• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2#
3# This script must be run in the location of the script!
4#
5# This script generates Android.bp files for this and all subdirs of this
6#
7DIR="${ANDROID_BUILD_TOP}/external/crosvm/seccomp"
8
9function remove_trailing_slash {
10  if [[ $1 == "/" ]]; then
11    echo $i
12  else
13    echo ${1%/}
14  fi
15}
16
17set -o errexit
18
19function check_location() {
20  local my_loc="$(realpath ${DIR})"
21  my_loc=$(remove_trailing_slash ${my_loc})
22
23  local my_pwd="$(realpath $PWD)"
24  my_pwd="$(remove_trailing_slash ${my_pwd})"
25  if [[ "${my_loc}" != "${my_pwd}" ]]; then
26    echo ${my_loc}
27    echo ${my_pwd}
28    >&2 echo "the script location must be run where the script is located"
29    exit 10
30  fi
31}
32
33my_name=`basename $0`
34all_archs=("x86_64" "aarch64" "arm" "x86")
35seccomp_archs=("x86_64" "aarch64")
36
37# define arch dir pattern: e.g. ${ARCH}-linux-gnu
38function get_arch_dir() {
39  local suffix="-linux-gnu"
40  local arch=$1
41  echo ${arch}${suffix}
42}
43
44# convert seccomp arch to bp arch
45function get_bp_arch() {
46  [ $1 = "aarch64" ] && echo "arm64" || echo $1
47}
48
49# utility function to enumerate policy files
50#
51# 1: seccomp dir to scan
52function scan_policy_name() {
53  local seccomp_dir=$1
54  (
55    # pushd but no output to stdout/stderr
56    # the output is taken and used by the caller
57    pushd $seccomp_dir > /dev/null 2>&1
58    ls --hide=common_device.policy --hide=common_device.frequency \
59       --hide=gpu_common.policy -1
60    popd > /dev/null 2>&1
61  )
62}
63
64function gen_license() {
65  local cchars=${1:-"//"}
66  local year=${2:-"2020"}
67cat <<EOF
68${cchars} Autogenerated via ${my_name}
69${cchars}
70${cchars} Copyright (C) ${year} The Android Open Source Project
71${cchars}
72${cchars} Licensed under the Apache License, Version 2.0 (the "License");
73${cchars} you may not use this file except in compliance with the License.
74${cchars} You may obtain a copy of the License at
75${cchars}
76${cchars}      http://www.apache.org/licenses/LICENSE-2.0
77${cchars}
78${cchars} Unless required by applicable law or agreed to in writing, software
79${cchars} distributed under the License is distributed on an "AS IS" BASIS,
80${cchars} WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
81${cchars} See the License for the specific language governing permissions and
82${cchars} limitations under the License.
83
84EOF
85}
86
87function gen_blueprint_boilerplate() {
88cat <<EOF
89package {
90    // See: http://go/android-license-faq
91    // A large-scale-change added 'default_applicable_licenses' to import
92    // all of the 'license_kinds' from "external_crosvm_license"
93    // to get the below license kinds:
94    //   SPDX-license-identifier-Apache-2.0
95    //   SPDX-license-identifier-BSD
96    default_applicable_licenses: ["external_crosvm_license"],
97}
98
99genrule_defaults {
100    name: "crosvm_inline_seccomp_policy_x86_64",
101    cmd: "\$(location policy-inliner.sh) \$(location x86_64/common_device.policy) \$(location x86_64/gpu_common.policy) < \$(in) > \$(out)",
102    tool_files: [
103        "policy-inliner.sh",
104        "x86_64/common_device.policy",
105        "x86_64/gpu_common.policy",
106    ],
107}
108
109genrule_defaults {
110    name: "crosvm_inline_seccomp_policy_aarch64",
111    cmd: "\$(location policy-inliner.sh) \$(location aarch64/common_device.policy) \$(location aarch64/gpu_common.policy) < \$(in) > \$(out)",
112    tool_files: [
113        "policy-inliner.sh",
114        "aarch64/common_device.policy",
115        "aarch64/gpu_common.policy",
