1// Copyright (C) 2015 The Android Open Source Project 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15// Common variables. 16// ========================================================= 17package { 18 default_applicable_licenses: ["external_minijail_license"], 19} 20 21// Added automatically by a large-scale-change that took the approach of 22// 'apply every license found to every target'. While this makes sure we respect 23// every license restriction, it may not be entirely correct. 24// 25// e.g. GPL in an MIT project might only apply to the contrib/ directory. 26// 27// Please consider splitting the single license below into multiple licenses, 28// taking care not to lose any license_kind information, and overriding the 29// default license using the 'licenses: [...]' property on targets as needed. 30// 31// For unused files, consider creating a 'fileGroup' with "//visibility:private" 32// to attach the license to, and including a comment whether the files may be 33// used in the current project. 34// 35// large-scale-change included anything that looked like it might be a license 36// text as a license_text. e.g. LICENSE, NOTICE, COPYING etc. 37// 38// Please consider removing redundant or irrelevant files from 'license_text:'. 39// See: http://go/android-license-faq 40license { 41 name: "external_minijail_license", 42 visibility: [":__subpackages__"], 43 license_kinds: [ 44 "SPDX-license-identifier-Apache-2.0", 45 "SPDX-license-identifier-BSD", 46 ], 47 license_text: [ 48 "LICENSE", 49 "NOTICE", 50 ], 51} 52 53libminijailSrcFiles = [ 54 "bpf.c", 55 "landlock_util.c", 56 "libminijail.c", 57 "signal_handler.c", 58 "syscall_filter.c", 59 "syscall_wrapper.c", 60 "system.c", 61 "util.c", 62] 63 64unittestSrcFiles = [ 65 "testrunner.cc", 66 "test_util.cc", 67] 68 69minijailCommonLibraries = ["libcap"] 70 71cc_defaults { 72 name: "libminijail_flags", 73 cflags: [ 74 "-D_FILE_OFFSET_BITS=64", 75 "-DALLOW_DEBUG_LOGGING", 76 "-DALLOW_DUPLICATE_SYSCALLS", 77 "-DDEFAULT_PIVOT_ROOT=\"/var/empty\"", 78 "-DBINDMOUNT_ALLOWED_PREFIXES=\"\"", 79 "-Wall", 80 "-Werror", 81 ], 82 target: { 83 darwin: { 84 enabled: false, 85 }, 86 }, 87} 88 89// Static library for generated code. 90// ========================================================= 91cc_object { 92 name: "libminijail_gen_syscall_obj", 93 vendor_available: true, 94 product_available: true, 95 recovery_available: true, 96 srcs: ["gen_syscalls.c"], 97 cflags: [ 98 "-dD", 99 "-E", 100 "-Wall", 101 "-Werror", 102 ], 103 apex_available: [ 104 "//apex_available:platform", 105 "com.android.adbd", 106 "com.android.compos", 107 "com.android.media.swcodec", 108 "com.android.virt", 109 ], 110 min_sdk_version: "29", 111} 112 113cc_genrule { 114 name: "libminijail_gen_syscall", 115 vendor_available: true, 116 product_available: true, 117 recovery_available: true, 118 tool_files: ["gen_syscalls.sh"], 119 cmd: "$(location gen_syscalls.sh) $(in) $(out)", 120 srcs: [":libminijail_gen_syscall_obj"], 121 out: ["libsyscalls.c"], 122 apex_available: [ 123 "//apex_available:platform", 124 "com.android.adbd", 125 "com.android.compos", 126 "com.android.media.swcodec", 127 "com.android.virt", 128 ], 129} 130 131cc_object { 132 name: "libminijail_gen_constants_obj", 133 vendor_available: true, 134 product_available: true, 135 recovery_available: true, 136 srcs: ["gen_constants.c"], 137 cflags: [ 138 "-dD", 139 "-E", 140 "-Wall", 141 "-Werror", 142 ], 143 apex_available: [ 144 "//apex_available:platform", 145 "com.android.adbd", 146 "com.android.compos", 147 "com.android.media.swcodec", 148 "com.android.virt", 149 ], 150 min_sdk_version: "29", 151} 152 153cc_genrule { 154 name: "libminijail_gen_constants", 155 vendor_available: true, 156 product_available: true, 157 recovery_available: true, 158 tool_files: ["gen_constants.sh"], 159 cmd: "$(location gen_constants.sh) $(in) $(out)", 160 srcs: [":libminijail_gen_constants_obj"], 161 out: ["libconstants.c"], 162 apex_available: [ 163 "//apex_available:platform", 164 "com.android.adbd", 165 "com.android.compos", 166 "com.android.media.swcodec", 167 "com.android.virt", 168 ], 169} 170 171cc_library_static { 172 name: "libminijail_generated", 173 vendor_available: true, 174 product_available: true, 175 recovery_available: true, 176 defaults: ["libminijail_flags"], 177 host_supported: true, 178 179 target: { 180 android: { 181 generated_sources: [ 182 "libminijail_gen_syscall", 183 "libminijail_gen_constants", 