libhwminijail from hardware/interfaces to libhidl.

This library is not a hardware interface, so it doesn't
belong directly in hardware/interfaces. Moving it to
libhidl because it is intended to be a helper library for
hal implementations that want to use minijail/seccomp.

Test: pass
Change-Id: Id435c70ef9483006e09896be81d5f9600b758e47

4 files changed, 89 insertions, 0 deletions

diff --git a/Android.bp b/Android.bp
index 962984c..e97c28c 100644
--- a/Android.bp
+++ b/Android.bp
@@ -16,6 +16,7 @@ subdirs = [
     "adapter",
     "base",           // libhidlbase
     "libhidlmemory",  // libhidlmemory
+    "minijail",
     "transport",      // libhidltransport
 ]
 
diff --git a/minijail/Android.bp b/minijail/Android.bp
new file mode 100644
index 0000000..c01a12b
--- /dev/null
+++ b/minijail/Android.bp
@@ -0,0 +1,13 @@
+cc_library_shared {
+    name: "libhwminijail",
+    defaults: ["hidl_defaults"],
+    vendor: true,
+    export_include_dirs: ["include"],
+
+    srcs: ["HardwareMinijail.cpp"],
+
+    shared_libs: [
+        "libbase",
+        "libminijail",
+    ],
+}
diff --git a/minijail/HardwareMinijail.cpp b/minijail/HardwareMinijail.cpp
new file mode 100644
index 0000000..e6b1144
--- /dev/null
+++ b/minijail/HardwareMinijail.cpp
@@ -0,0 +1,45 @@
+//
+// Copyright (C) 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include <android-base/logging.h>
+#include <libminijail.h>
+
+#include <hwminijail/HardwareMinijail.h>
+
+namespace android {
+namespace hardware {
+
+void SetupMinijail(const std::string& seccomp_policy_path) {
+    if (access(seccomp_policy_path.c_str(), R_OK) == -1) {
+        LOG(WARNING) << "Could not find seccomp policy file at: " << seccomp_policy_path;
+        return;
+    }
+
+    struct minijail* jail = minijail_new();
+    if (jail == NULL) {
+        LOG(FATAL) << "Failed to create minijail.";
+    }
+
+    minijail_no_new_privs(jail);
+    minijail_log_seccomp_filter_failures(jail);
+    minijail_use_seccomp_filter(jail);
+    minijail_parse_seccomp_filters(jail, seccomp_policy_path.c_str());
+    minijail_enter(jail);
+    minijail_destroy(jail);
+}
+
+}  // namespace hardware
+}  // namespace android
diff --git a/minijail/include/hwminijail/HardwareMinijail.h b/minijail/include/hwminijail/HardwareMinijail.h
new file mode 100644
index 0000000..8fcf007
--- /dev/null
+++ b/minijail/include/hwminijail/HardwareMinijail.h
@@ -0,0 +1,30 @@
+//
+// Copyright (C) 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef ANDROID_HARDWARE_CONFIGSTORE_MINIJAIL_H
+#define ANDROID_HARDWARE_CONFIGSTORE_MINIJAIL_H
+
+#include <string>
+
+namespace android {
+namespace hardware {
+
+void SetupMinijail(const std::string& seccomp_policy_path);
+
+}  // namespace hardware
+}  // namespace android
+
+#endif  // ANDROID_HARDWARE_CONFIGSTORE_UTILS_H