Interceptor: initial version

This adds the interceptor and its runtime library in a first draft
version.

The interceptor is typically called like

 $ interceptor [interceptor_args] [--] program [program_args]

It will locate the corresponding libinterceptor runtime library, set
some environment variables (mostly based on passed arguments) and spawn
the original process with the runtime library LD_PRELOAD'ed.

The runtime library will intercept `execve` libc calls but nothing is
happening with them for now.

A sample command that builds the Android common kernel:

 $ interceptor -- BUILD_CONFIG=common/build.config.gki.aarch64 build/build.sh

Note, setting environment variables after -- is supported (and
encouraged).

Bug: 205577427
Signed-off-by: Matthias Maennich <maennich@google.com>
Change-Id: Ia258a585078dd8bdda2799734cc0796e4d4cec82

6 files changed, 103 insertions, 0 deletions

diff --git a/build-prebuilts.sh b/build-prebuilts.sh
index f300e3e..ec50dc6 100755
--- a/build-prebuilts.sh
+++ b/build-prebuilts.sh
@@ -35,6 +35,7 @@ EOF
         e2fsck
         e2fsdroid
         img2simg
+        interceptor
         lpmake
         lz4
         mkbootfs
@@ -52,6 +53,7 @@ EOF
     SOONG_LIBRARIES=(
         libcrypto-host.so
         libelf.so
+        libinterceptor.so
     )
 
     binaries="${SOONG_BINARIES[@]/#/${SOONG_HOST_OUT}/bin/}"
diff --git a/interceptor/.clang-format b/interceptor/.clang-format
new file mode 120000
index 0000000..5f196c3
--- /dev/null
+++ b/interceptor/.clang-format
@@ -0,0 +1 @@
+../../../build/soong/scripts/system-clang-format-2
\ No newline at end of file
diff --git a/interceptor/Android.bp b/interceptor/Android.bp
new file mode 100644
index 0000000..f264d0f
--- /dev/null
+++ b/interceptor/Android.bp
@@ -0,0 +1,13 @@
+cc_library_host_shared {
+    name: "libinterceptor",
+    srcs: ["interceptor.cc"],
+    static_libs: [
+        "libc++fs",
+    ],
+}
+
+sh_binary_host {
+    name: "interceptor",
+    src: "interceptor",
+}
+
diff --git a/interceptor/interceptor b/interceptor/interceptor
new file mode 100644
index 0000000..e8c5111
--- /dev/null
+++ b/interceptor/interceptor
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# Copyright (C) 2021 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -e
+
+while [ $# -gt 0 ]; do
+    case $1 in
+    --)
+        shift
+        break
+        ;;
+    *)
+        break
+        ;;
+    esac
+done
+
+# Discover the interceptor preload library
+export LD_PRELOAD=$(realpath $(dirname $(readlink -f $0))/../lib64/libinterceptor.so)
+if [ ! -x "$LD_PRELOAD" ]; then
+    echo "Interceptor library can't be found at: $LD_PRELOAD" >&2
+    exit 1
+fi
+
+# Spawn the actual command in a subshell to capture possibly set environment
+# variables, e.g. `interceptor MY_ENV=123 command_to_execute`
+sh -c "$*"
diff --git a/interceptor/interceptor.cc b/interceptor/interceptor.cc
new file mode 100644
index 0000000..64cdb76
--- /dev/null
+++ b/interceptor/interceptor.cc
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "interceptor.h"
+
+#include <dlfcn.h>
+#include <unistd.h>
+
+// OVERLOADS for LD_PRELOAD USE
+
+// Intercept execve calls, for that capture the original execve call
+static auto const old_execve = reinterpret_cast<decltype(execve)*>(dlsym(RTLD_NEXT, "execve"));
+
+extern "C" {
+int execve(const char* filename, char* const argv[], char* const envp[]) {
+  return old_execve(filename, argv, envp);
+}
+}  // extern "C"
diff --git a/interceptor/interceptor.h b/interceptor/interceptor.h
new file mode 100644
index 0000000..062ed53
--- /dev/null
+++ b/interceptor/interceptor.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */