1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5BASE_VER=0
6include common.mk
7
8LIBDIR ?= /lib
9PRELOADNAME = libminijailpreload.so
10PRELOADPATH = "$(LIBDIR)/$(PRELOADNAME)"
11CPPFLAGS += -DPRELOADPATH='$(PRELOADPATH)'
12
13# Defines the pivot root path used by the minimalistic-mountns profile.
14DEFAULT_PIVOT_ROOT ?= /var/empty
15CPPFLAGS += -DDEFAULT_PIVOT_ROOT='"$(DEFAULT_PIVOT_ROOT)"'
16
17ifeq ($(USE_seccomp),no)
18CPPFLAGS += -DUSE_SECCOMP_SOFTFAIL
19endif
20
21# Allow people to use -L and related flags.
22ALLOW_DEBUG_LOGGING ?= yes
23ifeq ($(ALLOW_DEBUG_LOGGING),yes)
24CPPFLAGS += -DALLOW_DEBUG_LOGGING
25endif
26
27ifeq ($(USE_ASAN),yes)
28CPPFLAGS += -fsanitize=address -fno-omit-frame-pointer
29LDFLAGS += -fsanitize=address -fno-omit-frame-pointer
30USE_EXIT_ON_DIE = yes
31endif
32
33# Setting this flag can be useful for both AddressSanitizer builds and running
34# fuzzing tools, which do not expect crashes on gracefully-handled malformed
35# inputs.
36ifeq ($(USE_EXIT_ON_DIE),yes)
37CPPFLAGS += -DUSE_EXIT_ON_DIE
38endif
39
40# Setting this flag allows duplicate syscalls definitions for seccomp filters.
41ifeq ($(ALLOW_DUPLICATE_SYSCALLS),yes)
42CPPFLAGS += -DALLOW_DUPLICATE_SYSCALLS
43endif
44
45MJ_COMMON_FLAGS = -Wunused-parameter -Wextra -Wno-missing-field-initializers
46CFLAGS += $(MJ_COMMON_FLAGS)
47CXXFLAGS += $(MJ_COMMON_FLAGS)
48
49USE_SYSTEM_GTEST ?= no
50ifeq ($(USE_SYSTEM_GTEST),no)
51GTEST_CXXFLAGS := -std=gnu++14
52GTEST_LIBS := gtest.a
53else
54GTEST_CXXFLAGS := $(shell gtest-config --cxxflags 2>/dev/null || \
55  echo "-pthread")
56GTEST_LIBS := $(shell gtest-config --libs 2>/dev/null || \
57  echo "-lgtest -pthread -lpthread")
58endif
59
60CORE_OBJECT_FILES := libminijail.o syscall_filter.o signal_handler.o \
61		bpf.o util.o system.o syscall_wrapper.o \
62		libconstants.gen.o libsyscalls.gen.o
63
64all: CC_BINARY(minijail0) CC_LIBRARY(libminijail.so) \
65	CC_LIBRARY(libminijailpreload.so)
66
67parse_seccomp_policy: CXX_BINARY(parse_seccomp_policy)
68dump_constants: CXX_STATIC_BINARY(dump_constants)
69
70tests: TEST(CXX_BINARY(libminijail_unittest)) \
71	TEST(CXX_BINARY(minijail0_cli_unittest)) \
72	TEST(CXX_BINARY(syscall_filter_unittest)) \
73	TEST(CXX_BINARY(system_unittest)) \
74	TEST(CXX_BINARY(util_unittest)) \
75
76
77CC_BINARY(minijail0): LDLIBS += -lcap -ldl
78CC_BINARY(minijail0): $(CORE_OBJECT_FILES) \
79	elfparse.o minijail0.o minijail0_cli.o
80clean: CLEAN(minijail0)
81
82
83CC_LIBRARY(libminijail.so): LDLIBS += -lcap
84CC_LIBRARY(libminijail.so): $(CORE_OBJECT_FILES)
85clean: CLEAN(libminijail.so)
86
87CC_STATIC_LIBRARY(libminijail.pic.a): $(CORE_OBJECT_FILES)
