1*ec63e07aSXin Li// 2*ec63e07aSXin Li// Copyright (C) 2023 The Android Open Source Project 3*ec63e07aSXin Li// 4*ec63e07aSXin Li// Licensed under the Apache License, Version 2.0 (the "License"); 5*ec63e07aSXin Li// you may not use this file except in compliance with the License. 6*ec63e07aSXin Li// You may obtain a copy of the License at 7*ec63e07aSXin Li// 8*ec63e07aSXin Li// http://www.apache.org/licenses/LICENSE-2.0 9*ec63e07aSXin Li// 10*ec63e07aSXin Li// Unless required by applicable law or agreed to in writing, software 11*ec63e07aSXin Li// distributed under the License is distributed on an "AS IS" BASIS, 12*ec63e07aSXin Li// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*ec63e07aSXin Li// See the License for the specific language governing permissions and 14*ec63e07aSXin Li// limitations under the License. 15*ec63e07aSXin Li 16*ec63e07aSXin Li// Usage is only approved for sandboxing host-side Cuttlefish tools to run them 17*ec63e07aSXin Li// in Google's internal production environment. 18*ec63e07aSXin Lipackage { 19*ec63e07aSXin Li default_visibility: [":__subpackages__"] 20*ec63e07aSXin Li} 21*ec63e07aSXin Li 22*ec63e07aSXin Licc_defaults { 23*ec63e07aSXin Li name: "sandboxed_api_defaults", 24*ec63e07aSXin Li device_supported: false, 25*ec63e07aSXin Li host_supported: true, 26*ec63e07aSXin Li} 27*ec63e07aSXin Li 28*ec63e07aSXin Licc_library { 29*ec63e07aSXin Li name: "sandboxed_api_proto", 30*ec63e07aSXin Li srcs: [ 31*ec63e07aSXin Li "sandboxed_api/proto_arg.proto", 32*ec63e07aSXin Li "sandboxed_api/sandbox2/comms_test.proto", 33*ec63e07aSXin Li "sandboxed_api/sandbox2/forkserver.proto", 34*ec63e07aSXin Li "sandboxed_api/sandbox2/logserver.proto", 35*ec63e07aSXin Li "sandboxed_api/sandbox2/mount_tree.proto", 36*ec63e07aSXin Li "sandboxed_api/sandbox2/violation.proto", 37*ec63e07aSXin Li "sandboxed_api/sandbox2/unwind/unwind.proto", 38*ec63e07aSXin Li "sandboxed_api/util/status.proto", 39*ec63e07aSXin Li ], 40*ec63e07aSXin Li proto: { 41*ec63e07aSXin Li canonical_path_from_root: false, 42*ec63e07aSXin Li export_proto_headers: true, 43*ec63e07aSXin Li type: "full", 44*ec63e07aSXin Li }, 45*ec63e07aSXin Li defaults: ["sandboxed_api_defaults"], 46*ec63e07aSXin Li} 47*ec63e07aSXin Li 48*ec63e07aSXin Licc_defaults { 49*ec63e07aSXin Li name: "sandboxed_api_cc_defaults", 50*ec63e07aSXin Li static_libs: [ 51*ec63e07aSXin Li "libabsl_host", 52*ec63e07aSXin Li "libcap", 53*ec63e07aSXin Li "libprotobuf-cpp-full", 54*ec63e07aSXin Li "sandboxed_api_proto", 55*ec63e07aSXin Li ], 56*ec63e07aSXin Li arch: { 57*ec63e07aSXin Li x86: { 58*ec63e07aSXin Li enabled: false, 59*ec63e07aSXin Li }, 60*ec63e07aSXin Li }, 61*ec63e07aSXin Li target: { 62*ec63e07aSXin Li linux_glibc: { 63*ec63e07aSXin Li cflags: [ 64*ec63e07aSXin Li "-include android/sandboxed_api_glibc_compat.h", 65*ec63e07aSXin Li ], 66*ec63e07aSXin