1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5BASE_VER=0 6include common.mk 7 8LIBDIR ?= /lib 9PRELOADNAME = libminijailpreload.so 10PRELOADPATH = "$(LIBDIR)/$(PRELOADNAME)" 11CPPFLAGS += -DPRELOADPATH='$(PRELOADPATH)' 12 13# Defines the pivot root path used by the minimalistic-mountns profile. 14DEFAULT_PIVOT_ROOT ?= /var/empty 15CPPFLAGS += -DDEFAULT_PIVOT_ROOT='"$(DEFAULT_PIVOT_ROOT)"' 16 17ifeq ($(USE_seccomp),no) 18CPPFLAGS += -DUSE_SECCOMP_SOFTFAIL 19endif 20 21# Allow people to use -L and related flags. 22ALLOW_DEBUG_LOGGING ?= yes 23ifeq ($(ALLOW_DEBUG_LOGGING),yes) 24CPPFLAGS += -DALLOW_DEBUG_LOGGING 25endif 26 27ifeq ($(USE_ASAN),yes) 28CPPFLAGS += -fsanitize=address -fno-omit-frame-pointer 29LDFLAGS += -fsanitize=address -fno-omit-frame-pointer 30USE_EXIT_ON_DIE = yes 31endif 32 33# Setting this flag can be useful for both AddressSanitizer builds and running 34# fuzzing tools, which do not expect crashes on gracefully-handled malformed 35# inputs. 36ifeq ($(USE_EXIT_ON_DIE),yes) 37CPPFLAGS += -DUSE_EXIT_ON_DIE 38endif 39 40# Setting this flag allows duplicate syscalls definitions for seccomp filters. 41ifeq ($(ALLOW_DUPLICATE_SYSCALLS),yes) 42CPPFLAGS += -DALLOW_DUPLICATE_SYSCALLS 43endif 44 45MJ_COMMON_FLAGS = -Wunused-parameter -Wextra -Wno-missing-field-initializers 46CFLAGS += $(MJ_COMMON_FLAGS) 47CXXFLAGS += $(MJ_COMMON_FLAGS) 48 49USE_SYSTEM_GTEST ?= no 50ifeq ($(USE_SYSTEM_GTEST),no) 51GTEST_CXXFLAGS := -std=gnu++14 52GTEST_LIBS := gtest.a 53else 54GTEST_CXXFLAGS := $(shell gtest-config --cxxflags 2>/dev/null || \ 55 echo "-pthread") 56GTEST_LIBS := $(shell gtest-config --libs 2>/dev/null || \ 57 echo "-lgtest -pthread -lpthread") 58endif 59 60CORE_OBJECT_FILES := libminijail.o syscall_filter.o signal_handler.o \ 61 bpf.o util.o system.o syscall_wrapper.o \ 62 libconstants.gen.o libsyscalls.gen.o 63 64all: CC_BINARY(minijail0) CC_LIBRARY(libminijail.so) \ 65 CC_LIBRARY(libminijailpreload.so) 66 67parse_seccomp_policy: CXX_BINARY(parse_seccomp_policy) 68dump_constants: CXX_STATIC_BINARY(dump_constants) 69 70tests: TEST(CXX_BINARY(libminijail_unittest)) \ 71 TEST(CXX_BINARY(minijail0_cli_unittest)) \ 72 TEST(CXX_BINARY(syscall_filter_unittest)) \ 73 TEST(CXX_BINARY(system_unittest)) \ 74 TEST(CXX_BINARY(util_unittest)) \ 75 76 77CC_BINARY(minijail0): LDLIBS += -lcap -ldl 78CC_BINARY(minijail0): $(CORE_OBJECT_FILES) \ 79 elfparse.o minijail0.o minijail0_cli.o 80clean: CLEAN(minijail0) 81 82 83CC_LIBRARY(libminijail.so): LDLIBS += -lcap 84CC_LIBRARY(libminijail.so): $(CORE_OBJECT_FILES) 85clean: CLEAN(libminijail.so) 86 87CC_STATIC_LIBRARY(libminijail.pic.a): $(CORE_OBJECT_FILES) 88CC_STATIC_LIBRARY(libminijail.pie.a): $(CORE_OBJECT_FILES) 89clean: CLEAN(libminijail.