88CC_STATIC_LIBRARY(libminijail.pie.a): $(CORE_OBJECT_FILES)
89clean: CLEAN(libminijail.*.a)
90
91CXX_BINARY(libminijail_unittest): CXXFLAGS += -Wno-write-strings \
92						$(GTEST_CXXFLAGS)
93CXX_BINARY(libminijail_unittest): LDLIBS += -lcap $(GTEST_LIBS)
94ifeq ($(USE_SYSTEM_GTEST),no)
95CXX_BINARY(libminijail_unittest): $(GTEST_LIBS)
96endif
97CXX_BINARY(libminijail_unittest): libminijail_unittest.o $(CORE_OBJECT_FILES) \
98		testrunner.o
99clean: CLEAN(libminijail_unittest)
100
101TEST(CXX_BINARY(libminijail_unittest)): CC_LIBRARY(libminijailpreload.so)
102
103
104CC_LIBRARY(libminijailpreload.so): LDLIBS += -lcap -ldl
105CC_LIBRARY(libminijailpreload.so): libminijailpreload.o $(CORE_OBJECT_FILES)
106clean: CLEAN(libminijailpreload.so)
107
108
109CXX_BINARY(minijail0_cli_unittest): CXXFLAGS += $(GTEST_CXXFLAGS)
110CXX_BINARY(minijail0_cli_unittest): LDLIBS += -lcap $(GTEST_LIBS)
111ifeq ($(USE_SYSTEM_GTEST),no)
112CXX_BINARY(minijail0_cli_unittest): $(GTEST_LIBS)
113endif
114CXX_BINARY(minijail0_cli_unittest): minijail0_cli_unittest.o \
115		$(CORE_OBJECT_FILES) minijail0_cli.o elfparse.o testrunner.o
116clean: CLEAN(minijail0_cli_unittest)
117
118
119CXX_BINARY(syscall_filter_unittest): CXXFLAGS += -Wno-write-strings \
120						$(GTEST_CXXFLAGS)
121CXX_BINARY(syscall_filter_unittest): LDLIBS += -lcap $(GTEST_LIBS)
122ifeq ($(USE_SYSTEM_GTEST),no)
123CXX_BINARY(syscall_filter_unittest): $(GTEST_LIBS)
124endif
125CXX_BINARY(syscall_filter_unittest): syscall_filter_unittest.o \
126		$(CORE_OBJECT_FILES) testrunner.o
127clean: CLEAN(syscall_filter_unittest)
128
129
130CXX_BINARY(system_unittest): CXXFLAGS += $(GTEST_CXXFLAGS)
131CXX_BINARY(system_unittest): LDLIBS += -lcap $(GTEST_LIBS)
132ifeq ($(USE_SYSTEM_GTEST),no)
133CXX_BINARY(system_unittest): $(GTEST_LIBS)
134endif
135CXX_BINARY(system_unittest): system_unittest.o \
136		$(CORE_OBJECT_FILES) testrunner.o
137clean: CLEAN(system_unittest)
138
139
140CXX_BINARY(util_unittest): CXXFLAGS += $(GTEST_CXXFLAGS)
141CXX_BINARY(util_unittest): LDLIBS += -lcap $(GTEST_LIBS)
142ifeq ($(USE_SYSTEM_GTEST),no)
143CXX_BINARY(util_unittest): $(GTEST_LIBS)
144endif
145CXX_BINARY(util_unittest): util_unittest.o \
146		$(CORE_OBJECT_FILES) testrunner.o
147clean: CLEAN(util_unittest)
148
149
150CXX_BINARY(parse_seccomp_policy): parse_seccomp_policy.o syscall_filter.o \
151		bpf.o util.o libconstants.gen.o libsyscalls.gen.o
152clean: CLEAN(parse_seccomp_policy)
153
154
155# Compiling dump_constants as a static executable makes it easy to run under
156# qemu-user, which in turn simplifies cross-compiling bpf policies.
