• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright (C) 2015 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15// Common variables.
16// =========================================================
17package {
18    default_applicable_licenses: ["external_minijail_license"],
19}
20
21// Added automatically by a large-scale-change that took the approach of
22// 'apply every license found to every target'. While this makes sure we respect
23// every license restriction, it may not be entirely correct.
24//
25// e.g. GPL in an MIT project might only apply to the contrib/ directory.
26//
27// Please consider splitting the single license below into multiple licenses,
28// taking care not to lose any license_kind information, and overriding the
29// default license using the 'licenses: [...]' property on targets as needed.
30//
31// For unused files, consider creating a 'fileGroup' with "//visibility:private"
32// to attach the license to, and including a comment whether the files may be
33// used in the current project.
34//
35// large-scale-change included anything that looked like it might be a license
36// text as a license_text. e.g. LICENSE, NOTICE, COPYING etc.
37//
38// Please consider removing redundant or irrelevant files from 'license_text:'.
39// See: http://go/android-license-faq
40license {
41    name: "external_minijail_license",
42    visibility: [":__subpackages__"],
43    license_kinds: [
44        "SPDX-license-identifier-Apache-2.0",
45        "SPDX-license-identifier-BSD",
46    ],
47    license_text: [
48        "LICENSE",
49        "NOTICE",
50    ],
51}
52
53libminijailSrcFiles = [
54    "bpf.c",
55    "libminijail.c",
56    "signal_handler.c",
57    "syscall_filter.c",
58    "syscall_wrapper.c",
59    "system.c",
60    "util.c",
61]
62
63unittestSrcFiles = [
64    "testrunner.cc",
65    "test_util.cc",
66]
67
68minijailCommonLibraries = ["libcap"]
69
70cc_defaults {
71    name: "libminijail_flags",
72    cflags: [
73        "-D_FILE_OFFSET_BITS=64",
74        "-DALLOW_DEBUG_LOGGING",
75        "-DALLOW_DUPLICATE_SYSCALLS",
76        "-DDEFAULT_PIVOT_ROOT=\"/var/empty\"",
77        "-Wall",
78        "-Werror",
79    ],
80    c_std: "gnu11",
81    target: {
82        darwin: {
83            enabled: false,
84        },
85    },
86}
87
88// Static library for generated code.
89// =========================================================
90cc_object {
91    name: "libminijail_gen_syscall_obj",
92    vendor_available: true,
93    product_available: true,
94    recovery_available: true,
95    srcs: ["gen_syscalls.c"],
96    cflags: [
97        "-dD",
98        "-E",
99        "-Wall",
100        "-Werror",
101    ],
102    apex_available: [
103        "//apex_available:platform",
104        "com.android.adbd",
105        "com.android.compos",
106        "com.android.media.swcodec",
107        "com.android.virt",
108    ],
109    min_sdk_version: "29",
110}
111
112cc_genrule {
113    name: "libminijail_gen_syscall",
114    vendor_available: true,
115    product_available: true,
116    recovery_available: true,
117    tool_files: ["gen_syscalls.sh"],
118    cmd: "$(location gen_syscalls.sh) $(in) $(out)",
119    srcs: [":libminijail_gen_syscall_obj"],
120    out: ["libsyscalls.c"],
121    apex_available: [
122        "//apex_available:platform",
123        "com.android.adbd",
124        "com.android.compos",
125        "com.android.media.swcodec",
126        "com.android.virt",
127    ],
128}
129
130cc_object {
131    name: "libminijail_gen_constants_obj",
132    vendor_available: true,
133    product_available: true,
134    recovery_available: true,
135    srcs: ["gen_constants.c"],
136    cflags: [
137        "-dD",
138        "-E",
139        "-Wall",
140        "-Werror",
141    ],
142    apex_available: [
143        "//apex_available:platform",
144        "com.android.adbd",
145        "com.android.compos",
146        "com.android.media.swcodec",
147        "com.android.virt",
148    ],
149    min_sdk_version: "29",
150}
151
152cc_genrule {
153    name: "libminijail_gen_constants",
154    vendor_available: true,
155    product_available: true,
156    recovery_available: true,
157    tool_files: ["gen_constants.sh"],
158    cmd: "$(location gen_constants.sh) $(in) $(out)",
159    srcs: [":libminijail_gen_constants_obj"],
160    out: ["libconstants.c"],
161    apex_available: [
162        "//apex_available:platform",
163        "com.android.adbd",
164        "com.android.compos",
165        "com.android.media.swcodec",
166        "com.android.virt",
167    ],
168}
169
170cc_library_static {
171    name: "libminijail_generated",
172    vendor_available: true,
173    product_available: true,
174    recovery_available: true,
175    defaults: ["libminijail_flags"],
176    host_supported: true,
177
178    target: {
179        android: {
180            generated_sources: [
181                "libminijail_gen_syscall",
182                "libminijail_gen_constants",
183            ],
184        },
185        host: {
186            srcs: [
187                "linux-x86/libconstants.gen.c",
188                "linux-x86/libsyscalls.gen.c",
189            ],
190        },
191    },
192    apex_available: [
193        "//apex_available:platform",
194        "com.android.adbd",
195        "com.android.compos",
196        "com.android.media.swcodec",
197        "com.android.virt",
198    ],
199    min_sdk_version: "29",
200}
201
202cc_object {
203    name: "libminijail_gen_constants_llvmir",
204    vendor_available: true,
205    product_available: true,
206    recovery_available: true,
207    host_supported: true,
208    cflags: [
209        "-S",
210        "-O0",
211        "-emit-llvm",
212    ],
213
214    target: {
215        android: {
216            generated_sources: ["libminijail_gen_constants"],
217        },
218        host: {
219            srcs: ["linux-x86/libconstants.gen.c"],
220        },
221    },
222}
223
224cc_object {
225    name: "libminijail_gen_syscall_llvmir",
226    vendor_available: true,
227    product_available: true,
228    recovery_available: true,
229    host_supported: true,
230    cflags: [
231        "-S",
232        "-O0",
233        "-emit-llvm",
234    ],
235
236    target: {
237        android: {
238            generated_sources: ["libminijail_gen_syscall"],
239        },
240        host: {
241            srcs: ["linux-x86/libsyscalls.gen.c"],
242        },
243    },
244}
245
246// libminijail shared and static library for target.
