Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / minijail / eee3155a563aa34d1dc58a625bdc59a577271adb^! / .
commiteee3155a563aa34d1dc58a625bdc59a577271adb[log] [tgz]
authorLei Zhang <thestig@chromium.org>Wed Oct 17 21:27:10 2012 -0700
committerGerrit <chrome-bot@google.com>Fri Oct 19 17:48:28 2012 -0700
treee1678cf15f4d11ff611aa71af08d13b771c650ad
parent6537a568125667e8db44a0af38fd04fc8fd07ef7 [diff]
Make it easier to build libminijail on Chromium Linux.

- Move libsyscalls.gen.c generation code out of the Makefile and into a
  script.
- Add SECURE_ALL_* defines for systems that do not linux/securebits.h.

BUG=chromium-os:35482
TEST=FEATURES=test emerge chromeos-minijail

Change-Id: I922c579f1fcf09db2379659dbde737f246200e51
Reviewed-on: https://gerrit.chromium.org/gerrit/35928
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Ready: Lei Zhang <thestig@chromium.org>
Tested-by: Lei Zhang <thestig@chromium.org>

diff --git a/Makefile b/Makefile
index b953b66..cd6b51c 100644
--- a/Makefile
+++ b/Makefile

@@ -8,6 +8,10 @@
 CFLAGS += -fPIC -Wall -Wextra -Werror -DPRELOADPATH="$(PRELOADPATH)"
 CFLAGS += -fvisibility=internal
 
+ifneq ($(HAVE_SECUREBITS_H),no)
+CFLAGS += -DHAVE_SECUREBITS_H
+endif
+
 all : minijail0 libminijail.so libminijailpreload.so
 
 tests : libminijail_unittest.wrapper syscall_filter_unittest
@@ -59,43 +63,11 @@
 
 util.o : util.c util.h
 
-# sed expression which extracts system calls that are
-# defined via asm/unistd.h.  It converts them from:
-#  #define __NR_read
-# to:
-# #ifdef __NR_read
-#  { "read", __NR_read },
-# #endif
-# All other lines will not be emitted.  The sed expression lives in its
-# own macro to allow clean line wrapping.
-define sed-multiline
-	's/#define __\(ARM_\)\?\(NR_\)\([a-z0-9_]*\)$$/#ifdef __\1\2\3\n\
-	 { "\1\3", __\1\2\3 },\n#endif/g p;'
-endef
-
-# Generates a header file with a system call table made up of "name",
-# syscall_nr entries by including the build target <asm/unistd.h> and
-# emitting the list of defines.  Use of the compiler is needed to
-# dereference the actual provider of syscall definitions.
-#   E.g., asm/unistd_32.h or asm/unistd_64.h, etc.
-define gen_syscalls
-	(set -e; \
-	 echo '/* GENERATED BY MAKEFILE */'; \
-	 echo '#include <stddef.h>'; \
-	 echo '#include <asm/unistd.h>'; \
-	 echo '#include "libsyscalls.h"'; \
-	 echo "const struct syscall_entry syscall_table[] = {"; \
-	 echo "#include <asm/unistd.h>" | \
-	   $(CC) $(CFLAGS) -dN - -E | sed -ne $(sed-multiline); \
-	 echo "  { NULL, -1 },"; \
-	 echo "};" ) > $1
-endef
-
 # Only regenerate libsyscalls.gen.c if the Makefile or header changes.
 # NOTE! This will not detect if the file is not appropriate for the target.
 libsyscalls.gen.c : Makefile libsyscalls.h
 	@printf "Generating target-arch specific $@ . . . "
-	@$(call gen_syscalls,$@)
+	@./gen_syscalls.sh $@
 	@printf "done.\n"
 
 # Only clean up files affected by the CFLAGS change for testing.

diff --git a/gen_syscalls.sh b/gen_syscalls.sh
new file mode 100755
index 0000000..3121b42
--- /dev/null
+++ b/gen_syscalls.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Generates a header file with a system call table made up of "name",
+# syscall_nr entries by including the build target <asm/unistd.h> and
+# emitting the list of defines.  Use of the compiler is needed to
+# dereference the actual provider of syscall definitions.
+#   E.g., asm/unistd_32.h or asm/unistd_64.h, etc.
+
+set -e
+
+if [ $# -ne 1 ] && [ $# -ne 3 ]; then
+  echo "Usage: $(basename "$0") OUTFILE"
+  echo "Usage: $(basename "$0") CC CFLAGS OUTFILE"
+  exit 1
+fi
+
+if [ $# -eq 3 ]; then
+  CC="$1"
+  shift
+  CFLAGS="$1"
+  shift
+fi
+OUTFILE="$1"
+
+# sed expression which extracts system calls that are
+# defined via asm/unistd.h.  It converts them from:
+#  #define __NR_read foo
+# to:
+# #ifdef __NR_read
+#  { "read", __NR_read },
+# #endif
+SED_MULTILINE='s/#define __(ARM_)?(NR_)([a-z0-9_]*) (.*)$/#ifdef __\1\2\3\
+{ "\1\3", __\1\2\3 },\n#endif/g p;'
+
+cat <<-EOF > "${OUTFILE}"
+/* GENERATED BY MAKEFILE */
+#include <stddef.h>
+#include <asm/unistd.h>
+#include "libsyscalls.h"
+const struct syscall_entry syscall_table[] = {
+$(echo '#include <asm/unistd.h>' | \
+  ${CC} ${CFLAGS} -dD - -E | sed -rne "${SED_MULTILINE}")
+  { NULL, -1 },
+};
+EOF

diff --git a/libminijail.c b/libminijail.c
index a0bfb7f..813dce7 100644
--- a/libminijail.c
+++ b/libminijail.c

@@ -14,7 +14,6 @@
 #include <inttypes.h>
 #include <limits.h>
 #include <linux/capability.h>
-#include <linux/securebits.h>
 #include <pwd.h>
 #include <sched.h>
 #include <signal.h>
@@ -39,6 +38,13 @@
 #include "syscall_filter.h"
 #include "util.h"
 
+#ifdef HAVE_SECUREBITS_H
+#include <linux/securebits.h>
+#else
+#define SECURE_ALL_BITS         0x15
+#define SECURE_ALL_LOCKS        (SECURE_ALL_BITS << 1)
+#endif
+
 /* Until these are reliably available in linux/prctl.h */
 #ifndef PR_SET_SECCOMP
 # define PR_SET_SECCOMP 22