diff options
author | A. Cody Schuffelen <schuffelen@google.com> | 2023-11-15 14:11:37 -0800 |
---|---|---|
committer | A. Cody Schuffelen <schuffelen@google.com> | 2023-11-15 14:16:13 -0800 |
commit | d7972be9d3789ffd6ac0681e19a606052182eb13 (patch) | |
tree | db5da23f6d65f7df4de0da34bbf94c9a1934ef0a | |
parent | a1fed775e7d4f0b42082e843d5f7c43ccf7a4e86 (diff) | |
download | sandboxed-api-d7972be9d3789ffd6ac0681e19a606052182eb13.tar.gz |
Build the forkserver in sandboxed-api
Includes a workaround to make unwind-related code always return an
error, as libunwind was removed from Android in aosp/1670175.
Also fixes glibc support.
The next step is to implement an Android.bp equivalent of the build
process that embeds the forkserver executable into the sandbox2 library.
Bug: b/309695709
Test: USE_HOST_MUSL=true m sandboxed_api_forkserver
Test: m sandboxed_api_forkserver
Change-Id: Ib5f653f83abe2a15edb45c225cdf69015336961f
-rw-r--r-- | Android.bp | 86 | ||||
-rw-r--r-- | android/sandboxed_api_glibc_compat.h | 19 | ||||
-rw-r--r-- | android/sandboxed_api_musl_compat.h | 17 | ||||
-rw-r--r-- | android/unwind.cc | 31 | ||||
-rw-r--r-- | sandboxed_api/sandbox2/forkserver.cc | 2 | ||||
-rw-r--r-- | sandboxed_api/sandbox2/unwind/unwind.cc | 6 |
6 files changed, 130 insertions, 31 deletions
@@ -16,9 +16,7 @@ // Usage is only approved for sandboxing host-side Cuttlefish tools to run them // in Google's internal production environment. package { - default_visibility: [ - "//device/google/cuttlefish:__subpackages__", - ] + default_visibility: [":__subpackages__"] } cc_defaults { @@ -36,6 +34,7 @@ cc_library { "sandboxed_api/sandbox2/logserver.proto", "sandboxed_api/sandbox2/mount_tree.proto", "sandboxed_api/sandbox2/violation.proto", + "sandboxed_api/sandbox2/unwind/unwind.proto", "sandboxed_api/util/status.proto", ], proto: { @@ -46,22 +45,66 @@ cc_library { defaults: ["sandboxed_api_defaults"], } +cc_defaults { + name: "sandboxed_api_cc_defaults", + static_libs: [ + "libabsl_host", + "libcap", + "libprotobuf-cpp-full", + "sandboxed_api_proto", + ], + arch: { + x86: { + enabled: false, + }, + }, + target: { + linux_glibc: { + cflags: [ + "-include android/sandboxed_api_glibc_compat.h", + ], + include_dirs: [ + "bionic/libc/kernel/android/uapi", + "bionic/libc/kernel/uapi", + ], + }, + linux_musl: { + cflags: [ + "-include android/sandboxed_api_musl_compat.h", + ], + }, + }, + cflags: [ + "-Wno-unused-parameter", + "-fbracket-depth=768", // for syscall_defs.cc + ], + defaults: ["sandboxed_api_defaults"], +} + + cc_library { - name: "sandboxed_api", + name: "sandboxed_api_shared_with_forkserver", srcs: [ + "android/unwind.cc", "sandboxed_api/config.cc", "sandboxed_api/sandbox2/bpfdisassembler.cc", "sandboxed_api/sandbox2/buffer.cc", + "sandboxed_api/sandbox2/client.cc", "sandboxed_api/sandbox2/comms.cc", + "sandboxed_api/sandbox2/forkserver.cc", "sandboxed_api/sandbox2/ipc.cc", "sandboxed_api/sandbox2/logserver.cc", "sandboxed_api/sandbox2/logsink.cc", "sandboxed_api/sandbox2/mounts.cc", "sandboxed_api/sandbox2/namespace.cc", + "sandboxed_api/sandbox2/network_proxy/client.cc", "sandboxed_api/sandbox2/regs.cc", "sandboxed_api/sandbox2/result.cc", + "sandboxed_api/sandbox2/sanitizer.cc", "sandboxed_api/sandbox2/syscall.cc", "sandboxed_api/sandbox2/syscall_defs.cc", + "sandboxed_api/sandbox2/unwind/ptrace_hook.cc", + "sandboxed_api/sandbox2/unwind/unwind.cc", "sandboxed_api/sandbox2/util.cc", "sandboxed_api/sandbox2/util/bpf_helper.c", "sandboxed_api/sandbox2/util/maps_parser.cc", @@ -75,32 +118,17 @@ cc_library { "sandboxed_api/util/strerror.cc", "sandboxed_api/util/temp_file.cc", ], - static_libs: [ - "libabsl_host", - "sandboxed_api_proto", - "libprotobuf-cpp-full", + defaults: ["sandboxed_api_cc_defaults"], +} + +cc_binary { + name: "sandboxed_api_forkserver", + srcs: [ + "sandboxed_api/sandbox2/forkserver_bin.cc", ], - arch: { - x86: { - enabled: false, - }, - }, - target: { - linux_glibc: { - enabled: false, - cflags: [ - // Typo in old glibc - "-DPTRACE_EVENT_SECCOMP=PTRAVE_EVENT_SECCOMP", - ], - }, - linux_musl: { - enabled: true, - }, - }, - cflags: [ - "-Wno-unused-parameter", - "-fbracket-depth=768", // for syscall_defs.cc + static_libs: [ + "sandboxed_api_shared_with_forkserver", ], - defaults: ["sandboxed_api_defaults"], + defaults: ["sandboxed_api_cc_defaults"], } diff --git a/android/sandboxed_api_glibc_compat.h b/android/sandboxed_api_glibc_compat.h new file mode 100644 index 0000000..5765cf0 --- /dev/null +++ b/android/sandboxed_api_glibc_compat.h @@ -0,0 +1,19 @@ +// +// Copyright (C) 2023 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +#pragma once + +// Typo in old glibc +#define PTRACE_EVENT_SECCOMP PTRAVE_EVENT_SECCOMP + diff --git a/android/sandboxed_api_musl_compat.h b/android/sandboxed_api_musl_compat.h new file mode 100644 index 0000000..370a57c --- /dev/null +++ b/android/sandboxed_api_musl_compat.h @@ -0,0 +1,17 @@ +// +// Copyright (C) 2023 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +#pragma once + +typedef int __ptrace_request; diff --git a/android/unwind.cc b/android/unwind.cc new file mode 100644 index 0000000..dc97c9a --- /dev/null +++ b/android/unwind.cc @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <sys/types.h> + +#include <string> +#include <vector> + +#include "absl/status/status.h" +#include "absl/status/statusor.h" + +namespace sandbox2 { + +absl::StatusOr<std::vector<std::string>> RunLibUnwindAndSymbolizer(pid_t, int) { + return absl::UnimplementedError("libunwind not available in android"); +} + +} diff --git a/sandboxed_api/sandbox2/forkserver.cc b/sandboxed_api/sandbox2/forkserver.cc index 47ff877..1106e02 100644 --- a/sandboxed_api/sandbox2/forkserver.cc +++ b/sandboxed_api/sandbox2/forkserver.cc @@ -50,7 +50,7 @@ #include "absl/strings/str_join.h" #include "absl/strings/str_split.h" #include "absl/strings/string_view.h" -#include "libcap/include/sys/capability.h" +#include "sys/capability.h" // AOSP: match libcap exported includes #include "sandboxed_api/sandbox2/client.h" #include "sandboxed_api/sandbox2/comms.h" #include "sandboxed_api/sandbox2/fork_client.h" diff --git a/sandboxed_api/sandbox2/unwind/unwind.cc b/sandboxed_api/sandbox2/unwind/unwind.cc index 19e572c..01b4e44 100644 --- a/sandboxed_api/sandbox2/unwind/unwind.cc +++ b/sandboxed_api/sandbox2/unwind/unwind.cc @@ -33,7 +33,7 @@ #include "absl/strings/match.h" #include "absl/strings/str_cat.h" #include "absl/strings/string_view.h" -#include "libunwind-ptrace.h" +//#include "libunwind-ptrace.h" Android: libunwind was removed in aosp/1670175 #include "sandboxed_api/config.h" #include "sandboxed_api/sandbox2/comms.h" #include "sandboxed_api/sandbox2/unwind/ptrace_hook.h" @@ -87,6 +87,7 @@ absl::StatusOr<std::vector<uintptr_t>> UnwindUsingFramePointer(pid_t pid, return ips; } +#if 0 // Android: libunwind is not available absl::StatusOr<std::vector<uintptr_t>> RunLibUnwind(pid_t pid, int max_frames) { static unw_addr_space_t as = unw_create_addr_space(&_UPT_accessors, 0 /* byte order */); @@ -152,6 +153,7 @@ absl::StatusOr<std::vector<uintptr_t>> RunLibUnwind(pid_t pid, int max_frames) { } return ips; } +#endif absl::StatusOr<std::vector<std::string>> SymbolizeStacktrace( pid_t pid, const std::vector<uintptr_t>& ips) { @@ -288,11 +290,13 @@ bool RunLibUnwindAndSymbolizer(Comms* comms) { return comms->SendProtoBuf(msg); } +#if 0 absl::StatusOr<std::vector<std::string>> RunLibUnwindAndSymbolizer( pid_t pid, int max_frames) { SAPI_ASSIGN_OR_RETURN(std::vector<uintptr_t> ips, RunLibUnwind(pid, max_frames)); return SymbolizeStacktrace(pid, ips); } +#endif } // namespace sandbox2 |