184 ], 185 }, 186 host: { 187 srcs: [ 188 "linux-x86/libconstants.gen.c", 189 "linux-x86/libsyscalls.gen.c", 190 ], 191 }, 192 }, 193 apex_available: [ 194 "//apex_available:platform", 195 "com.android.adbd", 196 "com.android.compos", 197 "com.android.media.swcodec", 198 "com.android.virt", 199 ], 200 min_sdk_version: "29", 201} 202 203cc_object { 204 name: "libminijail_gen_constants_llvmir", 205 vendor_available: true, 206 product_available: true, 207 recovery_available: true, 208 host_supported: true, 209 cflags: [ 210 "-S", 211 "-O0", 212 "-emit-llvm", 213 ], 214 215 target: { 216 android: { 217 generated_sources: ["libminijail_gen_constants"], 218 }, 219 host: { 220 srcs: ["linux-x86/libconstants.gen.c"], 221 }, 222 }, 223} 224 225cc_object { 226 name: "libminijail_gen_syscall_llvmir", 227 vendor_available: true, 228 product_available: true, 229 recovery_available: true, 230 host_supported: true, 231 cflags: [ 232 "-S", 233 "-O0", 234 "-emit-llvm", 235 ], 236 237 target: { 238 android: { 239 generated_sources: ["libminijail_gen_syscall"], 240 }, 241 host: { 242 srcs: ["linux-x86/libsyscalls.gen.c"], 243 }, 244 }, 245} 246 247// libminijail shared and static library for target. 248// ========================================================= 249cc_library { 250 name: "libminijail", 251 host_supported: true, 252 253 vendor_available: true, 254 product_available: true, 255 recovery_available: true, 256 vndk: { 257 enabled: true, 258 }, 259 260 defaults: ["libminijail_flags"], 261 262 srcs: libminijailSrcFiles, 263 264 static: { 265 whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries, 266 }, 267 shared: { 268 static_libs: ["libminijail_generated"], 269 shared_libs: minijailCommonLibraries, 270 }, 271 export_include_dirs: ["."], 272 273 target: { 274 host: { 275 cflags: [ 276 "-DPRELOADPATH=\"/invalidminijailpreload.so\"", 277 ], 278 }, 279 }, 280 apex_available: [ 281 "//apex_available:platform", 282 "com.android.adbd", 283 "com.android.compos", 284 "com.android.media.swcodec", 285 "com.android.virt", 286 ], 287 min_sdk_version: "29", 288} 289 290// Example ASan-ified libminijail shared library for target. 291// Commented out since it's only needed for local debugging. 292// ========================================================= 293//cc_library_shared { 294// name: "libminijail_asan", 295// defaults: ["libminijail_flags"], 296// 297// sanitize: { 298// address: true, 299// }, 300// relative_install_path: "asan", 301// srcs: libminijailSrcFiles, 302// 303// static_libs: ["libminijail_generated"], 304// shared_libs: minijailCommonLibraries, 305// export_include_dirs: ["."], 306//} 307 308// libminijail native unit tests using gtest. 309// 310// For a device, run with: 311// adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest 312// 313// For host, run with: 314// out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest 315// ========================================================= 316cc_test { 317 name: "libminijail_unittest_gtest", 318 defaults: ["libminijail_flags"], 319 // TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available. 320 //host_supported: true 321 322 srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles, 323 324 static_libs: ["libminijail_generated"], 325 shared_libs: minijailCommonLibraries, 326 327 target: { 328 android: { 329 cflags: ["-Wno-writable-strings"], 330 test_suites: ["device-tests"], 331 }, 332 host: { 333 cflags: ["-DPRELOADPATH=\"/invalid\""], 334 }, 335 }, 336} 337 338// Syscall filtering native unit tests using gtest. 339// 340// For a device, run with: 341// adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest 342// 343// For host, run with: 344// out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest 345// ========================================================= 346cc_test { 347 name: "syscall_filter_unittest_gtest", 348 defaults: ["libminijail_flags"], 349 host_supported: true, 350 351 srcs: [ 352 "bpf.c", 353 "syscall_filter.c", 354 "syscall_wrapper.c", 355 "util.c", 356 "syscall_filter_unittest.cc", 357 ] + unittestSrcFiles, 358 359 static_libs: ["libminijail_generated"], 360 shared_libs: minijailCommonLibraries, 361 362 target: { 363 android: { 364 test_suites: ["device-tests"], 365 }, 366 }, 367 test_options: { 368 unit_test: true, 369 }, 370 data: ["test/*"], 371} 372 373// System functionality unit tests using gtest. 