seccomp: Generate the policy files at compile time This change avoids having to run the genseccomp.py script every time a policy file is edited, and instead generates these files at compile-time. Bug: None Test: m Test: find out/soong/ -name x86_64_global_policy.cpp # Shows files Test: generated policies are equivalent to original policies Change-Id: I12461fe0c5fb02c008c1b2503fbb994b8aa2f56b

commit: fa09b3c7542b801b6d78d8ed4fbd20c174c5da40 [log] [tgz]
author: Luis Hector Chavez <lhchavez@google.com> Fri Aug 03 20:53:28 2018 -0700
committer: Luis Hector Chavez <lhchavez@google.com> Mon Aug 06 11:10:25 2018 -0700
tree: b029c976fecb0b8e684f43be69f3d8e42a3d011f
parent: ea6aff66fa61f973e5cae0c8ebeed218ab316e19 [diff] [blame]
diff --git a/libc/Android.bp b/libc/Android.bp
index 44b0b68..1f95ce8 100644
--- a/libc/Android.bp
+++ b/libc/Android.bp

@@ -2152,3 +2152,227 @@
         "kernel/uapi/linux/input-event-codes.h",
     ],
 }
+
+// Generate a syscall name / number mapping. These objects are text files
+// (thanks to the -dD -E flags) and not binary files. They will then be
+// consumed by the genseccomp.py script and converted into C++ code.
+cc_defaults {
+    name: "libseccomp_gen_syscall_nrs_defaults",
+    recovery_available: true,
+    srcs: ["seccomp/gen_syscall_nrs.cpp"],
+    cflags: [
+        "-dD",
+        "-E",
+        "-Wall",
+        "-Werror",
+        "-nostdinc",
+    ],
+}
+
+cc_object {
+    name: "libseccomp_gen_syscall_nrs_arm",
+    defaults: ["libseccomp_gen_syscall_nrs_defaults"],
+    local_include_dirs: [
+        "kernel/uapi/asm-arm",
+        "kernel/uapi",
+    ],
+}
+
+cc_object {
+    name: "libseccomp_gen_syscall_nrs_arm64",
+    defaults: ["libseccomp_gen_syscall_nrs_defaults"],
+    local_include_dirs: [
+        "kernel/uapi/asm-arm64",
+        "kernel/uapi",
+    ],
+}
+
+cc_object {
+    name: "libseccomp_gen_syscall_nrs_x86",
+    defaults: ["libseccomp_gen_syscall_nrs_defaults"],
+    srcs: ["seccomp/gen_syscall_nrs_x86.cpp"],
+    exclude_srcs: ["seccomp/gen_syscall_nrs.cpp"],
+    local_include_dirs: [
+        "kernel/uapi/asm-x86",
+        "kernel/uapi",
+    ],
+}
+
+cc_object {
+    name: "libseccomp_gen_syscall_nrs_x86_64",
+    defaults: ["libseccomp_gen_syscall_nrs_defaults"],
+    srcs: ["seccomp/gen_syscall_nrs_x86_64.cpp"],
+    exclude_srcs: ["seccomp/gen_syscall_nrs.cpp"],
+    local_include_dirs: [
+        "kernel/uapi/asm-x86",
+        "kernel/uapi",
+    ],
+}
+
+cc_object {
+    name: "libseccomp_gen_syscall_nrs_mips",
+    defaults: ["libseccomp_gen_syscall_nrs_defaults"],
+    cflags: [
+        "-D_MIPS_SIM=_MIPS_SIM_ABI32",
+    ],
+    local_include_dirs: [
+        "kernel/uapi/asm-mips",
+        "kernel/uapi",
+    ],
+}
+
+cc_object {
+    name: "libseccomp_gen_syscall_nrs_mips64",
+    defaults: ["libseccomp_gen_syscall_nrs_defaults"],
+    cflags: [
+        "-D_MIPS_SIM=_MIPS_SIM_ABI64",
+    ],
+    local_include_dirs: [
+        "kernel/uapi/asm-mips",
+        "kernel/uapi",
+    ],
+}
+
+// Generate the C++ policy sources for app, system, and global seccomp-bpf
+// filters.
