1// 2// Copyright (C) 2023 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15 16// Usage is only approved for sandboxing host-side Cuttlefish tools to run them 17// in Google's internal production environment. 18package { 19 default_visibility: [":__subpackages__"] 20} 21 22cc_defaults { 23 name: "sandboxed_api_defaults", 24 device_supported: false, 25 host_supported: true, 26} 27 28cc_library { 29 name: "sandboxed_api_proto", 30 srcs: [ 31 "sandboxed_api/proto_arg.proto", 32 "sandboxed_api/sandbox2/comms_test.proto", 33 "sandboxed_api/sandbox2/forkserver.proto", 34 "sandboxed_api/sandbox2/logserver.proto", 35 "sandboxed_api/sandbox2/mount_tree.proto", 36 "sandboxed_api/sandbox2/violation.proto", 37 "sandboxed_api/sandbox2/unwind/unwind.proto", 38 "sandboxed_api/util/status.proto", 39 ], 40 proto: { 41 canonical_path_from_root: false, 42 export_proto_headers: true, 43 type: "full", 44 }, 45 defaults: ["sandboxed_api_defaults"], 46} 47 48cc_defaults { 49 name: "sandboxed_api_cc_defaults", 50 static_libs: [ 51 "libabsl_host", 52 "libcap", 53 "libprotobuf-cpp-full", 54 "sandboxed_api_proto", 55 ], 56 arch: { 57 x86: { 58 enabled: false, 59 }, 60 }, 61 target: { 62 linux_glibc: { 63 cflags: [ 64 "-include android/sandboxed_api_glibc_compat.h", 65 ], 66 }, 67 linux_musl: { 68 cflags: [ 69 "-include android/sandboxed_api_musl_compat.h", 70 ], 71 }, 72 }, 73 cflags: [ 74 "-Wno-unused-parameter", 75 "-Wno-missing-field-initializers", // for sandboxed_api/sandbox2/policy.cc 76 "-fbracket-depth=768", // for syscall_defs.cc 77 ], 78 defaults: ["sandboxed_api_defaults"], 79} 80 81cc_library { 82 name: "sandboxed_api_shared_with_filewrapper", 83 srcs: [ 84 "sandboxed_api/util/file_helpers.cc", 85 "sandboxed_api/util/fileops.cc", 86 "sandboxed_api/util/path.cc", 87 "sandboxed_api/util/raw_logging.cc", 88 "sandboxed_api/util/status.cc", 89 "sandboxed_api/util/strerror.cc", 90 ], 91 defaults: ["sandboxed_api_cc_defaults"], 92} 93 94cc_binary { 95 name: "sandboxed_api_filewrapper", 96 srcs: [ 97 "sandboxed_api/tools/filewrapper/filewrapper.cc", 98 ], 99 static_libs: [ 100 "sandboxed_api_shared_with_filewrapper", 101 ], 102 defaults: ["sandboxed_api_cc_defaults"], 103} 104 105cc_library { 106 name: "sandboxed_api_shared_with_forkserver", 107 srcs: [ 108 "android/unwind.cc", 109 "sandboxed_api/config.cc", 110 "sandboxed_api/sandbox2/bpfdisassembler.cc", 111 "sandboxed_api/sandbox2/buffer.cc", 112 "sandboxed_api/sandbox2/client.cc", 113 "sandboxed_api/sandbox2/comms.cc", 114 "sandboxed_api/sandbox2/fork_client.cc", 115 "sandboxed_api/sandbox2/forkserver.cc", 116 "sandboxed_api/sandbox2/ipc.cc", 117 "sandboxed_api/sandbox2/logserver.cc", 118 "sandboxed_api/sandbox2/logsink.cc", 119 "sandboxed_api/sandbox2/mounts.cc", 120 "sandboxed_api/sandbox2/namespace.cc", 121 "sandboxed_api/sandbox2/network_proxy/client.cc", 122 "sandboxed_api/sandbox2/regs.cc", 123 "sandboxed_api/sandbox2/result.cc", 124 "sandboxed_api/sandbox2/sanitizer.cc", 125 "sandboxed_api/sandbox2/syscall.cc", 126 "sandboxed_api/sandbox2/syscall_defs.cc", 127 "sandboxed_api/sandbox2/unwind/ptrace_hook.cc", 128 "sandboxed_api/sandbox2/unwind/unwind.cc", 129 "sandboxed_api/sandbox2/util.cc", 130 "sandboxed_api/sandbox2/util/bpf_helper.c", 131 "sandboxed_api/sandbox2/util/maps_parser.cc", 132 "sandboxed_api/sandbox2/util/minielf.cc", 133 "sandboxed_api/sandbox2/util/syscall_trap.cc", 