| // |
| // Copyright (C) 2023 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| // Usage is only approved for sandboxing host-side Cuttlefish tools to run them |
| // in Google's internal production environment. |
| package { |
| default_visibility: [":__subpackages__"] |
| } |
| |
| cc_defaults { |
| name: "sandboxed_api_defaults", |
| device_supported: false, |
| host_supported: true, |
| } |
| |
| cc_library { |
| name: "sandboxed_api_proto", |
| srcs: [ |
| "sandboxed_api/proto_arg.proto", |
| "sandboxed_api/sandbox2/comms_test.proto", |
| "sandboxed_api/sandbox2/forkserver.proto", |
| "sandboxed_api/sandbox2/logserver.proto", |
| "sandboxed_api/sandbox2/mount_tree.proto", |
| "sandboxed_api/sandbox2/violation.proto", |
| "sandboxed_api/sandbox2/unwind/unwind.proto", |
| "sandboxed_api/util/status.proto", |
| ], |
| proto: { |
| canonical_path_from_root: false, |
| export_proto_headers: true, |
| type: "full", |
| }, |
| defaults: ["sandboxed_api_defaults"], |
| } |
| |
| cc_defaults { |
| name: "sandboxed_api_cc_defaults", |
| static_libs: [ |
| "libabsl_host", |
| "libcap", |
| "libprotobuf-cpp-full", |
| "sandboxed_api_proto", |
| ], |
| arch: { |
| x86: { |
| enabled: false, |
| }, |
| }, |
| target: { |
| linux_glibc: { |
| cflags: [ |
| "-include android/sandboxed_api_glibc_compat.h", |
| ], |
| }, |
| linux_musl: { |
| cflags: [ |
| "-include android/sandboxed_api_musl_compat.h", |
| ], |
| }, |
| }, |
| cflags: [ |
| "-Wno-unused-parameter", |
| "-Wno-missing-field-initializers", // for sandboxed_api/sandbox2/policy.cc |
| "-fbracket-depth=768", // for syscall_defs.cc |
| ], |
| defaults: ["sandboxed_api_defaults"], |
| } |
| |
| cc_library { |
| name: "sandboxed_api_shared_with_filewrapper", |
| srcs: [ |
| "sandboxed_api/util/file_helpers.cc", |
| "sandboxed_api/util/fileops.cc", |
| "sandboxed_api/util/path.cc", |
| "sandboxed_api/util/raw_logging.cc", |
| "sandboxed_api/util/status.cc", |
| "sandboxed_api/util/strerror.cc", |
| ], |
| defaults: ["sandboxed_api_cc_defaults"], |
| } |
| |
| cc_binary { |
| name: "sandboxed_api_filewrapper", |
| srcs: [ |
| "sandboxed_api/tools/filewrapper/filewrapper.cc", |
| ], |
| static_libs: [ |
| "sandboxed_api_shared_with_filewrapper", |
| ], |
| defaults: ["sandboxed_api_cc_defaults"], |
| } |
| |
| cc_library { |
| name: "sandboxed_api_shared_with_forkserver", |
| srcs: [ |
| "android/unwind.cc", |
| "sandboxed_api/config.cc", |
| "sandboxed_api/sandbox2/bpfdisassembler.cc", |
| "sandboxed_api/sandbox2/buffer.cc", |
| "sandboxed_api/sandbox2/client.cc", |
| "sandboxed_api/sandbox2/comms.cc", |
| "sandboxed_api/sandbox2/fork_client.cc", |
| "sandboxed_api/sandbox2/forkserver.cc", |
| "sandboxed_api/sandbox2/ipc.cc", |
| "sandboxed_api/sandbox2/logserver.cc", |
| "sandboxed_api/sandbox2/logsink.cc", |
| "sandboxed_api/sandbox2/mounts.cc", |
| "sandboxed_api/sandbox2/namespace.cc", |
| "sandboxed_api/sandbox2/network_proxy/client.cc", |
| "sandboxed_api/sandbox2/regs.cc", |
| "sandboxed_api/sandbox2/result.cc", |
| "sandboxed_api/sandbox2/sanitizer.cc", |
| "sandboxed_api/sandbox2/syscall.cc", |
| "sandboxed_api/sandbox2/syscall_defs.cc", |
| "sandboxed_api/sandbox2/unwind/ptrace_hook.cc", |
| "sandboxed_api/sandbox2/unwind/unwind.cc", |
| "sandboxed_api/sandbox2/util.cc", |
| "sandboxed_api/sandbox2/util/bpf_helper.c", |
| "sandboxed_api/sandbox2/util/maps_parser.cc", |
| "sandboxed_api/sandbox2/util/minielf.cc", |
| "sandboxed_api/sandbox2/util/syscall_trap.cc", |
| "sandboxed_api/util/temp_file.cc", |
| ], |
| static_libs: [ |
| "sandboxed_api_shared_with_filewrapper", |
| ], |
| defaults: ["sandboxed_api_cc_defaults"], |
| } |
| |
| cc_binary { |
| name: "sandboxed_api_forkserver", |
| srcs: [ |
| "sandboxed_api/sandbox2/forkserver_bin.cc", |
| ], |
| static_libs: [ |
| "sandboxed_api_shared_with_filewrapper", |
| "sandboxed_api_shared_with_forkserver", |
| ], |
| stl: "libc++_static", |
| defaults: ["sandboxed_api_cc_defaults"], |
| } |
| |
| cc_genrule { |
| name: "sandboxed_api_embed_forkserver_cc", |
| arch: { // `enabled: false` doesn't appear to work here |
| arm: { |
| srcs: ["android/placeholder_exe"], |
| }, |
| arm64: { |
| srcs: [":sandboxed_api_forkserver"], |
| }, |
| x86: { |
| srcs: ["android/placeholder_exe"], |
| }, |
| }, |
| target: { |
| linux_x86_64: { |
| srcs: [":sandboxed_api_forkserver"], |
| }, |
| windows: { |
| srcs: ["android/placeholder_exe"], |
| }, |
| }, |
| cmd: "$(location sandboxed_api_filewrapper) " + |
| "'' " + |
| "forkserver_bin_embed " + |
| "'' " + |
| "$(genDir)/forkserver_bin_embed.h " + |
| "$(genDir)/forkserver_bin_embed.cc " + |
| "$(in)", |
| device_supported: false, |
| host_supported: true, |
| out: ["forkserver_bin_embed.cc"], |
| tools: ["sandboxed_api_filewrapper"], |
| } |
| |
| cc_genrule { |
| name: "sandboxed_api_embed_forkserver_h", |
| arch: { // `enabled: false` doesn't appear to work here |
| arm: { |
| srcs: ["android/placeholder_exe"], |
| }, |
| arm64: { |
| srcs: [":sandboxed_api_forkserver"], |
| }, |
| x86: { |
| srcs: ["android/placeholder_exe"], |
| }, |
| }, |
| target: { |
| linux_x86_64: { |
| srcs: [":sandboxed_api_forkserver"], |
| }, |
| windows: { |
| srcs: ["android/placeholder_exe"], |
| }, |
| }, |
| cmd: "mkdir -p $(genDir)/sandboxed_api/sandbox2/ && " + |
| "$(location sandboxed_api_filewrapper) " + |
| "'' " + |
| "forkserver_bin_embed " + |
| "'' " + |
| "$(genDir)/forkserver_bin_embed.h " + |
| "$(genDir)/forkserver_bin_embed.cc " + |
| "$(in) && " + |
| "cp $(genDir)/forkserver_bin_embed.h $(genDir)/sandboxed_api/sandbox2/", |
| device_supported: false, |
| host_supported: true, |
| out: [ |
| "forkserver_bin_embed.h", |
| "sandboxed_api/sandbox2/forkserver_bin_embed.h", |
| ], |
| tools: ["sandboxed_api_filewrapper"], |
| } |
| |
| cc_library { |
| name: "sandboxed_api_sandbox2", |
| export_include_dirs: ["."], |
| generated_headers: ["sandboxed_api_embed_forkserver_h"], |
| generated_sources: ["sandboxed_api_embed_forkserver_cc"], |
| srcs: [ |
| "sandboxed_api/embed_file.cc", |
| "sandboxed_api/sandbox2/executor.cc", |
| "sandboxed_api/sandbox2/forkingclient.cc", |
| "sandboxed_api/sandbox2/global_forkclient.cc", |
| "sandboxed_api/sandbox2/monitor_base.cc", |
| "sandboxed_api/sandbox2/monitor_ptrace.cc", |
| "sandboxed_api/sandbox2/monitor_unotify.cc", |
| "sandboxed_api/sandbox2/policy.cc", |
| "sandboxed_api/sandbox2/policybuilder.cc", |
| "sandboxed_api/sandbox2/sandbox2.cc", |
| "sandboxed_api/sandbox2/stack_trace.cc", |
| "sandboxed_api/sandbox2/network_proxy/filtering.cc", |
| "sandboxed_api/sandbox2/network_proxy/server.cc", |
| ], |
| visibility: ["//device/google/cuttlefish:__subpackages__"], |
| whole_static_libs: [ |
| "sandboxed_api_proto", |
| "sandboxed_api_shared_with_filewrapper", |
| "sandboxed_api_shared_with_forkserver", |
| ], |
| defaults: ["sandboxed_api_cc_defaults"], |
| } |
| |