+python_binary_host {
+    name: "genseccomp",
+    main: "tools/genseccomp.py",
+
+    srcs: [
+        "tools/genseccomp.py",
+        "tools/gensyscalls.py",
+    ],
+
+    data: [
+        "kernel/uapi/**/*.h",
+    ],
+
+    version: {
+        py2: {
+            enabled: true,
+        },
+        py3: {
+            enabled: false,
+        },
+    },
+}
+
+cc_genrule {
+    name: "libseccomp_policy_app_sources",
+    recovery_available: true,
+    cmd: "$(location genseccomp) --out-dir=$(genDir) --name-modifier=app $(in)",
+
+    tools: [ "genseccomp" ],
+
+    srcs: [
+        "SYSCALLS.TXT",
+        "SECCOMP_WHITELIST_COMMON.TXT",
+        "SECCOMP_WHITELIST_APP.TXT",
+        "SECCOMP_BLACKLIST_COMMON.TXT",
+        "SECCOMP_BLACKLIST_APP.TXT",
+        ":libseccomp_gen_syscall_nrs_arm",
+        ":libseccomp_gen_syscall_nrs_arm64",
+        ":libseccomp_gen_syscall_nrs_mips",
+        ":libseccomp_gen_syscall_nrs_mips64",
+        ":libseccomp_gen_syscall_nrs_x86",
+        ":libseccomp_gen_syscall_nrs_x86_64",
+    ],
+
+    out: [
+        "arm64_app_policy.cpp",
+        "arm_app_policy.cpp",
+        "mips64_app_policy.cpp",
+        "mips_app_policy.cpp",
+        "x86_64_app_policy.cpp",
+        "x86_app_policy.cpp",
+    ],
+}
+
+cc_genrule {
+    name: "libseccomp_policy_system_sources",
+    recovery_available: true,
+    cmd: "$(location genseccomp) --out-dir=$(genDir) --name-modifier=system $(in)",
+
+    tools: [ "genseccomp" ],
+
+    srcs: [
+        "SYSCALLS.TXT",
+        "SECCOMP_WHITELIST_COMMON.TXT",
+        "SECCOMP_WHITELIST_SYSTEM.TXT",
+        "SECCOMP_BLACKLIST_COMMON.TXT",
+        ":libseccomp_gen_syscall_nrs_arm",
+        ":libseccomp_gen_syscall_nrs_arm64",
+        ":libseccomp_gen_syscall_nrs_mips",
+        ":libseccomp_gen_syscall_nrs_mips64",
+        ":libseccomp_gen_syscall_nrs_x86",
+        ":libseccomp_gen_syscall_nrs_x86_64",
+    ],
+
+    out: [
+        "arm64_system_policy.cpp",
+        "arm_system_policy.cpp",
+        "mips64_system_policy.cpp",
+        "mips_system_policy.cpp",
+        "x86_64_system_policy.cpp",
+        "x86_system_policy.cpp",
+    ],
+}
+
+cc_genrule {
+    name: "libseccomp_policy_global_sources",
+    recovery_available: true,
+    cmd: "$(location genseccomp) --out-dir=$(genDir) --name-modifier=global $(in)",
+
+    tools: [ "genseccomp" ],
+
+    srcs: [
+        "SYSCALLS.TXT",
+        "SECCOMP_WHITELIST_COMMON.TXT",
+        "SECCOMP_WHITELIST_SYSTEM.TXT",
+        "SECCOMP_WHITELIST_APP.TXT",
+        "SECCOMP_WHITELIST_GLOBAL.TXT",
+        "SECCOMP_BLACKLIST_COMMON.TXT",
+        ":libseccomp_gen_syscall_nrs_arm",
+        ":libseccomp_gen_syscall_nrs_arm64",
+        ":libseccomp_gen_syscall_nrs_mips",
+        ":libseccomp_gen_syscall_nrs_mips64",
+        ":libseccomp_gen_syscall_nrs_x86",
+        ":libseccomp_gen_syscall_nrs_x86_64",
+    ],
+
+    out: [
+        "arm64_global_policy.cpp",
+        "arm_global_policy.cpp",
+        "mips64_global_policy.cpp",
+        "mips_global_policy.cpp",
+        "x86_64_global_policy.cpp",
+        "x86_global_policy.cpp",
+    ],
+}
+
+cc_library {
+    name: "libseccomp_policy",
+    recovery_available: true,
+    generated_sources: [
+        "libseccomp_policy_app_sources",
+        "libseccomp_policy_global_sources",
+        "libseccomp_policy_system_sources",
+    ],
+
+    srcs: [
+        "seccomp/seccomp_policy.cpp",
+    ],
+
+    export_include_dirs: ["seccomp/include"],
+    cflags: [
+        "-Wall",
+        "-Werror",
+    ],
+    shared: {
+        shared_libs: ["libbase"],
+    },
+    static: {
+        static_libs: ["libbase"],
+    },
+}
commit	fa09b3c7542b801b6d78d8ed4fbd20c174c5da40	[log] [tgz]
author	Luis Hector Chavez <lhchavez@google.com>	Fri Aug 03 20:53:28 2018 -0700
committer	Luis Hector Chavez <lhchavez@google.com>	Mon Aug 06 11:10:25 2018 -0700
tree	b029c976fecb0b8e684f43be69f3d8e42a3d011f
parent	ea6aff66fa61f973e5cae0c8ebeed218ab316e19 [diff] [blame]