Android.bp

// Copyright (C) 2015 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Common variables.
// =========================================================
libminijailSrcFiles = [
    "bpf.c",
    "libminijail.c",
    "signal_handler.c",
    "syscall_filter.c",
    "syscall_wrapper.c",
    "system.c",
    "util.c",
]

unittestSrcFiles = [
    "testrunner.cc",
]

minijailCommonLibraries = ["libcap"]

cc_defaults {
    name: "libminijail_flags",
    cflags: [
        "-D_FILE_OFFSET_BITS=64",
        "-DALLOW_DEBUG_LOGGING",
        "-DDEFAULT_PIVOT_ROOT=\"/var/empty\"",
        "-Wall",
        "-Werror",
    ],
    target: {
        darwin: {
            enabled: false,
        },
    },
}

// Static library for generated code.
// =========================================================
cc_object {
    name: "libminijail_gen_syscall_obj",
    vendor_available: true,
    recovery_available: true,
    srcs: ["gen_syscalls.c"],
    cflags: [
        "-dD",
        "-E",
        "-Wall",
        "-Werror",
    ],
}

cc_genrule {
    name: "libminijail_gen_syscall",
    vendor_available: true,
    recovery_available: true,
    tool_files: ["gen_syscalls.sh"],
    cmd: "$(location gen_syscalls.sh) $(in) $(out)",
    srcs: [":libminijail_gen_syscall_obj"],
    out: ["libsyscalls.c"],
}

cc_object {
    name: "libminijail_gen_constants_obj",
    vendor_available: true,
    recovery_available: true,
    srcs: ["gen_constants.c"],
    cflags: [
        "-dD",
        "-E",
        "-Wall",
        "-Werror",
    ],
}

cc_genrule {
    name: "libminijail_gen_constants",
    vendor_available: true,
    recovery_available: true,
    tool_files: ["gen_constants.sh"],
    cmd: "$(location gen_constants.sh) $(in) $(out)",
    srcs: [":libminijail_gen_constants_obj"],
    out: ["libconstants.c"],
}

cc_library_static {
    name: "libminijail_generated",
    vendor_available: true,
    recovery_available: true,
    defaults: ["libminijail_flags"],
    host_supported: true,

    target: {
        android: {
            generated_sources: [
                "libminijail_gen_syscall",
                "libminijail_gen_constants",
            ],
        },
        host: {
            srcs: [
                "linux-x86/libconstants.gen.c",
                "linux-x86/libsyscalls.gen.c",
            ],
        },
    },
}

// libminijail shared and static library for target.
// =========================================================
cc_library {
    name: "libminijail",
    host_supported: true,

    vendor_available: true,
    recovery_available: true,
    vndk: {
        enabled: true,
    },

    defaults: ["libminijail_flags"],

    srcs: libminijailSrcFiles,

    static: {
        whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries,
    },
    shared: {
        static_libs: ["libminijail_generated"],
        shared_libs: minijailCommonLibraries,
    },
    export_include_dirs: ["."],

    target: {
        host: {
            cflags: [
                "-DPRELOADPATH=\"/invalidminijailpreload.so\"",
            ],
        },
    },
}

// Example ASan-ified libminijail shared library for target.
// Commented out since it's only needed for local debugging.
// =========================================================
//cc_library_shared {
//    name: "libminijail_asan",
//    defaults: ["libminijail_flags"],
//
//    sanitize: {
//        address: true,
//    },
//    relative_install_path: "asan",
//    srcs: libminijailSrcFiles,
//
//    static_libs: ["libminijail_generated"],
//    shared_libs: minijailCommonLibraries,
//    export_include_dirs: ["."],
//}

// libminijail native unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest
// =========================================================
cc_test {
    name: "libminijail_unittest_gtest",
    defaults: ["libminijail_flags"],
    // TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available.
    //host_supported: true

    srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            cflags: ["-Wno-writable-strings"],
            test_suites: ["device-tests"],
        },
        host: {
            cflags: ["-DPRELOADPATH=\"/invalid\""],
        },
    },
}

// Syscall filtering native unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
// =========================================================
cc_test {
    name: "syscall_filter_unittest_gtest",
    defaults: ["libminijail_flags"],
    host_supported: true,

    srcs: [
        "bpf.c",
        "syscall_filter.c",
        "util.c",
        "syscall_filter_unittest.cc",
    ] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            test_suites: ["device-tests"],
        },
    },
}

// System functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest
// =========================================================
cc_test {
    name: "mj_system_unittest_gtest",
    defaults: ["libminijail_flags"],
    host_supported: true,

    srcs: [
        "system.c",
        "util.c",
        "system_unittest.cc",
    ] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            test_suites: ["device-tests"],
        },
    },
}

// Utility functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest
// =========================================================
cc_test {
    name: "mj_util_unittest_gtest",
    defaults: ["libminijail_flags"],
    host_supported: true,

    srcs: [
        "util.c",
        "util_unittest.cc",
    ] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            test_suites: ["device-tests"],
        },
    },
}

// Utility functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
// =========================================================
cc_test {
    name: "minijail0_cli_unittest_gtest",
    defaults: ["libminijail_flags"],
    host_supported: true,

    cflags: [
        "-DPRELOADPATH=\"/invalid\"",
    ],
    srcs: libminijailSrcFiles + [
        "elfparse.c",
        "minijail0_cli.c",
        "minijail0_cli_unittest.cc",
    ] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            test_suites: ["device-tests"],
        },
    },
}

// libminijail_test executable for brillo_Minijail test.
// =========================================================
cc_test {
    name: "libminijail_test",
    defaults: ["libminijail_flags"],
    test_suites: ["device-tests"],

    gtest: false,

    srcs: ["test/libminijail_test.cpp"],

    shared_libs: [
        "libbase",
        "libminijail",
    ],
}

// libminijail usage example.
// =========================================================
cc_binary {
    name: "drop_privs",
    defaults: ["libminijail_flags"],

    // Don't build with ASan, but leave commented out for easy local debugging.
    // sanitize: { address: true, },
    srcs: ["examples/drop_privs.cpp"],

    shared_libs: [
        "libbase",
        "libminijail",
    ],
}

// minijail0 executable.
// This is not currently used on Brillo/Android,
// but it's convenient to be able to build it.
// =========================================================
cc_binary {
    name: "minijail0",
    defaults: ["libminijail_flags"],
    host_supported: true,

    cflags: [
        "-DPRELOADPATH=\"/invalidminijailpreload.so\"",
    ],
    srcs: [
        "elfparse.c",
        "minijail0.c",
        "minijail0_cli.c",
    ],

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries + ["libminijail"],
}