diff options
| author | 2024-09-06 17:25:00 +0900 | |
|---|---|---|
| committer | 2024-09-27 00:15:15 +0000 | |
| commit | f7cd03e1788a1102e50682de1dab2367a2eb192d (patch) | |
| tree | 8c39cfb88dd297cf66326374323833ace858d8ca /genrule | |
| parent | fc79aabd8451270a39b1553785e325b06cfbf0b3 (diff) | |
Add nsjail support to genrule
By setting `use_nsjail: true`, nsjail will be used instead of soong
sbox. The usage of nsjail must be highly restricted for now.
Bug: 364178791
Test: m lk.bin
Change-Id: Iffd1404093a1165b4384fdec58525fe16f7ed7af
Diffstat (limited to 'genrule')
| -rw-r--r-- | genrule/Android.bp | 50 | ||||
| -rw-r--r-- | genrule/genrule.go | 53 |
2 files changed, 88 insertions, 15 deletions
diff --git a/genrule/Android.bp b/genrule/Android.bp index f4197e691..49df48075 100644 --- a/genrule/Android.bp +++ b/genrule/Android.bp @@ -25,3 +25,53 @@ bootstrap_go_package { // Used by plugins visibility: ["//visibility:public"], } + +genrule { + name: "nsjail_genrule_test_input", + cmd: "echo nsjail_genrule_test_input > $(out)", + out: ["nsjail_genrule_test_input.txt"], +} + +// Pseudo-test that's run on checkbuilds to verify consistent directory +// structure for genrules using sbox or nsjail. +genrule_defaults { + name: "nsjail_genrule_test_gen_defaults", + // verify both relative paths and its contents + cmd: "(echo $(out) $(genDir) && sha256sum " + + "$(location get_clang_version) " + + "$(location py3-cmd) " + + "$(location genrule.go) " + + "$(location :nsjail_genrule_test_input) " + + "$(locations *.go)) | sed 's@\\./@@g' > $(out)", + tools: [ + "get_clang_version", // random tool + "py3-cmd", // random prebuilt tool + ], + tool_files: ["genrule.go"], // random local file + srcs: [ + ":nsjail_genrule_test_input", // random OutputFileProducer + "*.go", // random glob + ], + out: ["nsjail_genrule_test.txt"], +} + +genrule { + name: "nsjail_genrule_test_gen_without_nsjail", + defaults: ["nsjail_genrule_test_gen_defaults"], +} + +genrule { + name: "nsjail_genrule_test_gen_with_nsjail", + defaults: ["nsjail_genrule_test_gen_defaults"], + use_nsjail: true, +} + +genrule { + name: "nsjail_genrule_test", + srcs: [ + ":nsjail_genrule_test_gen_without_nsjail", + ":nsjail_genrule_test_gen_with_nsjail", + ], + cmd: "diff $(in) > $(out)", + out: ["nsjail_genrule_test"], +} diff --git a/genrule/genrule.go b/genrule/genrule.go index a48038bac..0aecc452c 100644 --- a/genrule/genrule.go +++ b/genrule/genrule.go @@ -21,6 +21,7 @@ package genrule import ( "fmt" "io" + "path/filepath" "strconv" "strings" @@ -210,6 +211,9 @@ type generateTask struct { // For gensrsc sharding. shard int shards int + + // For nsjail tasks + useNsjail bool } func (g *Module) GeneratedSourceFiles() android.Paths { @@ -454,21 +458,26 @@ func (g *Module) generateCommonBuildActions(ctx android.ModuleContext) { // Pick a unique path outside the task.genDir for the sbox manifest textproto, // a unique rule name, and the user-visible description. - manifestName := "genrule.sbox.textproto" + var rule *android.RuleBuilder desc := "generate" name := "generator" - if task.shards > 0 { - manifestName = "genrule_" + strconv.Itoa(task.shard) + ".sbox.textproto" - desc += " " + strconv.Itoa(task.shard) - name += strconv.Itoa(task.shard) - } else if len(task.out) == 1 { - desc += " " + task.out[0].Base() - } + if task.useNsjail { + rule = android.NewRuleBuilder(pctx, ctx).Nsjail(task.genDir, android.PathForModuleOut(ctx, "nsjail_build_sandbox")) + } else { + manifestName := "genrule.sbox.textproto" + if task.shards > 0 { + manifestName = "genrule_" + strconv.Itoa(task.shard) + ".sbox.textproto" + desc += " " + strconv.Itoa(task.shard) + name += strconv.Itoa(task.shard) + } else if len(task.out) == 1 { + desc += " " + task.out[0].Base() + } - manifestPath := android.PathForModuleOut(ctx, manifestName) + manifestPath := android.PathForModuleOut(ctx, manifestName) - // Use a RuleBuilder to create a rule that runs the command inside an sbox sandbox. - rule := getSandboxedRuleBuilder(ctx, android.NewRuleBuilder(pctx, ctx).Sbox(task.genDir, manifestPath)) + // Use a RuleBuilder to create a rule that runs the command inside an sbox sandbox. + rule = getSandboxedRuleBuilder(ctx, android.NewRuleBuilder(pctx, ctx).Sbox(task.genDir, manifestPath)) + } if Bool(g.properties.Write_if_changed) { rule.Restat() } @@ -569,6 +578,15 @@ func (g *Module) generateCommonBuildActions(ctx android.ModuleContext) { cmd.OrderOnly(ctx.Config().BuildNumberFile(ctx)) } + if task.useNsjail { + for _, input := range task.in { + // can fail if input is a file. + if paths, err := ctx.GlobWithDeps(filepath.Join(input.String(), "**/*"), nil); err == nil { + rule.NsjailImplicits(android.PathsForSource(ctx, paths)) + } + } + } + // Create the rule to run the genrule command inside sbox. rule.Build(name, desc) @@ -832,15 +850,18 @@ func NewGenRule() *Module { properties := &genRuleProperties{} taskGenerator := func(ctx android.ModuleContext, rawCommand string, srcFiles android.Paths) []generateTask { + useNsjail := Bool(properties.Use_nsjail) + outs := make(android.WritablePaths, len(properties.Out)) for i, out := range properties.Out { outs[i] = android.PathForModuleGen(ctx, out) } return []generateTask{{ - in: srcFiles, - out: outs, - genDir: android.PathForModuleGen(ctx), - cmd: rawCommand, + in: srcFiles, + out: outs, + genDir: android.PathForModuleGen(ctx), + cmd: rawCommand, + useNsjail: useNsjail, }} } @@ -855,6 +876,8 @@ func GenRuleFactory() android.Module { } type genRuleProperties struct { + Use_nsjail *bool + // names of the output files that will be generated Out []string `android:"arch_variant"` } |