Skip to content

S
Startup Init Lite

OpenHarmony / Startup Init Lite
1 年多 前同步成功

通知 3
Star 37
Fork 0
S
Startup Init Lite
切换分支/标签
查找文件 普通视图历史永久链接Permalink
BUILD.gn 4.7 KB
Newer Older
X
<feat>  
xiacong 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 
# Copyright (c) 2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import("//base/startup/init/begetd.gni")
import(
    "//base/startup/init/services/modules/seccomp/scripts/seccomp_policy_fixer.gni")
import("//build/config/clang/clang.gni")
import("//build/ohos.gni")
import("//build/ohos/kernel/kernel.gni")

INIT_PART = "init"

action("syscall_to_nr_arm") {
  script = "${clang_base_path}/bin/clang"
  output_dir = target_gen_dir + "/libsyscall_to_nr_arm"
  args = [
    "-I",
    rebase_path(
        "//kernel/linux/patches/${linux_kernel_version}/prebuilts/usr/include/asm-arm"),
    "-I",
    rebase_path(
        "//kernel/linux/patches/${linux_kernel_version}/prebuilts/usr/include"),
    "-dD",
    "-E",
    "-Wall",
    "-nostdinc",
    "-o",
    rebase_path(output_dir),
    rebase_path("gen_syscall_name_nrs.c"),
  ]

  outputs = [ output_dir ]
}

action("syscall_to_nr_arm64") {
  script = "${clang_base_path}/bin/clang"
  output_dir = target_gen_dir + "/libsyscall_to_nr_arm64"
  args = [
    "-I",
    rebase_path(
        "//kernel/linux/patches/${linux_kernel_version}/prebuilts/usr/include/asm-arm64"),
    "-I",
    rebase_path(
        "//kernel/linux/patches/${linux_kernel_version}/prebuilts/usr/include"),
    "-dD",
    "-E",
    "-Wall",
    "-nostdinc",
    "-o",
    rebase_path(output_dir),
    rebase_path("gen_syscall_name_nrs.c"),
  ]

  outputs = [ output_dir ]
}

ohos_prebuilt_seccomp("system_filter") {
  sources = []
  if (target_cpu == "arm") {
    sources += [ "seccomp_policy/system_arm.seccomp.policy" ]
  } else if (target_cpu == "arm64") {
    sources += [
      # 64-bit machine also need check use 32-bit syscall
      "seccomp_policy/system_arm.seccomp.policy",
      "seccomp_policy/system_arm64.seccomp.policy",
    ]
  }

  filtername = "g_systemSeccompFilter"
  include_dirs = [ "." ]
  part_name = INIT_PART
  subsystem_name = "startup"

  install_enable = true
  install_images = [
    "system",
    "ramdisk",
X
<fix>  
xiacong 已提交
88 
    "updater",
X
<feat>  
xiacong 已提交
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 
  ]
}

ohos_prebuilt_seccomp("appspawn_filter") {
  sources = []
  if (target_cpu == "arm") {
    sources += [ "seccomp_policy/spawn_arm.seccomp.policy" ]
  } else if (target_cpu == "arm64") {
    sources += [
      # 64-bit machine also need check use 32-bit syscall
      "seccomp_policy/spawn_arm.seccomp.policy",
      "seccomp_policy/spawn_arm64.seccomp.policy",
    ]
  }

  filtername = "g_appspawnSeccompFilter"
  include_dirs = [ "." ]
  part_name = INIT_PART
  subsystem_name = "startup"

  install_enable = true
  install_images = [
    "system",
    "ramdisk",
X
<fix>  
xiacong 已提交
113 
    "updater",
X
<feat>  
xiacong 已提交
114 115 116 
  ]
}
J
feat: 添加webview渲染进程Seccomp-BPF策略  
JerryH1011 已提交
117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 
ohos_prebuilt_seccomp("nwebspawn_filter") {
  if (target_cpu == "arm") {
    sources = [ "seccomp_policy/renderer_arm.seccomp.policy" ]
  } else if (target_cpu == "arm64") {
    sources = [ "seccomp_policy/renderer_arm64.seccomp.policy" ]
  }

  filtername = "g_nwebspawnSeccompFilter"
  include_dirs = [ "." ]
  part_name = INIT_PART
  subsystem_name = "startup"

  install_enable = true
  install_images = [
    "system",
    "ramdisk",
    "updater",
  ]
}
X
<feat>  
xiacong 已提交
137 138 
ohos_shared_library("seccomp_module") {
  sources = [ "seccomp_policy.c" ]
X
<feat>  
xiacong 已提交
139 140 

  include_dirs = [
X
<feat>  
xiacong 已提交
141 
    "//base/startup/init/services/modules",
X
<feat>  
xiacong 已提交
142 143 144 145 146 147 148 
    "//base/startup/init/interfaces/innerkits/include",
    "//base/startup/init/interfaces/innerkits/seccomp/include",
    "//base/startup/init/services/modules/seccomp",
  ]

  deps = [
    ":appspawn_filter",
J
feat: 添加webview渲染进程Seccomp-BPF策略  
JerryH1011 已提交
149 
    ":nwebspawn_filter",
X
<feat>  
xiacong 已提交
150 
    ":system_filter",
X
<feat>  
xiacong 已提交
151 
    "//base/startup/init/interfaces/innerkits:libbegetutil",
X
<feat>  
xiacong 已提交
152 153 
  ]
X
<feat>  
xiacong 已提交
154 
  cflags = [ "-DSECCOMP_PLUGIN" ]
X
<feat>  
xiacong 已提交
155
X
<feat>  
xiacong 已提交
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 
  external_deps = [ "init:libinit_module_engine" ]

  part_name = "init"
  if (target_cpu == "arm64") {
    module_install_dir = "lib64/init"
  } else {
    module_install_dir = "lib/init"
  }
  install_images = [
    "system",
    "ramdisk",
    "updater",
  ]
}

config("libseccomp_static_config") {
  include_dirs = [
    "//base/startup/init/services/modules",
    "//base/startup/init/services/modules/seccomp",
    "//base/startup/init/interfaces/innerkits/seccomp/include",
  ]
}

ohos_source_set("libseccomp_static") {
  sources = [ "seccomp_policy_static.c" ]
  public_configs = [ ":libseccomp_static_config" ]
  public_configs += [ "//base/startup/init/interfaces/innerkits/init_module_engine:init_module_engine_exported_config" ]
X
<feat>  
xiacong 已提交
183 
}