1// Copyright (C) 2023 The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15cc_binary {
16    name: "shell-as",
17    cflags: [
18      "-Wall",
19      "-Werror",
20      "-Wextra",
21    ],
22    srcs: [
23      "*.cpp",
24      ":shell-as-test-app-apk-cpp",
25    ],
26    header_libs: ["libcutils_headers"],
27    static_executable: true,
28    static_libs: [
29      "libbase",
30      "libcap",
31      "liblog",
32      "libseccomp_policy",
33      "libselinux",
34    ],
35    arch: {
36        arm: {
37            srcs: ["shell-code/*-arm.S"]
38        },
39        arm64: {
40            srcs: ["shell-code/*-arm64.S"]
41        },
42        x86: {
43            srcs: ["shell-code/*-x86.S"]
44        },
45        x86_64: {
46            srcs: ["shell-code/*-x86_64.S"]
47        }
48    }
49}
50
51// A simple app that requests all non-system permissions and contains no other
52// functionality. This can be used as a target for shell-as to emulate the
53// security context of the most privileged possible non-system app.
54android_app {
55  name: "shell-as-test-app",
56  manifest: ":shell-as-test-app-manifest",
57  srcs: ["app/**/*.java"],
58  sdk_version: "9",
59  certificate: ":shell-as-test-app-cert",
60}
61
62// https://source.android.com/docs/core/ota/sign_builds#release-keys
63// Generated by running:
64// $ANDROID_BUILD_TOP/development/tools/make_key \
65//     shell-as-test-app-key \
66//     '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com
67android_app_certificate {
68    name: "shell-as-test-app-cert",
69    certificate: "shell-as-test-app-key",
70}
71
72genrule {
73  name: "shell-as-test-app-manifest",
74  srcs: [
75    ":permission-list-normal",
76    "AndroidManifest.xml.template"
77  ],
78  cmd: "$(location gen-manifest.sh) " +
79       "$(location AndroidManifest.xml.template) " +
80       "$(location :permission-list-normal) " +
81       "$(out)",
82  out: ["AndroidManifest.xml"],
83  tool_files: ["gen-manifest.sh"],
84}
85
86// A source file that contains the contents of the above shell-as-test-app APK
87// embedded as an array.
88cc_genrule {
89  name: "shell-as-test-app-apk-cpp",
90  srcs: [":shell-as-test-app"],
91  cmd: "(" +
92       "  echo '#include <stddef.h>';" +
93       "  echo '#include <stdint.h>';" +
94       "  echo '';" +
95       "  echo 'namespace shell_as {';" +
96       "  echo 'const uint8_t kTestAppApk[] = {';" +
97       "  $(location toybox) xxd -i < $(in);" +
98       "  echo '};';" +
99       "  echo 'void GetTestApk(uint8_t **apk, size_t *length) {';" +
100       "  echo '  *apk = (uint8_t*) kTestAppApk;';" +
101       "  echo '  *length = sizeof(kTestAppApk);';" +
102       "  echo '}';" +
103       "  echo '}  // namespace shell_as';" +
104       ") > $(out)",
105  out: ["test-app-apk.cpp"],
106  tools: ["toybox"]
107}
108