134 "sandboxed_api/util/temp_file.cc", 135 ], 136 static_libs: [ 137 "sandboxed_api_shared_with_filewrapper", 138 ], 139 defaults: ["sandboxed_api_cc_defaults"], 140} 141 142cc_binary { 143 name: "sandboxed_api_forkserver", 144 srcs: [ 145 "sandboxed_api/sandbox2/forkserver_bin.cc", 146 ], 147 static_libs: [ 148 "sandboxed_api_shared_with_filewrapper", 149 "sandboxed_api_shared_with_forkserver", 150 ], 151 stl: "libc++_static", 152 defaults: ["sandboxed_api_cc_defaults"], 153} 154 155cc_genrule { 156 name: "sandboxed_api_embed_forkserver_cc", 157 arch: { // `enabled: false` doesn't appear to work here 158 arm: { 159 srcs: ["android/placeholder_exe"], 160 }, 161 arm64: { 162 srcs: [":sandboxed_api_forkserver"], 163 }, 164 x86: { 165 srcs: ["android/placeholder_exe"], 166 }, 167 }, 168 target: { 169 linux_x86_64: { 170 srcs: [":sandboxed_api_forkserver"], 171 }, 172 windows: { 173 srcs: ["android/placeholder_exe"], 174 }, 175 }, 176 cmd: "$(location sandboxed_api_filewrapper) " + 177 "'' " + 178 "forkserver_bin_embed " + 179 "'' " + 180 "$(genDir)/forkserver_bin_embed.h " + 181 "$(genDir)/forkserver_bin_embed.cc " + 182 "$(in)", 183 device_supported: false, 184 host_supported: true, 185 out: ["forkserver_bin_embed.cc"], 186 tools: ["sandboxed_api_filewrapper"], 187} 188 189cc_genrule { 190 name: "sandboxed_api_embed_forkserver_h", 191 arch: { // `enabled: false` doesn't appear to work here 192 arm: { 193 srcs: ["android/placeholder_exe"], 194 }, 195 arm64: { 196 srcs: [":sandboxed_api_forkserver"], 197 }, 198 x86: { 199 srcs: ["android/placeholder_exe"], 200 }, 201 }, 202 target: { 203 linux_x86_64: { 204 srcs: [":sandboxed_api_forkserver"], 205 }, 206 windows: { 207 srcs: ["android/placeholder_exe"], 208 }, 209 }, 210 cmd: "mkdir -p $(genDir)/sandboxed_api/sandbox2/ && " + 211 "$(location sandboxed_api_filewrapper) " + 212 "'' " + 213 "forkserver_bin_embed " + 214 "'' " + 215 "$(genDir)/forkserver_bin_embed.h " + 216 "$(genDir)/forkserver_bin_embed.cc " + 217 "$(in) && " + 218 "cp $(genDir)/forkserver_bin_embed.h $(genDir)/sandboxed_api/sandbox2/", 219 device_supported: false, 220 host_supported: true, 221 out: [ 222 "forkserver_bin_embed.h", 223 "sandboxed_api/sandbox2/forkserver_bin_embed.h", 224 ], 225 tools: ["sandboxed_api_filewrapper"], 226} 227 228cc_library { 229 name: "sandboxed_api_sandbox2", 230 export_include_dirs: ["."], 231 generated_headers: ["sandboxed_api_embed_forkserver_h"], 232 generated_sources: ["sandboxed_api_embed_forkserver_cc"], 233 srcs: [ 234 "sandboxed_api/embed_file.cc", 235 "sandboxed_api/sandbox2/executor.cc", 236 "sandboxed_api/sandbox2/forkingclient.cc", 237 "sandboxed_api/sandbox2/global_forkclient.cc", 238 "sandboxed_api/sandbox2/monitor_base.cc", 239 "sandboxed_api/sandbox2/monitor_ptrace.cc", 240 "sandboxed_api/sandbox2/monitor_unotify.cc", 241 "sandboxed_api/sandbox2/policy.cc", 242 "sandboxed_api/sandbox2/policybuilder.cc", 243 "sandboxed_api/sandbox2/sandbox2.cc", 244 "sandboxed_api/sandbox2/stack_trace.cc", 245 "sandboxed_api/sandbox2/network_proxy/filtering.cc", 246 "sandboxed_api/sandbox2/network_proxy/server.cc", 247 ], 248 visibility: ["//device/google/cuttlefish:__subpackages__"], 249 whole_static_libs: [ 250 "sandboxed_api_proto", 251 "sandboxed_api_shared_with_filewrapper", 252 "sandboxed_api_shared_with_forkserver", 253 ], 254 defaults: ["sandboxed_api_cc_defaults"], 255} 256 257