Snap for 11169761 from 26f8b0bc611317acc2911a7c405efd2451507584 to 24Q1-release
Change-Id: I3bee264e556b8d5c72415851d1cd2288a10f16e5
diff --git a/Android.bp b/Android.bp
index ad5423c..fa43aa8 100644
--- a/Android.bp
+++ b/Android.bp
@@ -76,11 +76,35 @@
},
cflags: [
"-Wno-unused-parameter",
+ "-Wno-missing-field-initializers", // for sandboxed_api/sandbox2/policy.cc
"-fbracket-depth=768", // for syscall_defs.cc
],
defaults: ["sandboxed_api_defaults"],
}
+cc_library {
+ name: "sandboxed_api_shared_with_filewrapper",
+ srcs: [
+ "sandboxed_api/util/file_helpers.cc",
+ "sandboxed_api/util/fileops.cc",
+ "sandboxed_api/util/path.cc",
+ "sandboxed_api/util/raw_logging.cc",
+ "sandboxed_api/util/status.cc",
+ "sandboxed_api/util/strerror.cc",
+ ],
+ defaults: ["sandboxed_api_cc_defaults"],
+}
+
+cc_binary {
+ name: "sandboxed_api_filewrapper",
+ srcs: [
+ "sandboxed_api/tools/filewrapper/filewrapper.cc",
+ ],
+ static_libs: [
+ "sandboxed_api_shared_with_filewrapper",
+ ],
+ defaults: ["sandboxed_api_cc_defaults"],
+}
cc_library {
name: "sandboxed_api_shared_with_forkserver",
@@ -91,6 +115,7 @@
"sandboxed_api/sandbox2/buffer.cc",
"sandboxed_api/sandbox2/client.cc",
"sandboxed_api/sandbox2/comms.cc",
+ "sandboxed_api/sandbox2/fork_client.cc",
"sandboxed_api/sandbox2/forkserver.cc",
"sandboxed_api/sandbox2/ipc.cc",
"sandboxed_api/sandbox2/logserver.cc",
@@ -110,14 +135,11 @@
"sandboxed_api/sandbox2/util/maps_parser.cc",
"sandboxed_api/sandbox2/util/minielf.cc",
"sandboxed_api/sandbox2/util/syscall_trap.cc",
- "sandboxed_api/util/file_helpers.cc",
- "sandboxed_api/util/fileops.cc",
- "sandboxed_api/util/path.cc",
- "sandboxed_api/util/raw_logging.cc",
- "sandboxed_api/util/status.cc",
- "sandboxed_api/util/strerror.cc",
"sandboxed_api/util/temp_file.cc",
],
+ static_libs: [
+ "sandboxed_api_shared_with_filewrapper",
+ ],
defaults: ["sandboxed_api_cc_defaults"],
}
@@ -127,6 +149,109 @@
"sandboxed_api/sandbox2/forkserver_bin.cc",
],
static_libs: [
+ "sandboxed_api_shared_with_filewrapper",
+ "sandboxed_api_shared_with_forkserver",
+ ],
+ defaults: ["sandboxed_api_cc_defaults"],
+}
+
+cc_genrule {
+ name: "sandboxed_api_embed_forkserver_cc",
+ arch: { // `enabled: false` doesn't appear to work here
+ arm: {
+ srcs: ["android/placeholder_exe"],
+ },
+ arm64: {
+ srcs: [":sandboxed_api_forkserver"],
+ },
+ x86: {
+ srcs: ["android/placeholder_exe"],
+ },
+ },
+ target: {
+ linux_x86_64: {
+ srcs: [":sandboxed_api_forkserver"],
+ },
+ windows: {
+ srcs: ["android/placeholder_exe"],
+ },
+ },
+ cmd: "$(location sandboxed_api_filewrapper) " +
+ "'' " +
+ "forkserver_bin_embed " +
+ "'' " +
+ "$(genDir)/forkserver_bin_embed.h " +
+ "$(genDir)/forkserver_bin_embed.cc " +
+ "$(in)",
+ device_supported: false,
+ host_supported: true,
+ out: ["forkserver_bin_embed.cc"],
+ tools: ["sandboxed_api_filewrapper"],
+}
+
+cc_genrule {
+ name: "sandboxed_api_embed_forkserver_h",
+ arch: { // `enabled: false` doesn't appear to work here
+ arm: {
+ srcs: ["android/placeholder_exe"],
+ },
+ arm64: {
+ srcs: [":sandboxed_api_forkserver"],
+ },
+ x86: {
+ srcs: ["android/placeholder_exe"],
