xref: /aosp_15_r20/external/crosvm/third_party/minijail/Android.bp (revision 4b9c6d91573e8b3a96609339b46361b5476dd0f9)

// Copyright (C) 2015 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Common variables.
// =========================================================
package {
    default_applicable_licenses: ["external_minijail_license"],
}

// Added automatically by a large-scale-change that took the approach of
// 'apply every license found to every target'. While this makes sure we respect
// every license restriction, it may not be entirely correct.
//
// e.g. GPL in an MIT project might only apply to the contrib/ directory.
//
// Please consider splitting the single license below into multiple licenses,
// taking care not to lose any license_kind information, and overriding the
// default license using the 'licenses: [...]' property on targets as needed.
//
// For unused files, consider creating a 'fileGroup' with "//visibility:private"
// to attach the license to, and including a comment whether the files may be
// used in the current project.
//
// large-scale-change included anything that looked like it might be a license
// text as a license_text. e.g. LICENSE, NOTICE, COPYING etc.
//
// Please consider removing redundant or irrelevant files from 'license_text:'.
// See: http://go/android-license-faq
license {
    name: "external_minijail_license",
    visibility: [":__subpackages__"],
    license_kinds: [
        "SPDX-license-identifier-Apache-2.0",
        "SPDX-license-identifier-BSD",
    ],
    license_text: [
        "LICENSE",
        "NOTICE",
    ],
}

libminijailSrcFiles = [
    "bpf.c",
    "landlock_util.c",
    "libminijail.c",
    "signal_handler.c",
    "syscall_filter.c",
    "syscall_wrapper.c",
    "system.c",
    "util.c",
]

unittestSrcFiles = [
    "testrunner.cc",
    "test_util.cc",
]

minijailCommonLibraries = ["libcap"]

cc_defaults {
    name: "libminijail_flags",
    cflags: [
        "-D_FILE_OFFSET_BITS=64",
        "-DALLOW_DEBUG_LOGGING",
        "-DALLOW_DUPLICATE_SYSCALLS",
        "-DDEFAULT_PIVOT_ROOT=\"/var/empty\"",
        "-DBINDMOUNT_ALLOWED_PREFIXES=\"\"",
        "-Wall",
        "-Werror",
    ],
    target: {
        darwin: {
            enabled: false,
        },
    },
}

// Static library for generated code.
// =========================================================
cc_object {
    name: "libminijail_gen_syscall_obj",
    vendor_available: true,
    product_available: true,
    recovery_available: true,
    srcs: ["gen_syscalls.c"],
    cflags: [
        "-dD",
        "-E",
        "-Wall",
        "-Werror",
    ],
    apex_available: [
        "//apex_available:platform",
        "com.android.adbd",
        "com.android.compos",
        "com.android.media.swcodec",
        "com.android.virt",
    ],
    min_sdk_version: "29",
}

cc_genrule {
    name: "libminijail_gen_syscall",
    vendor_available: true,
    product_available: true,
    recovery_available: true,
    tool_files: ["gen_syscalls.sh"],
    cmd: "$(location gen_syscalls.sh) $(in) $(out)",
    srcs: [":libminijail_gen_syscall_obj"],
    out: ["libsyscalls.c"],
    apex_available: [
        "//apex_available:platform",
        "com.android.adbd",
        "com.android.compos",
        "com.android.media.swcodec",
        "com.android.virt",
    ],
}

cc_object {
    name: "libminijail_gen_constants_obj",
    vendor_available: true,
    product_available: true,
    recovery_available: true,
    srcs: ["gen_constants.c"],
    cflags: [
        "-dD",
        "-E",
        "-Wall",
        "-Werror",
    ],
    apex_available: [
        "//apex_available:platform",
        "com.android.adbd",
        "com.android.compos",
        "com.android.media.swcodec",
        "com.android.virt",
    ],
    min_sdk_version: "29",
}

