Create Make flags to set source tree as ReadOnly in soong builds
The following two Make vars control RO/RW access to the source tree
1. BUILD_BROKEN_SRC_DIR_IS_WRITABLE
2. BUILD_BROKEN_SRC_DIR_RW_ALLOWLIST
By default, (1) will be truthy.
- this ensures that this CL is a non breaking change across all products
- different products can opt in to set is as "false"
Bug: 174726238
Test: from build/soong dir, ran go test ./ui/build
Change-Id: I4d55ac74f02b2a73194d31506a9010162620b25a
diff --git a/ui/build/sandbox_linux_test.go b/ui/build/sandbox_linux_test.go
new file mode 100644
index 0000000..7bfd750
--- /dev/null
+++ b/ui/build/sandbox_linux_test.go
@@ -0,0 +1,104 @@
+// Copyright 2021 Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package build
+
+import (
+ "os"
+ "testing"
+)
+
+func TestMain(m *testing.M) {
+ // set src dir of sandbox
+ sandboxConfig.srcDir = "/my/src/dir"
+ os.Exit(m.Run())
+}
+
+func TestMountFlagsSrcDir(t *testing.T) {
+ testCases := []struct {
+ srcDirIsRO bool
+ expectedSrcDirFlag string
+ }{
+ {
+ srcDirIsRO: false,
+ expectedSrcDirFlag: "-B",
+ },
+ {
+ srcDirIsRO: true,
+ expectedSrcDirFlag: "-R",
+ },
+ }
+ for _, testCase := range testCases {
+ c := testCmd()
+ c.config.sandboxConfig.SetSrcDirIsRO(testCase.srcDirIsRO)
+ c.wrapSandbox()
+ if !isExpectedMountFlag(c.Args, sandboxConfig.srcDir, testCase.expectedSrcDirFlag) {
+ t.Error("Mount flag of srcDir is not correct")
+ }
+ }
+}
+
+func TestMountFlagsSrcDirRWAllowlist(t *testing.T) {
+ testCases := []struct {
+ srcDirRWAllowlist []string
+ }{
+ {
+ srcDirRWAllowlist: []string{},
+ },
+ {
+ srcDirRWAllowlist: []string{"my/path"},
+ },
+ {
+ srcDirRWAllowlist: []string{"my/path1", "my/path2"},
+ },
+ }
+ for _, testCase := range testCases {
+ c := testCmd()
+ c.config.sandboxConfig.SetSrcDirIsRO(true)
+ c.config.sandboxConfig.SetSrcDirRWAllowlist(testCase.srcDirRWAllowlist)
+ c.wrapSandbox()
+ for _, allowlistPath := range testCase.srcDirRWAllowlist {
+ if !isExpectedMountFlag(c.Args, allowlistPath, "-B") {
+ t.Error("Mount flag of srcDirRWAllowlist is not correct, expect -B")
+ }
+ }
+ }
+}
+
+// utils for setting up test
+func testConfig() Config {
+ // create a minimal testConfig
+ env := Environment([]string{})
+ sandboxConfig := SandboxConfig{}
+ return Config{&configImpl{environ: &env,
+ sandboxConfig: &sandboxConfig}}
+}
+
+func testCmd() *Cmd {
+ return Command(testContext(), testConfig(), "sandbox_test", "path/to/nsjail")
+}
+
+func isExpectedMountFlag(cmdArgs []string, dirName string, expectedFlag string) bool {
+ indexOfSrcDir := index(cmdArgs, dirName)
+ return cmdArgs[indexOfSrcDir-1] == expectedFlag
+}
+
+func index(arr []string, target string) int {
+ for idx, element := range arr {
+ if element == target {
+ return idx
+ }
+ }
+ panic("element could not be located in input array")
+}