247// =========================================================
248cc_library {
249    name: "libminijail",
250    host_supported: true,
251
252    vendor_available: true,
253    product_available: true,
254    recovery_available: true,
255    vndk: {
256        enabled: true,
257    },
258
259    defaults: ["libminijail_flags"],
260
261    srcs: libminijailSrcFiles,
262
263    static: {
264        whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries,
265    },
266    shared: {
267        static_libs: ["libminijail_generated"],
268        shared_libs: minijailCommonLibraries,
269    },
270    export_include_dirs: ["."],
271
272    target: {
273        host: {
274            cflags: [
275                "-DPRELOADPATH=\"/invalidminijailpreload.so\"",
276            ],
277        },
278    },
279    apex_available: [
280        "//apex_available:platform",
281        "com.android.adbd",
282        "com.android.compos",
283        "com.android.media.swcodec",
284        "com.android.virt",
285    ],
286    min_sdk_version: "29",
287}
288
289// Example ASan-ified libminijail shared library for target.
290// Commented out since it's only needed for local debugging.
291// =========================================================
292//cc_library_shared {
293//    name: "libminijail_asan",
294//    defaults: ["libminijail_flags"],
295//
296//    sanitize: {
297//        address: true,
298//    },
299//    relative_install_path: "asan",
300//    srcs: libminijailSrcFiles,
301//
302//    static_libs: ["libminijail_generated"],
303//    shared_libs: minijailCommonLibraries,
304//    export_include_dirs: ["."],
305//}
306
307// libminijail native unit tests using gtest.
308//
309// For a device, run with:
310// adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest
311//
312// For host, run with:
313// out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest
314// =========================================================
315cc_test {
316    name: "libminijail_unittest_gtest",
317    defaults: ["libminijail_flags"],
318    // TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available.
319    //host_supported: true
320
321    srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles,
322
323    static_libs: ["libminijail_generated"],
324    shared_libs: minijailCommonLibraries,
325
326    target: {
327        android: {
328            cflags: ["-Wno-writable-strings"],
329            test_suites: ["device-tests"],
330        },
331        host: {
332            cflags: ["-DPRELOADPATH=\"/invalid\""],
333        },
334    },
335}
336
337// Syscall filtering native unit tests using gtest.
338//
339// For a device, run with:
340// adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
341//
342// For host, run with:
343// out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
344// =========================================================
345cc_test {
346    name: "syscall_filter_unittest_gtest",
347    defaults: ["libminijail_flags"],
348    host_supported: true,
349
350    srcs: [
351        "bpf.c",
352        "syscall_filter.c",
353        "syscall_wrapper.c",
354        "util.c",
355        "syscall_filter_unittest.cc",
356    ] + unittestSrcFiles,
357
358    static_libs: ["libminijail_generated"],
359    shared_libs: minijailCommonLibraries,
360
361    target: {
362        android: {
363            test_suites: ["device-tests"],
364        },
365    },
366    test_options: {
367        unit_test: true,
368    },
369    data: ["test/*"],
370}
371
372// System functionality unit tests using gtest.
373//
374// For a device, run with:
375// adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest
376//
377// For host, run with:
378// out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest
379// =========================================================
380cc_test {
381    name: "mj_system_unittest_gtest",
382    defaults: ["libminijail_flags"],
383    host_supported: true,
384
385    srcs: [
386        "syscall_wrapper.c",
387        "system.c",
388        "util.c",
389        "system_unittest.cc",
390    ] + unittestSrcFiles,
391
392    static_libs: ["libminijail_generated"],
393    shared_libs: minijailCommonLibraries,
394
395    target: {
396        android: {
397            test_suites: ["device-tests"],
398        },
399    },
400}
401
402// Utility functionality unit tests using gtest.