Li }, 67*ec63e07aSXin Li linux_musl: { 68*ec63e07aSXin Li cflags: [ 69*ec63e07aSXin Li "-include android/sandboxed_api_musl_compat.h", 70*ec63e07aSXin Li ], 71*ec63e07aSXin Li }, 72*ec63e07aSXin Li }, 73*ec63e07aSXin Li cflags: [ 74*ec63e07aSXin Li "-Wno-unused-parameter", 75*ec63e07aSXin Li "-Wno-missing-field-initializers", // for sandboxed_api/sandbox2/policy.cc 76*ec63e07aSXin Li "-fbracket-depth=768", // for syscall_defs.cc 77*ec63e07aSXin Li ], 78*ec63e07aSXin Li defaults: ["sandboxed_api_defaults"], 79*ec63e07aSXin Li} 80*ec63e07aSXin Li 81*ec63e07aSXin Licc_library { 82*ec63e07aSXin Li name: "sandboxed_api_shared_with_filewrapper", 83*ec63e07aSXin Li srcs: [ 84*ec63e07aSXin Li "sandboxed_api/util/file_helpers.cc", 85*ec63e07aSXin Li "sandboxed_api/util/fileops.cc", 86*ec63e07aSXin Li "sandboxed_api/util/path.cc", 87*ec63e07aSXin Li "sandboxed_api/util/raw_logging.cc", 88*ec63e07aSXin Li "sandboxed_api/util/status.cc", 89*ec63e07aSXin Li "sandboxed_api/util/strerror.cc", 90*ec63e07aSXin Li ], 91*ec63e07aSXin Li defaults: ["sandboxed_api_cc_defaults"], 92*ec63e07aSXin Li} 93*ec63e07aSXin Li 94*ec63e07aSXin Licc_binary { 95*ec63e07aSXin Li name: "sandboxed_api_filewrapper", 96*ec63e07aSXin Li srcs: [ 97*ec63e07aSXin Li "sandboxed_api/tools/filewrapper/filewrapper.cc", 98*ec63e07aSXin Li ], 99*ec63e07aSXin Li static_libs: [ 100*ec63e07aSXin Li "sandboxed_api_shared_with_filewrapper", 101*ec63e07aSXin Li ], 102*ec63e07aSXin Li defaults: ["sandboxed_api_cc_defaults"], 103*ec63e07aSXin Li} 104*ec63e07aSXin Li 105*ec63e07aSXin Licc_library { 106*ec63e07aSXin Li name: "sandboxed_api_shared_with_forkserver", 107*ec63e07aSXin Li srcs: [ 108*ec63e07aSXin Li "android/unwind.cc", 109*ec63e07aSXin Li "sandboxed_api/config.cc", 110*ec63e07aSXin Li "sandboxed_api/sandbox2/bpfdisassembler.cc", 111*ec63e07aSXin Li "sandboxed_api/sandbox2/buffer.cc", 112*ec63e07aSXin Li "sandboxed_api/sandbox2/client.cc", 113*ec63e07aSXin Li "sandboxed_api/sandbox2/comms.cc", 114*ec63e07aSXin Li "sandboxed_api/sandbox2/fork_client.cc", 115*ec63e07aSXin Li "sandboxed_api/sandbox2/forkserver.cc", 116*ec63e07aSXin Li "sandboxed_api/sandbox2/ipc.cc", 117*ec63e07aSXin Li "sandboxed_api/sandbox2/logserver.cc", 118*ec63e07aSXin Li "sandboxed_api/sandbox2/logsink.cc", 119*ec63e07aSXin Li "sandboxed_api/sandbox2/mounts.cc", 120*ec63e07aSXin Li "sandboxed_api/sandbox2/namespace.cc", 121*ec63e07aSXin Li "sandboxed_api/sandbox2/network_proxy/client.cc", 122*ec63e07aSXin Li "sandboxed_api/sandbox2/regs.cc", 123*ec63e07aSXin Li "sandboxed_api/sandbox2/result.cc", 124*ec63e07aSXin Li "sandboxed_api/sandbox2/sanitizer.cc", 125*ec63e07aSXin Li "sandboxed_api/sandbox2/syscall.cc", 126*ec63e07aSXin Li "sandboxed_api/sandbox2/syscall_defs.cc", 127*ec63e07aSXin Li "sandboxed_api/sandbox2/unwind/ptrace_hook.cc", 128*ec63e07aSXin Li "sandboxed_api/sandbox2/unwind/unwind.cc", 129*ec63e07aSXin Li "sandboxed_api/sandbox2/util.cc", 130*ec63e07aSXin Li "sandboxed_api/sandbox2/util/bpf_helper.c", 131*ec63e07aSXin Li "sandboxed_api/sandbox2/util/maps_parser.cc", 132*ec63e07aSXin Li "sandboxed_api/sandbox2/util/minielf.cc", 133*ec63e07aSXin Li "sandboxed_api/sandbox2/util/syscall_trap.cc", 134*ec63e07aSXin Li "sandboxed_api/util/temp_file.cc", 135*ec63e07aSXin Li ], 136*ec63e07aSXin Li static_libs: [ 137*ec63e07aSXin Li "sandboxed_api_shared_with_filewrapper", 138*ec63e07aSXin Li ], 139*ec63e07aSXin Li defaults: ["sandboxed_api_cc_defaults"], 140*ec63e07aSXin Li} 141*ec63e07aSXin Li 142*ec63e07aSXin Licc_binary { 143*ec63e07aSXin Li name: "sandboxed_api_forkserver", 144*ec63e07aSXin Li srcs: [ 145*ec63e07aSXin Li "sandboxed_api/sandbox2/forkserver_bin.cc", 146*ec63e07aSXin Li ], 147*ec63e07aSXin Li static_libs: [ 148*ec63e07aSXin Li "sandboxed_api_shared_with_filewrapper", 149*ec63e07aSXin Li "sandboxed_api_shared_with_forkserver", 150*ec63e07aSXin Li ], 151*ec63e07aSXin Li stl: "libc++_static", 152*ec63e07aSXin Li defaults: ["sandboxed_api_cc_defaults"], 153*ec63e07aSXin Li} 154*ec63e07aSXin Li 155*ec63e07aSXin Licc_genrule { 156*ec63e07aSXin Li name: "sandboxed_api_embed_forkserver_cc", 157*ec63e07aSXin Li arch: { // `enabled: false` doesn't appear to work here 158*ec63e07aSXin Li arm: { 159*ec63e07aSXin Li srcs: ["android/placeholder_exe"], 160*ec63e07aSXin Li }, 161*ec63e07aSXin Li arm64: { 162*ec63e07aSXin Li srcs: [":sandboxed_api_forkserver"], 163*ec63e07aSXin Li }, 164*ec63e07aSXin Li x86: { 165*ec63e07aSXin Li srcs: ["android/placeholder_exe"], 166*ec63e07aSXin Li }, 167*ec63e07aSXin Li }, 168*ec63e07aSXin Li target: { 169*ec63e07aSXin Li linux_x86_64: { 170*ec63e07aSXin Li srcs: [":sandboxed_api_forkserver"], 171*ec63e07aSXin Li }, 172*ec63e07aSXin Li windows: { 173*ec63e07aSXin Li srcs: ["android/placeholder_exe"], 174*ec63e07aSXin Li }, 175*ec63e07aSXin Li }, 176*ec63e07aSXin Li cmd: "$(location sandboxed_api_filewrapper) " + 177*ec63e07aSXin Li "'' " + 178*ec63e07aSXin Li "forkserver_bin_embed " + 179*ec63e07aSXin Li "'' " + 180*ec63e07aSXin Li "$(genDir)/forkserver_bin_embed.h " + 181*ec63e07aSXin Li "$(genDir)/forkserver_bin_embed.cc " + 182*ec63e07aSXin Li "$(in)", 183*ec63e07aSXin Li device_supported: false, 184*ec63e07aSXin Li host_supported: true, 185*ec63e07aSXin Li out: ["forkserver_bin_embed.cc"], 186*ec63e07aSXin Li tools: ["sandboxed_api_filewrapper"], 187*ec63e07aSXin Li} 188*ec63e07aSXin Li 189*ec63e07aSXin Licc_genrule { 190*ec63e07aSXin Li name: "sandboxed_api_embed_forkserver_h", 191*ec63e07aSXin Li arch: { // `enabled: false` doesn't appear to work here 192*ec63e07aSXin Li arm: { 193*ec63e07aSXin Li srcs: ["android/placeholder_exe"], 194*ec63e07aSXin Li }, 195*ec63e07aSXin Li arm64: { 196*ec63e07aSXin Li srcs: [":sandboxed_api_forkserver"], 197*ec63e07aSXin Li }, 198*ec63e07aSXin Li x86: { 199*ec63e07aSXin Li srcs: ["android/placeholder_exe"], 200*ec63e07aSXin Li }, 201*ec63e07aSXin Li }, 202*ec63e07aSXin Li target: { 203*ec63e07aSXin Li linux_x86_64: { 204*ec63e07aSXin Li srcs: [":sandboxed_api_forkserver"], 205*ec63e07aSXin Li }, 206*ec63e07aSXin Li windows: { 207*ec63e07aSXin Li srcs: ["android/placeholder_exe"], 208*ec63e07aSXin Li }, 209*ec63e07aSXin Li }, 210*ec63e07aSXin Li cmd: "mkdir -p $(genDir)/sandboxed_api/sandbox2/ && " + 211*ec63e07aSXin Li "$(location sandboxed_api_filewrapper) " + 212*ec63e07aSXin Li "'' " + 213*ec63e07aSXin Li "forkserver_bin_embed " + 214*ec63e07aSXin Li "'' " + 215*ec63e07aSXin Li "$(genDir)/forkserver_bin_embed.h " + 216*ec63e07aSXin Li "$(genDir)/forkserver_bin_embed.cc " + 217*ec63e07aSXin Li "$(in) && " + 218*ec63e07aSXin Li "cp $(genDir)/forkserver_bin_embed.h $(genDir)/sandboxed_api/sandbox2/", 219*ec63e07aSXin Li device_supported: false, 220*ec63e07aSXin Li host_supported: true, 221*ec63e07aSXin Li out: [ 222*ec63e07aSXin Li "forkserver_bin_embed.h", 223*ec63e07aSXin Li "sandboxed_api/sandbox2/forkserver_bin_embed.h", 224*ec63e07aSXin Li ], 225*ec63e07aSXin Li tools: ["sandboxed_api_filewrapper"], 226*ec63e07aSXin Li} 227*ec63e07aSXin Li 228*ec63e07aSXin Licc_library { 229*ec63e07aSXin Li name: "sandboxed_api_sandbox2", 230*ec63e07aSXin Li export_include_dirs: ["."], 231*ec63e07aSXin Li generated_headers: ["sandboxed_api_embed_forkserver_h"], 232*ec63e07aSXin Li generated_sources: ["sandboxed_api_embed_forkserver_cc"], 233*ec63e07aSXin Li srcs: [ 234*ec63e07aSXin Li "sandboxed_api/embed_file.cc", 235*ec63e07aSXin Li "sandboxed_api/sandbox2/executor.cc", 236*ec63e07aSXin Li "sandboxed_api/sandbox2/forkingclient.cc", 237*ec63e07aSXin Li "sandboxed_api/sandbox2/global_forkclient.cc", 238*ec63e07aSXin Li "sandboxed_api/sandbox2/monitor_base.cc", 239*ec63e07aSXin Li "sandboxed_api/sandbox2/monitor_ptrace.cc", 240*ec63e07aSXin Li "sandboxed_api/sandbox2/monitor_unotify.cc", 241*ec63e07aSXin Li "sandboxed_api/sandbox2/policy.cc", 242*ec63e07aSXin Li "sandboxed_api/sandbox2/policybuilder.cc", 243*ec63e07aSXin Li "sandboxed_api/sandbox2/sandbox2.cc", 244*ec63e07aSXin Li "sandboxed_api/sandbox2/stack_trace.cc", 245*ec63e07aSXin Li "sandboxed_api/sandbox2/network_proxy/filtering.cc", 246*ec63e07aSXin Li "sandboxed_api/sandbox2/network_proxy/server.cc", 247*ec63e07aSXin Li ], 248*ec63e07aSXin Li visibility: ["//device/google/cuttlefish:__subpackages__"], 249*ec63e07aSXin Li whole_static_libs: [ 250*ec63e07aSXin Li "sandboxed_api_proto", 251*ec63e07aSXin Li "sandboxed_api_shared_with_filewrapper", 252*ec63e07aSXin Li "sandboxed_api_shared_with_forkserver", 253*ec63e07aSXin Li ], 254*ec63e07aSXin Li defaults: ["sandboxed_api_cc_defaults"], 255*ec63e07aSXin Li} 256*ec63e07aSXin Li 257