*.a) 90 91CXX_BINARY(libminijail_unittest): CXXFLAGS += -Wno-write-strings \ 92 $(GTEST_CXXFLAGS) 93CXX_BINARY(libminijail_unittest): LDLIBS += -lcap $(GTEST_LIBS) 94ifeq ($(USE_SYSTEM_GTEST),no) 95CXX_BINARY(libminijail_unittest): $(GTEST_LIBS) 96endif 97CXX_BINARY(libminijail_unittest): libminijail_unittest.o $(CORE_OBJECT_FILES) \ 98 testrunner.o 99clean: CLEAN(libminijail_unittest) 100 101TEST(CXX_BINARY(libminijail_unittest)): CC_LIBRARY(libminijailpreload.so) 102 103 104CC_LIBRARY(libminijailpreload.so): LDLIBS += -lcap -ldl 105CC_LIBRARY(libminijailpreload.so): libminijailpreload.o $(CORE_OBJECT_FILES) 106clean: CLEAN(libminijailpreload.so) 107 108 109CXX_BINARY(minijail0_cli_unittest): CXXFLAGS += $(GTEST_CXXFLAGS) 110CXX_BINARY(minijail0_cli_unittest): LDLIBS += -lcap $(GTEST_LIBS) 111ifeq ($(USE_SYSTEM_GTEST),no) 112CXX_BINARY(minijail0_cli_unittest): $(GTEST_LIBS) 113endif 114CXX_BINARY(minijail0_cli_unittest): minijail0_cli_unittest.o \ 115 $(CORE_OBJECT_FILES) minijail0_cli.o elfparse.o testrunner.o 116clean: CLEAN(minijail0_cli_unittest) 117 118 119CXX_BINARY(syscall_filter_unittest): CXXFLAGS += -Wno-write-strings \ 120 $(GTEST_CXXFLAGS) 121CXX_BINARY(syscall_filter_unittest): LDLIBS += -lcap $(GTEST_LIBS) 122ifeq ($(USE_SYSTEM_GTEST),no) 123CXX_BINARY(syscall_filter_unittest): $(GTEST_LIBS) 124endif 125CXX_BINARY(syscall_filter_unittest): syscall_filter_unittest.o \ 126 $(CORE_OBJECT_FILES) testrunner.o 127clean: CLEAN(syscall_filter_unittest) 128 129 130CXX_BINARY(system_unittest): CXXFLAGS += $(GTEST_CXXFLAGS) 131CXX_BINARY(system_unittest): LDLIBS += -lcap $(GTEST_LIBS) 132ifeq ($(USE_SYSTEM_GTEST),no) 133CXX_BINARY(system_unittest): $(GTEST_LIBS) 134endif 135CXX_BINARY(system_unittest): system_unittest.o \ 136 $(CORE_OBJECT_FILES) testrunner.o 137clean: CLEAN(system_unittest) 138 139 140CXX_BINARY(util_unittest): CXXFLAGS += $(GTEST_CXXFLAGS) 141CXX_BINARY(util_unittest): LDLIBS += -lcap $(GTEST_LIBS) 142ifeq ($(USE_SYSTEM_GTEST),no) 143CXX_BINARY(util_unittest): $(GTEST_LIBS) 144endif 145CXX_BINARY(util_unittest): util_unittest.o \ 146 $(CORE_OBJECT_FILES) testrunner.o 147clean: CLEAN(util_unittest) 148 149 150CXX_BINARY(parse_seccomp_policy): parse_seccomp_policy.o syscall_filter.o \ 151 bpf.o util.o libconstants.gen.o libsyscalls.gen.o 152clean: CLEAN(parse_seccomp_policy) 153 154 155# Compiling dump_constants as a static executable makes it easy to run under 156# qemu-user, which in turn simplifies cross-compiling bpf policies. 157CXX_STATIC_BINARY(dump_constants): dump_constants.o \ 158 libconstants.gen.o libsyscalls.gen.o 159clean: CLEAN(dump_constants) 160 161 162constants.json: CXX_STATIC_BINARY(dump_constants) 163 ./dump_constants > $@ 164clean: CLEANFILE(constants.json) 165 166 167libsyscalls.gen.o: CPPFLAGS += -I$(SRC) 168 169libsyscalls.gen.o.depends: libsyscalls.gen.c 170 171# Only regenerate libsyscalls.gen.c if the Makefile or header changes. 