1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5BASE_VER=0
6include common.mk
7
8LIBDIR ?= /lib
9PRELOADNAME = libminijailpreload.so
10PRELOADPATH = "$(LIBDIR)/$(PRELOADNAME)"
11CPPFLAGS += -DPRELOADPATH='$(PRELOADPATH)'
12
13# Defines the pivot root path used by the minimalistic-mountns profile.
14DEFAULT_PIVOT_ROOT ?= /var/empty
15CPPFLAGS += -DDEFAULT_PIVOT_ROOT='"$(DEFAULT_PIVOT_ROOT)"'
16
17ifeq ($(USE_seccomp),no)
18CPPFLAGS += -DUSE_SECCOMP_SOFTFAIL
19endif
20
21# Allow people to use -L and related flags.
22ALLOW_DEBUG_LOGGING ?= yes
23ifeq ($(ALLOW_DEBUG_LOGGING),yes)
24CPPFLAGS += -DALLOW_DEBUG_LOGGING
25endif
26
27ifeq ($(USE_ASAN),yes)
28CPPFLAGS += -fsanitize=address
29LDFLAGS += -fsanitize=address
30USE_EXIT_ON_DIE = yes
31endif
32
33# Setting this flag can be useful for both AddressSanitizer builds and running
34# fuzzing tools, which do not expect crashes on gracefully-handled malformed
35# inputs.
36ifeq ($(USE_EXIT_ON_DIE),yes)
37CPPFLAGS += -DUSE_EXIT_ON_DIE
38endif
39
40MJ_COMMON_FLAGS = -Wunused-parameter -Wextra -Wno-missing-field-initializers
41CFLAGS += $(MJ_COMMON_FLAGS)
42CXXFLAGS += $(MJ_COMMON_FLAGS)
43
44USE_SYSTEM_GTEST ?= no
45ifeq ($(USE_SYSTEM_GTEST),no)
46GTEST_CXXFLAGS := -std=gnu++14
47GTEST_LIBS := gtest.a
48else
49GTEST_CXXFLAGS := $(shell gtest-config --cxxflags)
50GTEST_LIBS := $(shell gtest-config --libs)
51endif
52
53CORE_OBJECT_FILES := libminijail.o syscall_filter.o signal_handler.o \
54		bpf.o util.o system.o syscall_wrapper.o \
55		libconstants.gen.o libsyscalls.gen.o
56
57all: CC_BINARY(minijail0) CC_LIBRARY(libminijail.so) \
58	CC_LIBRARY(libminijailpreload.so)
59
60parse_seccomp_policy: CXX_BINARY(parse_seccomp_policy)
61dump_constants: CXX_BINARY(dump_constants)
62
63tests: TEST(CXX_BINARY(libminijail_unittest)) \
64	TEST(CXX_BINARY(minijail0_cli_unittest)) \
65	TEST(CXX_BINARY(syscall_filter_unittest)) \
66	TEST(CXX_BINARY(system_unittest)) \
67	TEST(CXX_BINARY(util_unittest)) \
68
69
70CC_BINARY(minijail0): LDLIBS += -lcap -ldl
71CC_BINARY(minijail0): $(CORE_OBJECT_FILES) \
72	elfparse.o minijail0.o minijail0_cli.o
73clean: CLEAN(minijail0)
74
75
76CC_LIBRARY(libminijail.so): LDLIBS += -lcap
77CC_LIBRARY(libminijail.so): $(CORE_OBJECT_FILES)
78clean: CLEAN(libminijail.so)
79
80
81CXX_BINARY(libminijail_unittest): CXXFLAGS += -Wno-write-strings \
82						$(GTEST_CXXFLAGS)
83CXX_BINARY(libminijail_unittest): LDLIBS += -lcap $(GTEST_LIBS)
84ifeq ($(USE_SYSTEM_GTEST),no)
85CXX_BINARY(libminijail_unittest): $(GTEST_LIBS)
86endif
87CXX_BINARY(libminijail_unittest): libminijail_unittest.o $(CORE_OBJECT_FILES) \
88		testrunner.o
89clean: CLEAN(libminijail_unittest)
90
91TEST(CXX_BINARY(libminijail_unittest)): CC_LIBRARY(libminijailpreload.so)
92
93
94CC_LIBRARY(libminijailpreload.so): LDLIBS += -lcap -ldl
95CC_LIBRARY(libminijailpreload.so): libminijailpreload.o $(CORE_OBJECT_FILES)
96clean: CLEAN(libminijailpreload.so)
97
98
99CXX_BINARY(minijail0_cli_unittest): CXXFLAGS += $(GTEST_CXXFLAGS)
100CXX_BINARY(minijail0_cli_unittest): LDLIBS += -lcap $(GTEST_LIBS)
101ifeq ($(USE_SYSTEM_GTEST),no)
102CXX_BINARY(minijail0_cli_unittest): $(GTEST_LIBS)
103endif
104CXX_BINARY(minijail0_cli_unittest): minijail0_cli_unittest.o \
105		$(CORE_OBJECT_FILES) minijail0_cli.o elfparse.o testrunner.o
106clean: CLEAN(minijail0_cli_unittest)
107
108
109CXX_BINARY(syscall_filter_unittest): CXXFLAGS += -Wno-write-strings \
110						$(GTEST_CXXFLAGS)
111CXX_BINARY(syscall_filter_unittest): LDLIBS += -lcap $(GTEST_LIBS)
112ifeq ($(USE_SYSTEM_GTEST),no)
113CXX_BINARY(syscall_filter_unittest): $(GTEST_LIBS)
114endif
115CXX_BINARY(syscall_filter_unittest): syscall_filter_unittest.o \
116		$(CORE_OBJECT_FILES) testrunner.o
117clean: CLEAN(syscall_filter_unittest)
118
119
120CXX_BINARY(system_unittest): CXXFLAGS += $(GTEST_CXXFLAGS)
121CXX_BINARY(system_unittest): LDLIBS += -lcap $(GTEST_LIBS)
122ifeq ($(USE_SYSTEM_GTEST),no)
