diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-12-02 02:15:19 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-12-02 02:15:19 +0000 |
commit | 920fd85c6918cb6a3d25850c1f40e0a50008678e (patch) | |
tree | 8beb9375bf52ebf8e075445546e6d330e76f60dc | |
parent | 3dcb11301954daadbb0bcdfa2595758553198ad1 (diff) | |
parent | 26f8b0bc611317acc2911a7c405efd2451507584 (diff) | |
download | sandboxed-api-android14-qpr2-s3-release.tar.gz |
Snap for 11169761 from 26f8b0bc611317acc2911a7c405efd2451507584 to 24Q1-releaseandroid-14.0.0_r37android-14.0.0_r36android-14.0.0_r35android-14.0.0_r34android-14.0.0_r33android-14.0.0_r32android-14.0.0_r31android-14.0.0_r30android-14.0.0_r29android-14.0.0_r28android14-qpr2-s5-releaseandroid14-qpr2-s4-releaseandroid14-qpr2-s3-releaseandroid14-qpr2-s2-releaseandroid14-qpr2-s1-releaseandroid14-qpr2-release
Change-Id: I3bee264e556b8d5c72415851d1cd2288a10f16e5
-rw-r--r-- | Android.bp | 137 | ||||
-rw-r--r-- | android/placeholder_exe | 0 | ||||
-rw-r--r-- | android/sandboxed_api_glibc_compat.h | 23 | ||||
-rw-r--r-- | android/sandboxed_api_musl_compat.h | 6 |
4 files changed, 160 insertions, 6 deletions
@@ -76,11 +76,35 @@ cc_defaults { }, cflags: [ "-Wno-unused-parameter", + "-Wno-missing-field-initializers", // for sandboxed_api/sandbox2/policy.cc "-fbracket-depth=768", // for syscall_defs.cc ], defaults: ["sandboxed_api_defaults"], } +cc_library { + name: "sandboxed_api_shared_with_filewrapper", + srcs: [ + "sandboxed_api/util/file_helpers.cc", + "sandboxed_api/util/fileops.cc", + "sandboxed_api/util/path.cc", + "sandboxed_api/util/raw_logging.cc", + "sandboxed_api/util/status.cc", + "sandboxed_api/util/strerror.cc", + ], + defaults: ["sandboxed_api_cc_defaults"], +} + +cc_binary { + name: "sandboxed_api_filewrapper", + srcs: [ + "sandboxed_api/tools/filewrapper/filewrapper.cc", + ], + static_libs: [ + "sandboxed_api_shared_with_filewrapper", + ], + defaults: ["sandboxed_api_cc_defaults"], +} cc_library { name: "sandboxed_api_shared_with_forkserver", @@ -91,6 +115,7 @@ cc_library { "sandboxed_api/sandbox2/buffer.cc", "sandboxed_api/sandbox2/client.cc", "sandboxed_api/sandbox2/comms.cc", + "sandboxed_api/sandbox2/fork_client.cc", "sandboxed_api/sandbox2/forkserver.cc", "sandboxed_api/sandbox2/ipc.cc", "sandboxed_api/sandbox2/logserver.cc", @@ -110,14 +135,11 @@ cc_library { "sandboxed_api/sandbox2/util/maps_parser.cc", "sandboxed_api/sandbox2/util/minielf.cc", "sandboxed_api/sandbox2/util/syscall_trap.cc", - "sandboxed_api/util/file_helpers.cc", - "sandboxed_api/util/fileops.cc", - "sandboxed_api/util/path.cc", - "sandboxed_api/util/raw_logging.cc", - "sandboxed_api/util/status.cc", - "sandboxed_api/util/strerror.cc", "sandboxed_api/util/temp_file.cc", ], + static_libs: [ + "sandboxed_api_shared_with_filewrapper", + ], defaults: ["sandboxed_api_cc_defaults"], } @@ -127,6 +149,109 @@ cc_binary { "sandboxed_api/sandbox2/forkserver_bin.cc", ], static_libs: [ + "sandboxed_api_shared_with_filewrapper", + "sandboxed_api_shared_with_forkserver", + ], + defaults: ["sandboxed_api_cc_defaults"], +} + +cc_genrule { + name: "sandboxed_api_embed_forkserver_cc", + arch: { // `enabled: false` doesn't appear to work here + arm: { + srcs: ["android/placeholder_exe"], + }, + arm64: { + srcs: [":sandboxed_api_forkserver"], + }, + x86: { + srcs: ["android/placeholder_exe"], + }, + }, + target: { + linux_x86_64: { + srcs: [":sandboxed_api_forkserver"], + }, + windows: { + srcs: ["android/placeholder_exe"], + }, + }, + cmd: "$(location sandboxed_api_filewrapper) " + + "'' " + + "forkserver_bin_embed " + + "'' " + + "$(genDir)/forkserver_bin_embed.h " + + "$(genDir)/forkserver_bin_embed.cc " + + "$(in)", + device_supported: false, + host_supported: true, + out: ["forkserver_bin_embed.cc"], + tools: ["sandboxed_api_filewrapper"], +} + +cc_genrule { + name: "sandboxed_api_embed_forkserver_h", + arch: { // `enabled: false` doesn't appear to work here + arm: { + srcs: ["android/placeholder_exe"], + }, + arm64: { + srcs: [":sandboxed_api_forkserver"], + }, + x86: { + srcs: ["android/placeholder_exe"], + }, + }, + target: { + linux_x86_64: { + srcs: [":sandboxed_api_forkserver"], + }, + windows: { + srcs: ["android/placeholder_exe"], + }, + }, + cmd: "mkdir -p $(genDir)/sandboxed_api/sandbox2/ && " + + "$(location sandboxed_api_filewrapper) " + + "'' " + + "forkserver_bin_embed " + + "'' " + + "$(genDir)/forkserver_bin_embed.h " + + "$(genDir)/forkserver_bin_embed.cc " + + "$(in) && " + + "cp $(genDir)/forkserver_bin_embed.h $(genDir)/sandboxed_api/sandbox2/", + device_supported: false, + host_supported: true, + out: [ + "forkserver_bin_embed.h", + "sandboxed_api/sandbox2/forkserver_bin_embed.h", + ], + tools: ["sandboxed_api_filewrapper"], +} + +cc_library { + name: "sandboxed_api_sandbox2", + export_include_dirs: ["."], + generated_headers: ["sandboxed_api_embed_forkserver_h"], + generated_sources: ["sandboxed_api_embed_forkserver_cc"], + srcs: [ + "sandboxed_api/embed_file.cc", + "sandboxed_api/sandbox2/executor.cc", + "sandboxed_api/sandbox2/forkingclient.cc", + "sandboxed_api/sandbox2/global_forkclient.cc", + "sandboxed_api/sandbox2/monitor_base.cc", + "sandboxed_api/sandbox2/monitor_ptrace.cc", + "sandboxed_api/sandbox2/monitor_unotify.cc", + "sandboxed_api/sandbox2/policy.cc", + "sandboxed_api/sandbox2/policybuilder.cc", + "sandboxed_api/sandbox2/sandbox2.cc", + "sandboxed_api/sandbox2/stack_trace.cc", + "sandboxed_api/sandbox2/network_proxy/filtering.cc", + "sandboxed_api/sandbox2/network_proxy/server.cc", + ], + visibility: ["//device/google/cuttlefish:__subpackages__"], + whole_static_libs: [ + "sandboxed_api_proto", + "sandboxed_api_shared_with_filewrapper", "sandboxed_api_shared_with_forkserver", ], defaults: ["sandboxed_api_cc_defaults"], diff --git a/android/placeholder_exe b/android/placeholder_exe new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/android/placeholder_exe diff --git a/android/sandboxed_api_glibc_compat.h b/android/sandboxed_api_glibc_compat.h index 5765cf0..8211e98 100644 --- a/android/sandboxed_api_glibc_compat.h +++ b/android/sandboxed_api_glibc_compat.h @@ -17,3 +17,26 @@ // Typo in old glibc #define PTRACE_EVENT_SECCOMP PTRAVE_EVENT_SECCOMP +// From aosp/599933 +/* + * Older glibc builds predate seccomp inclusion. These arches are the ones + * AOSP needs and doesn't provide anything newer. All other targets can upgrade + * their kernel headers. + */ +#ifndef SYS_seccomp +# if defined(__x86_64__) +# define SYS_seccomp 317 +# elif defined(__i386__) +# define SYS_seccomp 354 +# elif defined(__aarch64__) +# define SYS_seccomp 277 +# elif defined(__arm__) +# define SYS_seccomp 383 +# else +# error "Update your kernel headers" +# endif +#endif + +#ifndef PTRACE_O_EXITKILL +#define PTRACE_O_EXITKILL (1 << 20) +#endif diff --git a/android/sandboxed_api_musl_compat.h b/android/sandboxed_api_musl_compat.h index 370a57c..6d4f384 100644 --- a/android/sandboxed_api_musl_compat.h +++ b/android/sandboxed_api_musl_compat.h @@ -14,4 +14,10 @@ // limitations under the License. #pragma once +// From aosp/2263921 +#define __SIGRTMIN 32 +#define __SIGRTMAX 64 + typedef int __ptrace_request; + +typedef int __rlimit_resource; |