374// 375// For a device, run with: 376// adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest 377// 378// For host, run with: 379// out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest 380// ========================================================= 381cc_test { 382 name: "mj_system_unittest_gtest", 383 defaults: ["libminijail_flags"], 384 host_supported: true, 385 386 srcs: [ 387 "syscall_wrapper.c", 388 "system.c", 389 "util.c", 390 "system_unittest.cc", 391 ] + unittestSrcFiles, 392 393 static_libs: ["libminijail_generated"], 394 shared_libs: minijailCommonLibraries, 395 396 target: { 397 android: { 398 test_suites: ["device-tests"], 399 }, 400 }, 401} 402 403// Utility functionality unit tests using gtest. 404// 405// For a device, run with: 406// adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest 407// 408// For host, run with: 409// out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest 410// ========================================================= 411cc_test { 412 name: "mj_util_unittest_gtest", 413 defaults: ["libminijail_flags"], 414 host_supported: true, 415 416 srcs: [ 417 "util.c", 418 "util_unittest.cc", 419 ] + unittestSrcFiles, 420 421 static_libs: ["libminijail_generated"], 422 shared_libs: minijailCommonLibraries, 423 424 target: { 425 android: { 426 test_suites: ["device-tests"], 427 }, 428 }, 429} 430 431// Utility functionality unit tests using gtest. 432// 433// For a device, run with: 434// adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest 435// 436// For host, run with: 437// out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest 438// ========================================================= 439cc_test { 440 name: "minijail0_cli_unittest_gtest", 441 defaults: ["libminijail_flags"], 442 host_supported: true, 443 444 cflags: [ 445 "-DPRELOADPATH=\"/invalid\"", 446 ], 447 srcs: libminijailSrcFiles + [ 448 "config_parser.c", 449 "elfparse.c", 450 "minijail0_cli.c", 451 "minijail0_cli_unittest.cc", 452 ] + unittestSrcFiles, 453 454 static_libs: ["libminijail_generated"], 455 shared_libs: minijailCommonLibraries, 456 457 target: { 458 android: { 459 test_suites: ["device-tests"], 460 }, 461 }, 462 data: ["test/*"], 463 test_options: { 464 tags: ["no-remote"], 465 } 466} 467 468 469// Configuration file parser functionality unit tests using gtest. 470// 471// For a device, run with: 472// adb shell /data/nativetest/config_parser_unittest_gtest/config_parser_unittest_gtest 473// 474// For host, run with: 475// out/host/linux-x86/nativetest(64)/config_parser_unittest_gtest/config_parser_unittest_gtest 476// ========================================================= 477cc_test { 478 name: "config_parser_unittest_gtest", 479 defaults: ["libminijail_flags"], 480 host_supported: true, 481 482 srcs: [ 483 "config_parser.c", 484 "util.c", 485 "config_parser_unittest.cc", 486 ] + unittestSrcFiles, 487 488 static_libs: ["libminijail_generated"], 489 shared_libs: minijailCommonLibraries, 490 491 target: { 492 android: { 493 test_suites: ["device-tests"], 494 }, 495 }, 496 test_options: { 497 unit_test: true, 498 }, 499 data: ["test/*"], 500} 501 502// libminijail_test executable for brillo_Minijail test. 503// ========================================================= 504cc_test { 505 name: "libminijail_test", 506 defaults: ["libminijail_flags"], 507 test_suites: ["device-tests"], 508 509 gtest: false, 510 511 srcs: ["test/libminijail_test.cpp"], 512 513 shared_libs: [ 514 "libbase", 515 "libminijail", 516 ], 517} 518 519// libminijail usage example. 520// ========================================================= 521cc_binary { 522 name: "drop_privs", 523 defaults: ["libminijail_flags"], 524 525 // Don't build with ASan, but leave commented out for easy local debugging. 526 // sanitize: { address: true, }, 527 srcs: ["examples/drop_privs.cpp"], 528 529 shared_libs: [ 530 "libbase", 531 "libminijail", 532 ], 533} 534 535// minijail0 executable. 536// This is not currently used on Brillo/Android, 537// but it's convenient to be able to build it. 538// ========================================================= 539cc_binary { 540 name: "minijail0", 541 defaults: ["libminijail_flags"], 542 host_supported: true, 543 544 cflags: [ 545 "-DPRELOADPATH=\"/invalidminijailpreload.so\"", 546 ], 547 srcs: [ 548 "config_parser.c", 549 "elfparse.c", 550 "minijail0.c", 551 "minijail0_cli.c", 552 ], 553 554 static_libs: ["libminijail_generated"], 555 shared_libs: minijailCommonLibraries + ["libminijail"], 556} 557