen_constants.c"], cflags: [ "-dD", "-E", "-Wall", "-Werror", ], apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.media.swcodec", ], min_sdk_version: "29", } cc_genrule { name: "libminijail_gen_constants", vendor_available: true, recovery_available: true, tool_files: ["gen_constants.sh"], cmd: "$(location gen_constants.sh) $(in) $(out)", srcs: [":libminijail_gen_constants_obj"], out: ["libconstants.c"], apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.media.swcodec", ], } cc_library_static { name: "libminijail_generated", vendor_available: true, recovery_available: true, defaults: ["libminijail_flags"], host_supported: true, target: { android: { generated_sources: [ "libminijail_gen_syscall", "libminijail_gen_constants", ], }, host: { srcs: [ "linux-x86/libconstants.gen.c", "linux-x86/libsyscalls.gen.c", ], }, }, apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.media.swcodec", ], min_sdk_version: "29", } cc_object { name: "libminijail_gen_constants_llvmir", vendor_available: true, recovery_available: true, host_supported: true, cflags: [ "-S", "-O0", "-emit-llvm", ], target: { android: { generated_sources: ["libminijail_gen_constants"], }, host: { srcs: ["linux-x86/libconstants.gen.c"], }, }, } cc_object { name: "libminijail_gen_syscall_llvmir", vendor_available: true, recovery_available: true, host_supported: true, cflags: [ "-S", "-O0", "-emit-llvm", ], target: { android: { generated_sources: ["libminijail_gen_syscall"], }, host: { srcs: ["linux-x86/libsyscalls.gen.c"], }, }, } // libminijail shared and static library for target. // ========================================================= cc_library { name: "libminijail", host_supported: true, vendor_available: true, recovery_available: true, vndk: { enabled: true, }, defaults: ["libminijail_flags"], srcs: libminijailSrcFiles, static: { whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries, }, shared: { static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, }, export_include_dirs: ["."], target: { host: { cflags: [ "-DPRELOADPATH=\"/invalidminijailpreload.so\"", ], }, }, apex_available: [ "//apex_available:platform", "com.android.adbd", "com.android.media.swcodec", ], min_sdk_version: "29", } // Example ASan-ified libminijail shared library for target. // Commented out since it's only needed for local debugging. // ========================================================= //cc_library_shared { // name: "libminijail_asan", // defaults: ["libminijail_flags"], // // sanitize: { // address: true, // }, // relative_install_path: "asan", // srcs: libminijailSrcFiles, // // static_libs: ["libminijail_generated"], // shared_libs: minijailCommonLibraries, // export_include_dirs: ["."], //} // libminijail native unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest // ========================================================= cc_test { name: "libminijail_unittest_gtest", defaults: ["libminijail_flags"], // TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available. //host_supported: true srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { cflags: ["-Wno-writable-strings"], test_suites: ["device-tests"], }, host: { cflags: ["-DPRELOADPATH=\"/invalid\""], }, }, } // Syscall filtering native unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest // ========================================================= cc_test { name: "syscall_filter_unittest_gtest", defaults: ["libminijail_flags"], host_supported: true, srcs: [ "bpf.c", "syscall_filter.c", "util.c", "syscall_filter_unittest.cc", ] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { test_suites: ["device-tests"], }, }, } // System functionality unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest // ========================================================= cc_test { name: "mj_system_unittest_gtest", defaults: ["libminijail_flags"], host_supported: true, srcs: [ "system.c", "util.c", "system_unittest.cc", ] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { test_suites: ["device-tests"], }, }, } // Utility functionality unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest // ========================================================= cc_test { name: "mj_util_unittest_gtest", defaults: ["libminijail_flags"], host_supported: true, srcs: [ "util.c", "util_unittest.cc", ] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { test_suites: ["device-tests"], }, }, } // Utility functionality unit tests using gtest. // // For a device, run with: // adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest // // For host, run with: // out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest // ========================================================= cc_test { name: "minijail0_cli_unittest_gtest", defaults: ["libminijail_flags"], host_supported: true, cflags: [ "-DPRELOADPATH=\"/invalid\"", ], srcs: libminijailSrcFiles + [ "elfparse.c", "minijail0_cli.c", "minijail0_cli_unittest.cc", ] + unittestSrcFiles, static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries, target: { android: { test_suites: ["device-tests"], }, }, } // libminijail_test executable for brillo_Minijail test. // ========================================================= cc_test { name: "libminijail_test", defaults: ["libminijail_flags"], test_suites: ["device-tests"], gtest: false, srcs: ["test/libminijail_test.cpp"], shared_libs: [ "libbase", "libminijail", ], } // libminijail usage example. // ========================================================= cc_binary { name: "drop_privs", defaults: ["libminijail_flags"], // Don't build with ASan, but leave commented out for easy local debugging. // sanitize: { address: true, }, srcs: ["examples/drop_privs.cpp"], shared_libs: [ "libbase", "libminijail", ], } // minijail0 executable. // This is not currently used on Brillo/Android, // but it's convenient to be able to build it. // ========================================================= cc_binary { name: "minijail0", defaults: ["libminijail_flags"], host_supported: true, cflags: [ "-DPRELOADPATH=\"/invalidminijailpreload.so\"", ], srcs: [ "elfparse.c", "minijail0.c", "minijail0_cli.c", ], static_libs: ["libminijail_generated"], shared_libs: minijailCommonLibraries + ["libminijail"], } // Generated by cargo2android. rust_library_host_rlib { name: "libminijail_sys", crate_name: "minijail_sys", srcs: ["lib.rs"], edition: "2018", rlibs: [ "liblibc", ], static_libs: [ "libminijail", ], shared_libs: [ "libcap", ], target: { darwin: { enabled: false, }, }, }