123CXX_BINARY(system_unittest): $(GTEST_LIBS)
124endif
125CXX_BINARY(system_unittest): system_unittest.o \
126		$(CORE_OBJECT_FILES) testrunner.o
127clean: CLEAN(system_unittest)
128
129
130CXX_BINARY(util_unittest): CXXFLAGS += $(GTEST_CXXFLAGS)
131CXX_BINARY(util_unittest): LDLIBS += -lcap $(GTEST_LIBS)
132ifeq ($(USE_SYSTEM_GTEST),no)
133CXX_BINARY(util_unittest): $(GTEST_LIBS)
134endif
135CXX_BINARY(util_unittest): util_unittest.o \
136		$(CORE_OBJECT_FILES) testrunner.o
137clean: CLEAN(util_unittest)
138
139
140CXX_BINARY(parse_seccomp_policy): parse_seccomp_policy.o syscall_filter.o \
141		bpf.o util.o libconstants.gen.o libsyscalls.gen.o
142clean: CLEAN(parse_seccomp_policy)
143
144
145CXX_BINARY(dump_constants): dump_constants.o \
146		libconstants.gen.o libsyscalls.gen.o
147clean: CLEAN(dump_constants)
148
149
150constants.json: CXX_BINARY(dump_constants)
151	./dump_constants > $@
152clean: CLEANFILE(constants.json)
153
154
155libsyscalls.gen.o: CPPFLAGS += -I$(SRC)
156
157libsyscalls.gen.o.depends: libsyscalls.gen.c
158
159# Only regenerate libsyscalls.gen.c if the Makefile or header changes.
160# NOTE! This will not detect if the file is not appropriate for the target.
161libsyscalls.gen.c: $(SRC)/Makefile $(SRC)/libsyscalls.h
162	@printf "Generating target-arch specific $@...\n"
163	$(QUIET)CC="$(CC)" $(SRC)/gen_syscalls.sh "$@"
164	@printf "$@ done.\n"
165clean: CLEAN(libsyscalls.gen.c)
166
167$(eval $(call add_object_rules,libsyscalls.gen.o,CC,c,CFLAGS))
168
169libconstants.gen.o: CPPFLAGS += -I$(SRC)
170
171libconstants.gen.o.depends: libconstants.gen.c
172
173# Only regenerate libconstants.gen.c if the Makefile or header changes.
174# NOTE! This will not detect if the file is not appropriate for the target.
175libconstants.gen.c: $(SRC)/Makefile $(SRC)/libconstants.h
176	@printf "Generating target-arch specific $@...\n"
177	$(QUIET)CC="$(CC)" $(SRC)/gen_constants.sh "$@"
178	@printf "$@ done.\n"
179clean: CLEAN(libconstants.gen.c)
180
181$(eval $(call add_object_rules,libconstants.gen.o,CC,c,CFLAGS))
182
183
184################################################################################
185# Google Test
186
187ifeq ($(USE_SYSTEM_GTEST),no)
188# Points to the root of Google Test, relative to where this file is.
189# Remember to tweak this if you move this file.
190GTEST_DIR = googletest-release-1.8.0/googletest
191
192# Flags passed to the preprocessor.
193# Set Google Test's header directory as a system directory, such that
194# the compiler doesn't generate warnings in Google Test headers.
195CPPFLAGS += -isystem $(GTEST_DIR)/include
196
197# Flags passed to the C++ compiler.
198GTEST_CXXFLAGS += -pthread
199
200# All Google Test headers.  Usually you shouldn't change this
201# definition.
202GTEST_HEADERS = $(GTEST_DIR)/include/gtest/*.h \
203		$(GTEST_DIR)/include/gtest/internal/*.h
204
205# House-keeping build targets.
206clean: clean_gtest
207
208clean_gtest:
209	rm -f gtest.a gtest_main.a *.o
210
211# Builds gtest.a and gtest_main.a.
212
213# Usually you shouldn't tweak such internal variables, indicated by a
214# trailing _.
215GTEST_SRCS_ = $(GTEST_DIR)/src/*.cc $(GTEST_DIR)/src/*.h $(GTEST_HEADERS)
216
217# For simplicity and to avoid depending on Google Test's
218# implementation details, the dependencies specified below are
219# conservative and not optimized.  This is fine as Google Test
220# compiles fast and for ordinary users its source rarely changes.
221gtest-all.o : $(GTEST_SRCS_)
222	$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \
223		$(GTEST_DIR)/src/gtest-all.cc -o $@
224
225gtest_main.o : $(GTEST_SRCS_)
226	$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \
227		$(GTEST_DIR)/src/gtest_main.cc -o $@
228
229gtest.a : gtest-all.o
230	$(AR) $(ARFLAGS) $@ $^
231
232gtest_main.a : gtest-all.o gtest_main.o
233	$(AR) $(ARFLAGS) $@ $^
234
235endif
236################################################################################
237