+ },
+ },
+ target: {
+ linux_x86_64: {
+ srcs: [":sandboxed_api_forkserver"],
+ },
+ windows: {
+ srcs: ["android/placeholder_exe"],
+ },
+ },
+ cmd: "mkdir -p $(genDir)/sandboxed_api/sandbox2/ && " +
+ "$(location sandboxed_api_filewrapper) " +
+ "'' " +
+ "forkserver_bin_embed " +
+ "'' " +
+ "$(genDir)/forkserver_bin_embed.h " +
+ "$(genDir)/forkserver_bin_embed.cc " +
+ "$(in) && " +
+ "cp $(genDir)/forkserver_bin_embed.h $(genDir)/sandboxed_api/sandbox2/",
+ device_supported: false,
+ host_supported: true,
+ out: [
+ "forkserver_bin_embed.h",
+ "sandboxed_api/sandbox2/forkserver_bin_embed.h",
+ ],
+ tools: ["sandboxed_api_filewrapper"],
+}
+
+cc_library {
+ name: "sandboxed_api_sandbox2",
+ export_include_dirs: ["."],
+ generated_headers: ["sandboxed_api_embed_forkserver_h"],
+ generated_sources: ["sandboxed_api_embed_forkserver_cc"],
+ srcs: [
+ "sandboxed_api/embed_file.cc",
+ "sandboxed_api/sandbox2/executor.cc",
+ "sandboxed_api/sandbox2/forkingclient.cc",
+ "sandboxed_api/sandbox2/global_forkclient.cc",
+ "sandboxed_api/sandbox2/monitor_base.cc",
+ "sandboxed_api/sandbox2/monitor_ptrace.cc",
+ "sandboxed_api/sandbox2/monitor_unotify.cc",
+ "sandboxed_api/sandbox2/policy.cc",
+ "sandboxed_api/sandbox2/policybuilder.cc",
+ "sandboxed_api/sandbox2/sandbox2.cc",
+ "sandboxed_api/sandbox2/stack_trace.cc",
+ "sandboxed_api/sandbox2/network_proxy/filtering.cc",
+ "sandboxed_api/sandbox2/network_proxy/server.cc",
+ ],
+ visibility: ["//device/google/cuttlefish:__subpackages__"],
+ whole_static_libs: [
+ "sandboxed_api_proto",
+ "sandboxed_api_shared_with_filewrapper",
"sandboxed_api_shared_with_forkserver",
],
defaults: ["sandboxed_api_cc_defaults"],
diff --git a/android/placeholder_exe b/android/placeholder_exe
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/android/placeholder_exe
diff --git a/android/sandboxed_api_glibc_compat.h b/android/sandboxed_api_glibc_compat.h
index 5765cf0..8211e98 100644
--- a/android/sandboxed_api_glibc_compat.h
+++ b/android/sandboxed_api_glibc_compat.h
@@ -17,3 +17,26 @@
// Typo in old glibc
#define PTRACE_EVENT_SECCOMP PTRAVE_EVENT_SECCOMP
+// From aosp/599933
+/*
+ * Older glibc builds predate seccomp inclusion. These arches are the ones
+ * AOSP needs and doesn't provide anything newer. All other targets can upgrade
+ * their kernel headers.
+ */
+#ifndef SYS_seccomp
+# if defined(__x86_64__)
+# define SYS_seccomp 317
+# elif defined(__i386__)
+# define SYS_seccomp 354
+# elif defined(__aarch64__)
+# define SYS_seccomp 277
+# elif defined(__arm__)
+# define SYS_seccomp 383
+# else
+# error "Update your kernel headers"
+# endif
+#endif
+
+#ifndef PTRACE_O_EXITKILL
+#define PTRACE_O_EXITKILL (1 << 20)
+#endif
diff --git a/android/sandboxed_api_musl_compat.h b/android/sandboxed_api_musl_compat.h
index 370a57c..6d4f384 100644
--- a/android/sandboxed_api_musl_compat.h
+++ b/android/sandboxed_api_musl_compat.h
@@ -14,4 +14,10 @@
// limitations under the License.
#pragma once
+// From aosp/2263921
+#define __SIGRTMIN 32
+#define __SIGRTMAX 64
+
typedef int __ptrace_request;
+
+typedef int __rlimit_resource;