157CXX_STATIC_BINARY(dump_constants): dump_constants.o \
158		libconstants.gen.o libsyscalls.gen.o
159clean: CLEAN(dump_constants)
160
161
162constants.json: CXX_STATIC_BINARY(dump_constants)
163	./dump_constants > $@
164clean: CLEANFILE(constants.json)
165
166
167libsyscalls.gen.o: CPPFLAGS += -I$(SRC)
168
169libsyscalls.gen.o.depends: libsyscalls.gen.c
170
171# Only regenerate libsyscalls.gen.c if the Makefile or header changes.
172# NOTE! This will not detect if the file is not appropriate for the target.
173libsyscalls.gen.c: $(SRC)/Makefile $(SRC)/libsyscalls.h
174	@printf "Generating target-arch specific $@...\n"
175	$(QUIET)CC="$(CC)" $(SRC)/gen_syscalls.sh "$@"
176	@printf "$@ done.\n"
177clean: CLEAN(libsyscalls.gen.c)
178
179$(eval $(call add_object_rules,libsyscalls.gen.o,CC,c,CFLAGS))
180
181libconstants.gen.o: CPPFLAGS += -I$(SRC)
182
183libconstants.gen.o.depends: libconstants.gen.c
184
185# Only regenerate libconstants.gen.c if the Makefile or header changes.
186# NOTE! This will not detect if the file is not appropriate for the target.
187libconstants.gen.c: $(SRC)/Makefile $(SRC)/libconstants.h
188	@printf "Generating target-arch specific $@...\n"
189	$(QUIET)CC="$(CC)" $(SRC)/gen_constants.sh "$@"
190	@printf "$@ done.\n"
191clean: CLEAN(libconstants.gen.c)
192
193$(eval $(call add_object_rules,libconstants.gen.o,CC,c,CFLAGS))
194
195
196################################################################################
197# Google Test
198
199ifeq ($(USE_SYSTEM_GTEST),no)
200# Points to the root of Google Test, relative to where this file is.
201# Remember to tweak this if you move this file.
202GTEST_DIR = googletest-release-1.10.0/googletest
203
204# Flags passed to the preprocessor.
205# Set Google Test's header directory as a system directory, such that
206# the compiler doesn't generate warnings in Google Test headers.
207CPPFLAGS += -isystem $(GTEST_DIR)/include
208
209# Flags passed to the C++ compiler.
210GTEST_CXXFLAGS += -pthread
211
212# All Google Test headers.  Usually you shouldn't change this
213# definition.
214GTEST_HEADERS = $(GTEST_DIR)/include/gtest/*.h \
215		$(GTEST_DIR)/include/gtest/internal/*.h
216
217# House-keeping build targets.
218clean: clean_gtest
219
220clean_gtest:
221	rm -f gtest.a gtest_main.a *.o
222
223# Builds gtest.a and gtest_main.a.
224
225# Usually you shouldn't tweak such internal variables, indicated by a
226# trailing _.
227GTEST_SRCS_ = $(GTEST_DIR)/src/*.cc $(GTEST_DIR)/src/*.h $(GTEST_HEADERS)
228
229# For simplicity and to avoid depending on Google Test's
230# implementation details, the dependencies specified below are
231# conservative and not optimized.  This is fine as Google Test
232# compiles fast and for ordinary users its source rarely changes.
233gtest-all.o : $(GTEST_SRCS_)
234	$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \
235		$(GTEST_DIR)/src/gtest-all.cc -o $@
236
237gtest_main.o : $(GTEST_SRCS_)
238	$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) $(GTEST_CXXFLAGS) -c \
239		$(GTEST_DIR)/src/gtest_main.cc -o $@
240
241gtest.a : gtest-all.o
242	$(AR) $(ARFLAGS) $@ $^
243
244gtest_main.a : gtest-all.o gtest_main.o
245	$(AR) $(ARFLAGS) $@ $^
246
247endif
248################################################################################
249