xref: /aosp_15_r20/external/crosvm/jail/src/config.rs (revision bb4ee6a4ae7042d18b07a98463b9c8b875e44b39)

// Copyright 2023 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

use std::path::PathBuf;

use serde::Deserialize;
use serde::Serialize;
use serde_keyvalue::FromKeyValues;

fn jail_config_default_pivot_root() -> PathBuf {
    PathBuf::from(option_env!("DEFAULT_PIVOT_ROOT").unwrap_or("/var/empty"))
}

#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, FromKeyValues)]
#[serde(deny_unknown_fields, rename_all = "kebab-case")]
pub struct JailConfig {
    #[serde(default = "jail_config_default_pivot_root")]
    pub pivot_root: PathBuf,
    #[cfg(any(target_os = "android", target_os = "linux"))]
    #[serde(default)]
    pub seccomp_policy_dir: Option<PathBuf>,
    #[serde(default)]
    pub seccomp_log_failures: bool,
}

impl Default for JailConfig {
    fn default() -> Self {
        JailConfig {
            pivot_root: jail_config_default_pivot_root(),
            #[cfg(any(target_os = "android", target_os = "linux"))]
            seccomp_policy_dir: None,
            seccomp_log_failures: false,
        }
    }
}

#[cfg(test)]
mod tests {
    use serde_keyvalue::from_key_values;

    use super::*;

    #[test]
    fn parse_jailconfig() {
        let config: JailConfig = Default::default();
        assert_eq!(
            config,
            JailConfig {
                pivot_root: jail_config_default_pivot_root(),
                #[cfg(any(target_os = "android", target_os = "linux"))]
                seccomp_policy_dir: None,
                seccomp_log_failures: false,
            }
        );

        let config: JailConfig = from_key_values("").unwrap();
        assert_eq!(config, Default::default());

        let config: JailConfig = from_key_values("pivot-root=/path/to/pivot/root").unwrap();
        assert_eq!(
            config,
            JailConfig {
                pivot_root: "/path/to/pivot/root".into(),
                ..Default::default()
            }
        );

        cfg_if::cfg_if! {
            if #[cfg(any(target_os = "android", target_os = "linux"))] {
                let config: JailConfig =
                    from_key_values("seccomp-policy-dir=/path/to/seccomp/dir").unwrap();
                assert_eq!(config, JailConfig {
                    seccomp_policy_dir: Some("/path/to/seccomp/dir".into()),
                    ..Default::default()
                });
            }
        }

        let config: JailConfig = from_key_values("seccomp-log-failures").unwrap();
        assert_eq!(
            config,
            JailConfig {
                seccomp_log_failures: true,
                ..Default::default()
            }
        );

        let config: JailConfig = from_key_values("seccomp-log-failures=false").unwrap();
        assert_eq!(
            config,
            JailConfig {
                seccomp_log_failures: false,
                ..Default::default()
            }
        );

        let config: JailConfig =
            from_key_values("pivot-root=/path/to/pivot/root,seccomp-log-failures=true").unwrap();
        #[allow(clippy::needless_update)]
        let expected = JailConfig {
            pivot_root: "/path/to/pivot/root".into(),
            seccomp_log_failures: true,
            ..Default::default()
        };
        assert_eq!(config, expected);

        let config: std::result::Result<JailConfig, _> =
            from_key_values("seccomp-log-failures,invalid-arg=value");
        assert!(config.is_err());
    }
}