# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import("//base/startup/init/begetd.gni") import( "//base/startup/init/services/modules/seccomp/scripts/seccomp_policy_fixer.gni") import("//build/config/clang/clang.gni") import("//build/ohos.gni") import("//build/ohos/kernel/kernel.gni") INIT_PART = "init" action("syscall_to_nr_arm") { script = "${clang_base_path}/bin/clang" output_dir = target_gen_dir + "/libsyscall_to_nr_arm" args = [ "-I", rebase_path( "//kernel/linux/patches/${linux_kernel_version}/prebuilts/usr/include/asm-arm"), "-I", rebase_path( "//kernel/linux/patches/${linux_kernel_version}/prebuilts/usr/include"), "-dD", "-E", "-Wall", "-nostdinc", "-o", rebase_path(output_dir), rebase_path("gen_syscall_name_nrs.c"), ] outputs = [ output_dir ] } action("syscall_to_nr_arm64") { script = "${clang_base_path}/bin/clang" output_dir = target_gen_dir + "/libsyscall_to_nr_arm64" args = [ "-I", rebase_path( "//kernel/linux/patches/${linux_kernel_version}/prebuilts/usr/include/asm-arm64"), "-I", rebase_path( "//kernel/linux/patches/${linux_kernel_version}/prebuilts/usr/include"), "-dD", "-E", "-Wall", "-nostdinc", "-o", rebase_path(output_dir), rebase_path("gen_syscall_name_nrs.c"), ] outputs = [ output_dir ] } ohos_prebuilt_seccomp("system_filter") { sources = [] if (target_cpu == "arm") { sources += [ "seccomp_policy/system_arm.seccomp.policy" ] } else if (target_cpu == "arm64") { sources += [ # 64-bit machine also need check use 32-bit syscall "seccomp_policy/system_arm.seccomp.policy", "seccomp_policy/system_arm64.seccomp.policy", ] } filtername = "g_systemSeccompFilter" include_dirs = [ "." ] part_name = INIT_PART subsystem_name = "startup" install_enable = true install_images = [ "system", "ramdisk", "updater", ] } ohos_prebuilt_seccomp("appspawn_filter") { sources = [] if (target_cpu == "arm") { sources += [ "seccomp_policy/spawn_arm.seccomp.policy" ] } else if (target_cpu == "arm64") { sources += [ # 64-bit machine also need check use 32-bit syscall "seccomp_policy/spawn_arm.seccomp.policy", "seccomp_policy/spawn_arm64.seccomp.policy", ] } filtername = "g_appspawnSeccompFilter" include_dirs = [ "." ] part_name = INIT_PART subsystem_name = "startup" install_enable = true install_images = [ "system", "ramdisk", "updater", ] } ohos_prebuilt_seccomp("nwebspawn_filter") { if (target_cpu == "arm") { sources = [ "seccomp_policy/renderer_arm.seccomp.policy" ] } else if (target_cpu == "arm64") { sources = [ "seccomp_policy/renderer_arm64.seccomp.policy" ] } filtername = "g_nwebspawnSeccompFilter" include_dirs = [ "." ] part_name = INIT_PART subsystem_name = "startup" install_enable = true install_images = [ "system", "ramdisk", "updater", ] } ohos_shared_library("seccomp_module") { sources = [ "seccomp_policy.c" ] include_dirs = [ "//base/startup/init/services/modules", "//base/startup/init/interfaces/innerkits/include", "//base/startup/init/interfaces/innerkits/seccomp/include", "//base/startup/init/services/modules/seccomp", ] deps = [ ":appspawn_filter", ":nwebspawn_filter", ":system_filter", "//base/startup/init/interfaces/innerkits:libbegetutil", ] cflags = [ "-DSECCOMP_PLUGIN" ] external_deps = [ "init:libinit_module_engine" ] part_name = "init" if (target_cpu == "arm64") { module_install_dir = "lib64/init" } else { module_install_dir = "lib/init" } install_images = [ "system", "ramdisk", "updater", ] } config("libseccomp_static_config") { include_dirs = [ "//base/startup/init/services/modules", "//base/startup/init/services/modules/seccomp", "//base/startup/init/interfaces/innerkits/seccomp/include", ] } ohos_source_set("libseccomp_static") { sources = [ "seccomp_policy_static.c" ] public_configs = [ ":libseccomp_static_config" ] public_configs += [ "//base/startup/init/interfaces/innerkits/init_module_engine:init_module_engine_exported_config" ] }