cc_genrule {
    name: "libminijail_gen_constants",
    vendor_available: true,
    product_available: true,
    recovery_available: true,
    tool_files: ["gen_constants.sh"],
    cmd: "$(location gen_constants.sh) $(in) $(out)",
    srcs: [":libminijail_gen_constants_obj"],
    out: ["libconstants.c"],
    apex_available: [
        "//apex_available:platform",
        "com.android.adbd",
        "com.android.compos",
        "com.android.media.swcodec",
        "com.android.virt",
    ],
}

cc_library_static {
    name: "libminijail_generated",
    vendor_available: true,
    product_available: true,
    recovery_available: true,
    defaults: ["libminijail_flags"],
    host_supported: true,

    target: {
        android: {
            generated_sources: [
                "libminijail_gen_syscall",
                "libminijail_gen_constants",
            ],
        },
        host: {
            srcs: [
                "linux-x86/libconstants.gen.c",
                "linux-x86/libsyscalls.gen.c",
            ],
        },
    },
    apex_available: [
        "//apex_available:platform",
        "com.android.adbd",
        "com.android.compos",
        "com.android.media.swcodec",
        "com.android.virt",
    ],
    min_sdk_version: "29",
}

cc_object {
    name: "libminijail_gen_constants_llvmir",
    vendor_available: true,
    product_available: true,
    recovery_available: true,
    host_supported: true,
    cflags: [
        "-S",
        "-O0",
        "-emit-llvm",
    ],

    target: {
        android: {
            generated_sources: ["libminijail_gen_constants"],
        },
        host: {
            srcs: ["linux-x86/libconstants.gen.c"],
        },
    },
}

cc_object {
    name: "libminijail_gen_syscall_llvmir",
    vendor_available: true,
    product_available: true,
    recovery_available: true,
    host_supported: true,
    cflags: [
        "-S",
        "-O0",
        "-emit-llvm",
    ],

    target: {
        android: {
            generated_sources: ["libminijail_gen_syscall"],
        },
        host: {
            srcs: ["linux-x86/libsyscalls.gen.c"],
        },
    },
}

// libminijail shared and static library for target.
// =========================================================
cc_library {
    name: "libminijail",
    host_supported: true,

    vendor_available: true,
    product_available: true,
    recovery_available: true,

    defaults: ["libminijail_flags"],

    srcs: libminijailSrcFiles,

    static: {
        whole_static_libs: ["libminijail_generated"] + minijailCommonLibraries,
    },
    shared: {
        static_libs: ["libminijail_generated"],
        shared_libs: minijailCommonLibraries,
    },
    export_include_dirs: ["."],

    target: {
        host: {
            cflags: [
                "-DPRELOADPATH=\"/invalidminijailpreload.so\"",
            ],
        },
    },
    apex_available: [
        "//apex_available:platform",
        "com.android.adbd",
        "com.android.compos",
        "com.android.media.swcodec",
        "com.android.virt",
    ],
    min_sdk_version: "29",
}

// Example ASan-ified libminijail shared library for target.
// Commented out since it's only needed for local debugging.
// =========================================================
//cc_library_shared {
//    name: "libminijail_asan",
//    defaults: ["libminijail_flags"],
//
//    sanitize: {
//        address: true,
//    },
//    relative_install_path: "asan",
//    srcs: libminijailSrcFiles,
//
//    static_libs: ["libminijail_generated"],
//    shared_libs: minijailCommonLibraries,
//    export_include_dirs: ["."],
//}

// libminijail native unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/libminijail_unittest_gtest/libminijail_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/libminijail_unittest_gtest/libminijail_unittest_gtest
// =========================================================
cc_test {
    name: "libminijail_unittest_gtest",
    defaults: ["libminijail_flags"],
    // TODO(b/31395668): Re-enable once the seccomp(2) syscall becomes available.
    //host_supported: true

    srcs: libminijailSrcFiles + ["libminijail_unittest.cc"] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            cflags: ["-Wno-writable-strings"],
            test_suites: ["device-tests"],
        },
        host: {
            cflags: ["-DPRELOADPATH=\"/invalid\""],
        },
    },
}