172# NOTE! This will not detect if the file is not appropriate for the target. 173libsyscalls.gen.c: $(SRC)/Makefile $(SRC)/libsyscalls.h 174 @printf "Generating target-arch specific $@...\n" 175 $(QUIET)CC="$(CC)" $(SRC)/gen_syscalls.sh "$@" 176 @printf "$@ done.\n" 177clean: CLEAN(libsyscalls.gen.c) 178 179$(eval $(call add_object_rules,libsyscalls.gen.o,CC,c,CFLAGS)) 180 181libconstants.gen.o: CPPFLAGS += -I$(SRC) 182 183libconstants.gen.o.depends: libconstants.gen.c 184 185# Only regenerate libconstants.gen.c if the Makefile or header changes. 186# NOTE! This will not detect if the file is not appropriate for the target. 187libconstants.gen.c: $(SRC)/Makefile $(SRC)/libconstants.h 188 @printf "Generating target-arch specific $@...\n" 189 $(QUIET)CC="$(CC)" $(SRC)/gen_constants.sh "$@" 190 @printf "$@ done.\n" 191clean: CLEAN(libconstants.gen.c) 192 193$(eval $(call add_object_rules,libconstants.gen.o,CC,c,CFLAGS)) 194 195 196################################################################################ 197# Google Test 198 199ifeq ($(USE_SYSTEM_GTEST),no) 200# Points to the root of Google Test, relative to where this file is. 201# Remember to tweak this if you move this file. 202GTEST_DIR = googletest-release-1.10.0/googletest 203 204# Flags passed to the preprocessor. 205# Set Google Test's header directory as a system directory, such that 206# the compiler doesn't generate warnings in Google Test headers. 207CPPFLAGS += -isystem $(GTEST_DIR)/include 208 209# Flags passed to the C++ compiler. 210GTEST_CXXFLAGS += -pthread 211 212# All Google Test headers. Usually you shouldn't change this 213# definition. 214GTEST_HEADERS = $(GTEST_DIR)/include/gtest/*.h \ 215 $(GTEST_DIR)/include/gtest/internal/*.h 216 217# House-keeping build targets. 218clean: clean_gtest 219 220clean_gtest: 221 rm -f gtest.a gtest_main.a *.o 222 223# Builds gtest.a and gtest_main.a. 224 225# Usually you shouldn't tweak such internal variables, indicated by a 226# trailing _. 227GTEST_SRCS_ = $(GTEST_DIR)/src/*.cc $(GTEST_DIR)/src/*.h $(GTEST_HEADERS) 228 229# For simplicity and to avoid depending on Google Test's 230# implementation details, the dependencies specified below are 231# conservative and not optimized. This is fine as Google Test 232# compiles fast and for ordinary users its source rarely changes. 233gtest-all.o : $(GTEST_SRCS_) 234 $(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \ 235 $(GTEST_DIR)/src/gtest-all.cc -o $@ 236 237gtest_main.o : $(GTEST_SRCS_) 238 $(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \ 239 $(GTEST_DIR)/src/gtest_main.cc -o $@ 240 241gtest.a : gtest-all.o 242 $(AR) $(ARFLAGS) $@ $^ 243 244gtest_main.a : gtest-all.o gtest_main.o 245 $(AR) $(ARFLAGS) $@ $^ 246 247endif 248################################################################################ 249