1 // Copyright (C) 2015 The Android Open Source Project 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Common variables. 16 // ========================================================= 17 libminijailSrcFiles = [ 18 "bpf.c", 19 "libminijail.c", 20 "signal_handler.c", 21 "syscall_filter.c", 22 "syscall_wrapper.c", 23 "system.c", 24 "util.c", 25 ] 26 27 unittestSrcFiles = [ 28 "testrunner.cc", 29 ] 30 31 minijailCommonLibraries = ["libcap"] 32 33 cc_defaults { 34 name: "libminijail_flags", 35 cflags: [ 36 "-D_FILE_OFFSET_BITS=64", 37 "-DALLOW_DEBUG_LOGGING", 38 "-DDEFAULT_PIVOT_ROOT=\"/var/empty\"", 39 "-Wall", 40 "-Werror", 41 ], 42 target: { 43 darwin: { 44 enabled: false, 45 }, 46 }, 47 } 48 49 // Static library for generated code. 50 // ========================================================= 51 cc_object { 52 name: "libminijail_gen_syscall_obj", 53 vendor_available: true, 54 recovery_available: true, 55 srcs: ["gen_syscalls.c"], 56 cflags: [ 57 "-dD", 58 "-E", 59 "-Wall", 60 "-Werror", 61 ], 62 } 63 64 cc_genrule { 65 name: "libminijail_gen_syscall", 66 vendor_available: true, 67 recovery_available: true, 68 tool_files: ["gen_syscalls.sh"], 69 cmd: "$(location gen_syscalls.sh) $(in) $(out)", 70 srcs: [":libminijail_gen_syscall_obj"], 71 out: ["libsyscalls.c"], 72 } 73 74 cc_object { 75 name: "libminijail_gen_constants_obj", 76 vendor_available: true, 77 recovery_available: true, 78 srcs: ["gen_constants.c"], 79 cflags: [ 80 "-dD", 81 "-E", 82 "-Wall", 83 "-Werror", 84 ], 85 } 86 87 cc_genrule { 88 name: "libminijail_gen_constants", 89 vendor_available: true, 90 recovery_available: true, 91 tool_files: ["gen_constants.sh"], 92 cmd: "$(location gen_constants.sh) $(in) $(out)", 93 srcs: [":libminijail_gen_constants_obj"], 94 out: ["libconstants.c"], 95 } 96 97 cc_library_static { 98 name: "libminijail_generated", 99 vendor_available: true, 100 recovery_available: true, 101 defaults: ["libminijail_flags"], 102 host_supported: true, 103 104 target: { 105 android: { 106 generated_sources: [ 107 "libminijail_gen_syscall", 108 "libminijail_gen_constants", 109 ], 110 }, 111 host: { 112 srcs: [ 113 "linux-x86/libconstants.gen.c", 114 "linux-x86/libsyscalls.gen.c", 115 ], 116 }, 117 }, 118 } 119 120 // libminijail shared and static library for target. 121 // ========================================================= 122 cc_library { 123 name: "libminijail", 124 host_supported: true, 125 126 vendor_available: true, 127 recovery_available: true, 128 vndk: { 129 enabled: true, 130 }, 131 132 defaults: ["libminijail_flags"], 133 134 srcs: libminijailSrcFiles, 135 136 static: { 137 whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries, 138 }, 139 shared: { 140 static_libs: ["libminijail_generated"], 141 shared_libs: minijailCommonLibraries, 142 }, 143 export_include_dirs: ["."], 144 145 target: { 146 host: { 147 cflags: [ 148 "-DPRELOADPATH=\"/invalidminijailpreload.so\"", 149 ], 150 }, 151 }, 152 } 153 154 // Example ASan-ified libminijail shared library for target. 155 // Commented out since it's only needed for local debugging. 156 // ========================================================= 157 //cc_library_shared { 158 // name: "libminijail_asan", 159 // defaults: ["libminijail_flags"], 160 // 161 // sanitize: { 162 // address: true, 163 // }, 164 // relative_install_path: "asan", 165 // srcs: libminijailSrcFiles, 166 // 167 // static_libs: ["libminijail_generated"], 168 // shared_libs: minijailCommonLibraries, 169 // export_include_dirs: ["."], 170 //} 171 172 // libminijail native unit tests using gtest. 173 // 174 // For a device, run with: 175 // adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest 176 // 177 // For host, run with: 178 // out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest 179 // ========================================================= 180 cc_test { 181 name: "libminijail_unittest_gtest", 182 defaults: ["libminijail_flags"], 183 // TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available. 184 //host_supported: true 185 186 srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles, 187 188 static_libs: ["libminijail_generated"], 189 shared_libs: minijailCommonLibraries, 190 191 target: { 192 android: { 193 cflags: ["-Wno-writable-strings"], 194 test_suites: ["device-tests"], 195 }, 196 host: { 197 cflags: ["-DPRELOADPATH=\"/invalid\""], 198 }, 199 }, 200 } 201 202 // Syscall filtering native unit tests using gtest. 