403//
404// For a device, run with:
405// adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest
406//
407// For host, run with:
408// out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest
409// =========================================================
410cc_test {
411    name: "mj_util_unittest_gtest",
412    defaults: ["libminijail_flags"],
413    host_supported: true,
414
415    srcs: [
416        "util.c",
417        "util_unittest.cc",
418    ] + unittestSrcFiles,
419
420    static_libs: ["libminijail_generated"],
421    shared_libs: minijailCommonLibraries,
422
423    target: {
424        android: {
425            test_suites: ["device-tests"],
426        },
427    },
428}
429
430// Utility functionality unit tests using gtest.
431//
432// For a device, run with:
433// adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
434//
435// For host, run with:
436// out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
437// =========================================================
438cc_test {
439    name: "minijail0_cli_unittest_gtest",
440    defaults: ["libminijail_flags"],
441    host_supported: true,
442
443    cflags: [
444        "-DPRELOADPATH=\"/invalid\"",
445    ],
446    srcs: libminijailSrcFiles + [
447        "config_parser.c",
448        "elfparse.c",
449        "minijail0_cli.c",
450        "minijail0_cli_unittest.cc",
451    ] + unittestSrcFiles,
452
453    static_libs: ["libminijail_generated"],
454    shared_libs: minijailCommonLibraries,
455
456    target: {
457        android: {
458            test_suites: ["device-tests"],
459        },
460    },
461    data: ["test/*"],
462}
463
464
465// Configuration file parser functionality unit tests using gtest.
466//
467// For a device, run with:
468// adb shell /data/nativetest/config_parser_unittest_gtest/config_parser_unittest_gtest
469//
470// For host, run with:
471// out/host/linux-x86/nativetest(64)/config_parser_unittest_gtest/config_parser_unittest_gtest
472// =========================================================
473cc_test {
474    name: "config_parser_unittest_gtest",
475    defaults: ["libminijail_flags"],
476    host_supported: true,
477
478    srcs: [
479        "config_parser.c",
480        "util.c",
481        "config_parser_unittest.cc",
482    ] + unittestSrcFiles,
483
484    static_libs: ["libminijail_generated"],
485    shared_libs: minijailCommonLibraries,
486
487    target: {
488        android: {
489            test_suites: ["device-tests"],
490        },
491    },
492    test_options: {
493        unit_test: true,
494    },
495    data: ["test/*"],
496}
497
498// libminijail_test executable for brillo_Minijail test.
499// =========================================================
500cc_test {
501    name: "libminijail_test",
502    defaults: ["libminijail_flags"],
503    test_suites: ["device-tests"],
504
505    gtest: false,
506
507    srcs: ["test/libminijail_test.cpp"],
508
509    shared_libs: [
510        "libbase",
511        "libminijail",
512    ],
513}
514
515// libminijail usage example.
516// =========================================================
517cc_binary {
518    name: "drop_privs",
519    defaults: ["libminijail_flags"],
520
521    // Don't build with ASan, but leave commented out for easy local debugging.
522    // sanitize: { address: true, },
523    srcs: ["examples/drop_privs.cpp"],
524
525    shared_libs: [
526        "libbase",
527        "libminijail",
528    ],
529}
530
531// minijail0 executable.
532// This is not currently used on Brillo/Android,
533// but it's convenient to be able to build it.
534// =========================================================
535cc_binary {
536    name: "minijail0",
537    defaults: ["libminijail_flags"],
538    host_supported: true,
539
540    cflags: [
541        "-DPRELOADPATH=\"/invalidminijailpreload.so\"",
542    ],
543    srcs: [
544        "config_parser.c",
545        "elfparse.c",
546        "minijail0.c",
547        "minijail0_cli.c",
548    ],
549
550    static_libs: ["libminijail_generated"],
551    shared_libs: minijailCommonLibraries + ["libminijail"],
552}
553
554rust_defaults {
555    name: "libminijail_rust_defaults",
556    target: {
557        darwin: {
558            enabled: false,
559        },
560    },
561}
562
563// This target was generated by cargo2android.py --run --device, with some
564// manual fixes.
565rust_library {
566    name: "libminijail_sys",
567    defaults: ["libminijail_rust_defaults"],
568    host_supported: true,
569    crate_name: "minijail_sys",
570    srcs: ["rust/minijail-sys/lib.rs"],
571    edition: "2018",
572    rustlibs: [
573        "liblibc",
574    ],
575    shared_libs: [
576        "libcap",
577        "libminijail",
578    ],
579    apex_available: [
580        "//apex_available:platform",
581        "com.android.compos",
582        "com.android.virt",
583    ],
584}
585
586// This target was generated by cargo2android.py --run --device, with some
587// manual fixes.
588rust_library {
589    name: "libminijail_rust",
590    defaults: ["libminijail_rust_defaults"],
591    host_supported: true,
592    crate_name: "minijail",
593    srcs: ["rust/minijail/src/lib.rs"],
594    edition: "2018",
595    rustlibs: [
596        "liblibc",
597        "libminijail_sys",
598    ],
599    apex_available: [
600        "//apex_available:platform",
601        "com.android.compos",
602        "com.android.virt",
603    ],
604}
605