116    ],
117}
118
119EOF
120}
121
122function gen_blueprint_arch_policy_files() {
123  local archs=("$@")
124  declare -A policy_genrules
125  for arch in ${archs[@]}; do
126    for file in $(scan_policy_name ${arch}); do
127      local base_name="$(basename $file)"
128      policy_genrules[${base_name}]="${policy_genrules[${base_name}]} $arch"
129    done
130  done
131  for file in "${!policy_genrules[@]}"; do
132    for arch in ${policy_genrules[$file]}; do
133      echo "genrule {"
134      echo "    name: \"${file}_inline_${arch}\","
135      echo "    defaults: [\"crosvm_inline_seccomp_policy_${arch}\"],"
136      echo "    out: [\"${file}\"],"
137      echo "    srcs: [\"${arch}/${file}\"],"
138      echo "}"
139      echo
140      if [[ $arch != "arm" ]]; then
141        echo "prebuilt_usr_share_host {"
142        echo "    name: \"${file}_${arch}\","
143        echo "    filename: \"${file}\","
144        echo "    relative_install_path: \"crosvm/$(get_arch_dir ${arch})/seccomp\","
145        echo "    src: \":${file}_inline_${arch}\","
146        echo "}"
147        echo
148      fi
149    done
150    echo "prebuilt_etc {"
151    echo "    name: \"${file}\","
152    echo "    relative_install_path: \"seccomp_policy/crosvm\","
153    declare -a target_archs
154    echo "    arch: {"
155    declare -a disabled_archs=${all_archs[@]}
156    for arch in ${policy_genrules[$file]}; do
157      disabled_archs=("${disabled_archs[@]/$arch}")
158      local bp_arch=$(get_bp_arch ${arch})
159      echo "        ${bp_arch}: {"
160      echo "            src: \":${file}_inline_${arch}\","
161      echo "        },"
162    done
163    echo "    },"
164    echo "    target: {"
165    for arch in ${disabled_archs[@]}; do
166      local bp_arch=$(get_bp_arch ${arch})
167      echo "        android_${bp_arch}: {"
168      echo "            enabled: false,"
169      echo "        },"
170    done
171    echo "    },"
172    echo "}"
173    echo
174  done
175}
176
177function gen_crosvm_seccomp_policy_product_packages_mk_fragment() {
178  local archs=("$@")
179  declare -A policy_genrules
180  for arch in ${archs[@]}; do
181    for file in $(scan_policy_name ${arch}); do
182      local base_name="$(basename $file)"
183      policy_genrules[${base_name}]="${policy_genrules[${base_name}]} $arch"
184    done
185  done
186  echo "PRODUCT_PACKAGES += \\"
187  for file in "${!policy_genrules[@]}"; do
188    echo "    ${file} \\"
189  done | sort
190  echo
191
192  echo "# TODO: Remove this when crosvm is added to generic system image"
193  echo "PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \\"
194  for file in "${!policy_genrules[@]}"; do
195    echo "    system/etc/seccomp_policy/crosvm/${file} \\"
196  done | sort
197}
198
199function print_host_seccomp_policy_lists() {
200  local archs=("$@")
201  echo "Please update the following blocks in device/google/cuttlefish/build/Android.bp:"
202  for arch in ${archs[@]}; do
203    echo
204    echo "cvd_host_seccomp_policy_${arch} = ["
205    for file in $(scan_policy_name ${arch}); do
206      local base_name="$(basename $file)"
207      echo "    \"${file}_${arch}\","
208    done | sort
209    echo "]"
210  done
211}
212
213# main
214check_location
215gen_license >Android.bp
216gen_license \# >crosvm_seccomp_policy_product_packages.mk
217gen_blueprint_boilerplate >>Android.bp
218gen_blueprint_arch_policy_files "${seccomp_archs[@]}" >>Android.bp
219gen_crosvm_seccomp_policy_product_packages_mk_fragment \
220  "${seccomp_archs[@]}" >>crosvm_seccomp_policy_product_packages.mk
221print_host_seccomp_policy_lists "${seccomp_archs[@]}"
222