1# Copyright (C) 2015 The Android Open Source Project 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15LOCAL_PATH := $(call my-dir) 16 17 18# Common variables. 19# ========================================================= 20libminijailSrcFiles := \ 21 bpf.c \ 22 libminijail.c \ 23 signal_handler.c \ 24 syscall_filter.c \ 25 util.c 26 27minijailCommonCFlags := -DHAVE_SECUREBITS_H -Wall -Werror 28minijailCommonLibraries := libcap 29 30# Android devices running kernel version < 3.8 are not required to 31# support seccomp. Brillo devices must support seccomp regardless of 32# kernel version. 33# TODO: remove when no longer supporting kernel versions < 3.8. 34ifndef BRILLO 35minijailCommonCFlags += -DUSE_SECCOMP_SOFTFAIL 36endif 37 38 39# Static library for generated code. 40# ========================================================= 41include $(CLEAR_VARS) 42LOCAL_MODULE := libminijail_generated 43 44LOCAL_MODULE_CLASS := STATIC_LIBRARIES 45generated_sources_dir := $(local-generated-sources-dir) 46 47my_gen := $(generated_sources_dir)/$(TARGET_ARCH)/libsyscalls.c 48# We need the quotes so the shell script treats the following as one argument. 49my_cc := "$(lastword $(CLANG)) \ 50 $(addprefix -isystem ,$(TARGET_C_INCLUDES)) \ 51 $(CLANG_TARGET_GLOBAL_CFLAGS)" 52$(my_gen): PRIVATE_CC := $(my_cc) 53$(my_gen): PRIVATE_CUSTOM_TOOL = $< $(PRIVATE_CC) $@ 54$(my_gen): $(LOCAL_PATH)/gen_syscalls.sh 55 $(transform-generated-source) 56LOCAL_GENERATED_SOURCES_$(TARGET_ARCH) += $(my_gen) 57 58my_gen := $(generated_sources_dir)/$(TARGET_ARCH)/libconstants.c 59$(my_gen): PRIVATE_CC := $(my_cc) 60$(my_gen): PRIVATE_CUSTOM_TOOL = $< $(PRIVATE_CC) $@ 61$(my_gen): $(LOCAL_PATH)/gen_constants.sh 62 $(transform-generated-source) 63LOCAL_GENERATED_SOURCES_$(TARGET_ARCH) += $(my_gen) 64 65# For processes running in 32-bit compat mode on 64-bit processors. 66ifdef TARGET_2ND_ARCH 67my_gen := $(generated_sources_dir)/$(TARGET_2ND_ARCH)/libsyscalls.c 68my_cc := "$(lastword $(CLANG)) \ 69 $(addprefix -isystem ,$($(TARGET_2ND_ARCH_VAR_PREFIX)TARGET_C_INCLUDES)) \ 70 $($(TARGET_2ND_ARCH_VAR_PREFIX)CLANG_TARGET_GLOBAL_CFLAGS)" 71$(my_gen): PRIVATE_CC := $(my_cc) 72$(my_gen): PRIVATE_CUSTOM_TOOL = $< $(PRIVATE_CC) $@ 73$(my_gen): $(LOCAL_PATH)/gen_syscalls.sh 74 $(transform-generated-source) 75LOCAL_GENERATED_SOURCES_$(TARGET_2ND_ARCH) += $(my_gen) 76 77my_gen := $(generated_sources_dir)/$(TARGET_2ND_ARCH)/libconstants.c 78$(my_gen): PRIVATE_CC := $(my_cc) 79$(my_gen): PRIVATE_CUSTOM_TOOL = $< $(PRIVATE_CC) $@ 80$(my_gen): $(LOCAL_PATH)/gen_constants.sh 81 $(transform-generated-source) 82LOCAL_GENERATED_SOURCES_$(TARGET_2ND_ARCH) += $(my_gen) 83endif 84 85LOCAL_CFLAGS := $(minijailCommonCFlags) 86LOCAL_CLANG := true 87include $(BUILD_STATIC_LIBRARY) 88 89 90# libminijail shared library for target. 91# ========================================================= 92include $(CLEAR_VARS) 93LOCAL_MODULE := libminijail 94 95LOCAL_CFLAGS := $(minijailCommonCFlags) 96LOCAL_CLANG := true 97LOCAL_SRC_FILES := $(libminijailSrcFiles) 98 99LOCAL_STATIC_LIBRARIES := libminijail_generated 100LOCAL_SHARED_LIBRARIES := $(minijailCommonLibraries) 101LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) 102include $(BUILD_SHARED_LIBRARY) 103 104 105# Example ASan-ified libminijail shared library for target. 106# Commented out since it's only needed for local debugging. 