203 // 204 // For a device, run with: 205 // adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest 206 // 207 // For host, run with: 208 // out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest 209 // ========================================================= 210 cc_test { 211 name: "syscall_filter_unittest_gtest", 212 defaults: ["libminijail_flags"], 213 host_supported: true, 214 215 srcs: [ 216 "bpf.c", 217 "syscall_filter.c", 218 "util.c", 219 "syscall_filter_unittest.cc", 220 ] + unittestSrcFiles, 221 222 static_libs: ["libminijail_generated"], 223 shared_libs: minijailCommonLibraries, 224 225 target: { 226 android: { 227 test_suites: ["device-tests"], 228 }, 229 }, 230 } 231 232 // System functionality unit tests using gtest. 233 // 234 // For a device, run with: 235 // adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest 236 // 237 // For host, run with: 238 // out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest 239 // ========================================================= 240 cc_test { 241 name: "mj_system_unittest_gtest", 242 defaults: ["libminijail_flags"], 243 host_supported: true, 244 245 srcs: [ 246 "system.c", 247 "util.c", 248 "system_unittest.cc", 249 ] + unittestSrcFiles, 250 251 static_libs: ["libminijail_generated"], 252 shared_libs: minijailCommonLibraries, 253 254 target: { 255 android: { 256 test_suites: ["device-tests"], 257 }, 258 }, 259 } 260 261 // Utility functionality unit tests using gtest. 262 // 263 // For a device, run with: 264 // adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest 265 // 266 // For host, run with: 267 // out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest 268 // ========================================================= 269 cc_test { 270 name: "mj_util_unittest_gtest", 271 defaults: ["libminijail_flags"], 272 host_supported: true, 273 274 srcs: [ 275 "util.c", 276 "util_unittest.cc", 277 ] + unittestSrcFiles, 278 279 static_libs: ["libminijail_generated"], 280 shared_libs: minijailCommonLibraries, 281 282 target: { 283 android: { 284 test_suites: ["device-tests"], 285 }, 286 }, 287 } 288 289 // Utility functionality unit tests using gtest. 290 // 291 // For a device, run with: 292 // adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest 293 // 294 // For host, run with: 295 // out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest 296 // ========================================================= 297 cc_test { 298 name: "minijail0_cli_unittest_gtest", 299 defaults: ["libminijail_flags"], 300 host_supported: true, 301 302 cflags: [ 303 "-DPRELOADPATH=\"/invalid\"", 304 ], 305 srcs: libminijailSrcFiles + [ 306 "elfparse.c", 307 "minijail0_cli.c", 308 "minijail0_cli_unittest.cc", 309 ] + unittestSrcFiles, 310 311 static_libs: ["libminijail_generated"], 312 shared_libs: minijailCommonLibraries, 313 314 target: { 315 android: { 316 test_suites: ["device-tests"], 317 }, 318 }, 319 } 320 321 // libminijail_test executable for brillo_Minijail test. 322 // ========================================================= 323 cc_test { 324 name: "libminijail_test", 325 defaults: ["libminijail_flags"], 326 test_suites: ["device-tests"], 327 328 gtest: false, 329 330 srcs: ["test/libminijail_test.cpp"], 331 332 shared_libs: [ 333 "libbase", 334 "libminijail", 335 ], 336 } 337 338 // libminijail usage example. 339 // ========================================================= 340 cc_binary { 341 name: "drop_privs", 342 defaults: ["libminijail_flags"], 343 344 // Don't build with ASan, but leave commented out for easy local debugging. 345 // sanitize: { address: true, }, 346 srcs: ["examples/drop_privs.cpp"], 347 348 shared_libs: [ 349 "libbase", 350 "libminijail", 351 ], 352 } 353 354 // minijail0 executable. 355 // This is not currently used on Brillo/Android, 356 // but it's convenient to be able to build it. 357 // ========================================================= 358 cc_binary { 359 name: "minijail0", 360 defaults: ["libminijail_flags"], 361 host_supported: true, 362 363 cflags: [ 364 "-DPRELOADPATH=\"/invalidminijailpreload.so\"", 365 ], 366 srcs: [ 367 "elfparse.c", 368 "minijail0.c", 369 "minijail0_cli.c", 370 ], 371 372 static_libs: ["libminijail_generated"], 373 shared_libs: minijailCommonLibraries + ["libminijail"], 374 } 375