// Syscall filtering native unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/syscall_filter_unittest_gtest/syscall_filter_unittest_gtest
// =========================================================
cc_test {
    name: "syscall_filter_unittest_gtest",
    defaults: ["libminijail_flags"],
    host_supported: true,

    srcs: [
        "bpf.c",
        "syscall_filter.c",
        "syscall_wrapper.c",
        "util.c",
        "syscall_filter_unittest.cc",
    ] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            test_suites: ["device-tests"],
        },
    },
    test_options: {
        unit_test: true,
    },
    data: ["test/*"],
}

// System functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/mj_system_unittest_gtest/mj_system_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/mj_system_unittest_gtest/mj_system_unittest_gtest
// =========================================================
cc_test {
    name: "mj_system_unittest_gtest",
    defaults: ["libminijail_flags"],
    host_supported: true,

    srcs: [
        "syscall_wrapper.c",
        "system.c",
        "util.c",
        "system_unittest.cc",
    ] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            test_suites: ["device-tests"],
        },
    },
}

// Utility functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/mj_util_unittest_gtest/mj_util_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/mj_util_unittest_gtest/mj_util_unittest_gtest
// =========================================================
cc_test {
    name: "mj_util_unittest_gtest",
    defaults: ["libminijail_flags"],
    host_supported: true,

    srcs: [
        "util.c",
        "util_unittest.cc",
    ] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            test_suites: ["device-tests"],
        },
    },
}

// Utility functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/minijail0_cli_unittest_gtest/minijail0_cli_unittest_gtest
// =========================================================
cc_test {
    name: "minijail0_cli_unittest_gtest",
    defaults: ["libminijail_flags"],
    host_supported: true,

    cflags: [
        "-DPRELOADPATH=\"/invalid\"",
    ],
    srcs: libminijailSrcFiles + [
        "config_parser.c",
        "elfparse.c",
        "minijail0_cli.c",
        "minijail0_cli_unittest.cc",
    ] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            test_suites: ["device-tests"],
        },
    },
    data: ["test/*"],
    test_options: {
        tags: ["no-remote"],
    }
}


// Configuration file parser functionality unit tests using gtest.
//
// For a device, run with:
// adb shell /data/nativetest/config_parser_unittest_gtest/config_parser_unittest_gtest
//
// For host, run with:
// out/host/linux-x86/nativetest(64)/config_parser_unittest_gtest/config_parser_unittest_gtest
// =========================================================
cc_test {
    name: "config_parser_unittest_gtest",
    defaults: ["libminijail_flags"],
    host_supported: true,

    srcs: [
        "config_parser.c",
        "util.c",
        "config_parser_unittest.cc",
    ] + unittestSrcFiles,

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries,

    target: {
        android: {
            test_suites: ["device-tests"],
        },
    },
    test_options: {
        unit_test: true,
    },
    data: ["test/*"],
}

// libminijail_test executable for brillo_Minijail test.
// =========================================================
cc_test {
    name: "libminijail_test",
    defaults: ["libminijail_flags"],
    test_suites: ["device-tests"],

    gtest: false,

    srcs: ["test/libminijail_test.cpp"],

    shared_libs: [
        "libbase",
        "libminijail",
    ],
}

// libminijail usage example.
// =========================================================
cc_binary {
    name: "drop_privs",
    defaults: ["libminijail_flags"],

    // Don't build with ASan, but leave commented out for easy local debugging.
    // sanitize: { address: true, },
    srcs: ["examples/drop_privs.cpp"],

    shared_libs: [
        "libbase",
        "libminijail",
    ],
}

// minijail0 executable.
// This is not currently used on Brillo/Android,
// but it's convenient to be able to build it.
// =========================================================
cc_binary {
    name: "minijail0",
    defaults: ["libminijail_flags"],
    host_supported: true,

    cflags: [
        "-DPRELOADPATH=\"/invalidminijailpreload.so\"",
    ],
    srcs: [
        "config_parser.c",
        "elfparse.c",
        "minijail0.c",
        "minijail0_cli.c",
    ],

    static_libs: ["libminijail_generated"],
    shared_libs: minijailCommonLibraries + ["libminijail"],
}