107# ========================================================= 108# include $(CLEAR_VARS) 109# LOCAL_MODULE := libminijail_asan 110# LOCAL_MODULE_TAGS := optional 111# 112# LOCAL_CFLAGS := $(minijailCommonCFlags) 113# LOCAL_CLANG := true 114# LOCAL_SANITIZE := address 115# LOCAL_MODULE_RELATIVE_PATH := asan 116# LOCAL_SRC_FILES := $(libminijailSrcFiles) 117# 118# LOCAL_STATIC_LIBRARIES := libminijail_generated 119# LOCAL_SHARED_LIBRARIES := $(minijailCommonLibraries) 120# LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) 121# include $(BUILD_SHARED_LIBRARY) 122 123 124# libminijail static library for target. 125# ========================================================= 126include $(CLEAR_VARS) 127LOCAL_MODULE := libminijail 128 129LOCAL_CFLAGS := $(minijailCommonCFlags) 130LOCAL_CLANG := true 131LOCAL_SRC_FILES := $(libminijailSrcFiles) 132 133LOCAL_WHOLE_STATIC_LIBRARIES := libminijail_generated $(minijailCommonLibraries) 134LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH) 135include $(BUILD_STATIC_LIBRARY) 136 137 138# libminijail native unit tests. Run with: 139# adb shell /data/nativetest/libminijail_unittest/libminijail_unittest 140# ========================================================= 141include $(CLEAR_VARS) 142LOCAL_MODULE := libminijail_unittest 143ifdef BRILLO 144 LOCAL_MODULE_TAGS := eng 145endif 146 147LOCAL_CFLAGS := $(minijailCommonCFlags) 148LOCAL_CLANG := true 149LOCAL_SRC_FILES := \ 150 bpf.c \ 151 libminijail.c \ 152 libminijail_unittest.c \ 153 signal_handler.c \ 154 syscall_filter.c \ 155 util.c \ 156 157LOCAL_STATIC_LIBRARIES := libminijail_generated 158LOCAL_SHARED_LIBRARIES := $(minijailCommonLibraries) 159include $(BUILD_NATIVE_TEST) 160 161 162# Syscall filtering native unit tests. Run with: 163# adb shell /data/nativetest/syscall_filter_unittest/syscall_filter_unittest 164# ========================================================= 165include $(CLEAR_VARS) 166LOCAL_MODULE := syscall_filter_unittest 167ifdef BRILLO 168 LOCAL_MODULE_TAGS := eng 169endif 170 171LOCAL_CFLAGS := $(minijailCommonCFlags) 172LOCAL_CLANG := true 173LOCAL_SRC_FILES := \ 174 bpf.c \ 175 syscall_filter.c \ 176 syscall_filter_unittest.c \ 177 util.c \ 178 179LOCAL_STATIC_LIBRARIES := libminijail_generated 180LOCAL_SHARED_LIBRARIES := $(minijailCommonLibraries) 181include $(BUILD_NATIVE_TEST) 182 183 184# test_minijail executable for brillo_Minijail test. 185# ========================================================= 186include $(CLEAR_VARS) 187LOCAL_MODULE := libminijail_test 188ifdef BRILLO 189 LOCAL_MODULE_TAGS := eng 190endif 191 192LOCAL_CFLAGS := $(minijailCommonCFlags) 193LOCAL_CLANG := true 194LOCAL_SRC_FILES := \ 195 test/libminijail_test.cpp 196 197LOCAL_SHARED_LIBRARIES := libbase libminijail 198include $(BUILD_EXECUTABLE) 199 200 201# libminijail usage example. 202# ========================================================= 203include $(CLEAR_VARS) 204LOCAL_MODULE := drop_privs 205LOCAL_MODULE_TAGS := optional 206LOCAL_CFLAGS := $(minijailCommonCFlags) 207LOCAL_CLANG := true 208# Don't build with ASan, but leave commented out for easy local debugging. 209# LOCAL_SANITIZE := address 210LOCAL_SRC_FILES := \ 211 examples/drop_privs.cpp 212 213LOCAL_SHARED_LIBRARIES := libbase libminijail 214include $(BUILD_EXECUTABLE) 215 216 217# minijail0 executable. 218# This is not currently used on Brillo/Android, 219# but it's convenient to be able to build it. 220# ========================================================= 221include $(CLEAR_VARS) 222LOCAL_MODULE := minijail0 223LOCAL_MODULE_TAGS := optional 224LOCAL_CFLAGS := \ 225 $(minijailCommonCFlags) -Wno-missing-field-initializers \ 226 -DPRELOADPATH=\"/invalidminijailpreload.so\" 227LOCAL_CLANG := true 228LOCAL_SRC_FILES := \ 229 elfparse.c \ 230 minijail0.c \ 231 232LOCAL_STATIC_LIBRARIES := libminijail_generated 233LOCAL_SHARED_LIBRARIES := $(minijailCommonLibraries) libminijail 234include $(BUILD_EXECUTABLE) 235