diff options
| author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-06 05:42:45 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-06 05:42:45 +0000 |
| commit | 895664552838062061ee86dda84b968864ed527c (patch) | |
| tree | b4ec5c7a96e9bae1d65f5fe9bf5bff9b3f5ec9de | |
| parent | 101e43751522913cde61c77e1ca02bc2c90c0d7b (diff) | |
| parent | 75b3266e22fdcf8ae73607b8346d1f156cea28ce (diff) | |
| download | core-895664552838062061ee86dda84b968864ed527c.tar.gz | |
configs for jailed procs to dump code coverage data am: 75b3266e22
Change-Id: If12cd080355dd1f7b1e52d26e762c144434de2a5
| -rw-r--r-- | code_coverage/Android.mk | 37 | ||||
| -rw-r--r-- | code_coverage/empty_policy/code_coverage.arm.policy | 2 | ||||
| -rw-r--r-- | code_coverage/empty_policy/code_coverage.arm64.policy | 2 | ||||
| -rw-r--r-- | code_coverage/empty_policy/code_coverage.x86.policy | 2 | ||||
| -rw-r--r-- | code_coverage/empty_policy/code_coverage.x86_64.policy | 2 | ||||
| -rw-r--r-- | code_coverage/seccomp_policy/code_coverage.arm.policy | 14 | ||||
| -rw-r--r-- | code_coverage/seccomp_policy/code_coverage.arm64.policy | 13 | ||||
| -rw-r--r-- | code_coverage/seccomp_policy/code_coverage.policy.def | 51 | ||||
| -rw-r--r-- | code_coverage/seccomp_policy/code_coverage.x86.policy | 13 | ||||
| -rw-r--r-- | code_coverage/seccomp_policy/code_coverage.x86_64.policy | 12 | ||||
| -rwxr-xr-x | code_coverage/seccomp_policy/generate.sh | 12 |
11 files changed, 160 insertions, 0 deletions
diff --git a/code_coverage/Android.mk b/code_coverage/Android.mk new file mode 100644 index 000000000..80ab36be6 --- /dev/null +++ b/code_coverage/Android.mk @@ -0,0 +1,37 @@ +# policies to allow processes inside minijail to dump code coverage information +# + +LOCAL_PATH := $(call my-dir) + + +include $(CLEAR_VARS) +LOCAL_MODULE := code_coverage.policy +LOCAL_MODULE_CLASS := ETC +LOCAL_MULTILIB := both + +ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64)) +LOCAL_MODULE_STEM_32 := code_coverage.arm.policy +LOCAL_MODULE_STEM_64 := code_coverage.arm64.policy +endif + +ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), x86 x86_64)) +LOCAL_MODULE_STEM_32 := code_coverage.x86.policy +LOCAL_MODULE_STEM_64 := code_coverage.x86_64.policy +endif + +# different files for different configurations +ifeq ($(NATIVE_COVERAGE),true) +LOCAL_SRC_FILES_arm := seccomp_policy/code_coverage.arm.policy +LOCAL_SRC_FILES_arm64 := seccomp_policy/code_coverage.arm64.policy +LOCAL_SRC_FILES_x86 := seccomp_policy/code_coverage.x86.policy +LOCAL_SRC_FILES_x86_64 := seccomp_policy/code_coverage.x86_64.policy +else +LOCAL_SRC_FILES_arm := empty_policy/code_coverage.arm.policy +LOCAL_SRC_FILES_arm64 := empty_policy/code_coverage.arm64.policy +LOCAL_SRC_FILES_x86 := empty_policy/code_coverage.x86.policy +LOCAL_SRC_FILES_x86_64 := empty_policy/code_coverage.x86_64.policy +endif + +LOCAL_MODULE_TARGET_ARCH := arm arm64 x86 x86_64 +LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/seccomp_policy +include $(BUILD_PREBUILT) diff --git a/code_coverage/empty_policy/code_coverage.arm.policy b/code_coverage/empty_policy/code_coverage.arm.policy new file mode 100644 index 000000000..4c9132b06 --- /dev/null +++ b/code_coverage/empty_policy/code_coverage.arm.policy @@ -0,0 +1,2 @@ +# empty unless code_coverage is enabled. +# code_coverage.arm.policy diff --git a/code_coverage/empty_policy/code_coverage.arm64.policy b/code_coverage/empty_policy/code_coverage.arm64.policy new file mode 100644 index 000000000..dc5c35a4d --- /dev/null +++ b/code_coverage/empty_policy/code_coverage.arm64.policy @@ -0,0 +1,2 @@ +# empty unless code_coverage is enabled. +# code_coverage.arm64.policy diff --git a/code_coverage/empty_policy/code_coverage.x86.policy b/code_coverage/empty_policy/code_coverage.x86.policy new file mode 100644 index 000000000..044f34c96 --- /dev/null +++ b/code_coverage/empty_policy/code_coverage.x86.policy @@ -0,0 +1,2 @@ +# empty unless code_coverage is enabled. +# code_coverage.x86.policy diff --git a/code_coverage/empty_policy/code_coverage.x86_64.policy b/code_coverage/empty_policy/code_coverage.x86_64.policy new file mode 100644 index 000000000..6dcd22d79 --- /dev/null +++ b/code_coverage/empty_policy/code_coverage.x86_64.policy @@ -0,0 +1,2 @@ +# empty unless code_coverage is enabled. +# code_coverage.x86_64.policy diff --git a/code_coverage/seccomp_policy/code_coverage.arm.policy b/code_coverage/seccomp_policy/code_coverage.arm.policy new file mode 100644 index 000000000..d6784e371 --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.arm.policy @@ -0,0 +1,14 @@ +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 +fcntl64: 1 +fstat64: 1 +geteuid32: 1 +_llseek: 1 +mmap2: 1 +sigreturn: 1 +gettimeofday: 1 +prctl: 1 diff --git a/code_coverage/seccomp_policy/code_coverage.arm64.policy b/code_coverage/seccomp_policy/code_coverage.arm64.policy new file mode 100644 index 000000000..4c3dd2664 --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.arm64.policy @@ -0,0 +1,13 @@ +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 +fcntl: 1 +fstat: 1 +geteuid: 1 +lseek: 1 +mmap: 1 +rt_sigreturn: 1 +prctl: 1 diff --git a/code_coverage/seccomp_policy/code_coverage.policy.def b/code_coverage/seccomp_policy/code_coverage.policy.def new file mode 100644 index 000000000..f136084bc --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.policy.def @@ -0,0 +1,51 @@ +// SECCOMP_MODE_STRICT +// +// minijail allowances for code coverage +// this is processed with generate.sh, so we can use appropriate directives +// size specific: __LP64__ for 64 bit, else 32 bit +// arch specific: __arm__, __aarch64__, __i386__, __x86_64__ + +// includes *all* syscalls used during the coverage dumping +// no skipping just because they might have been in another policy file. + +// coverage tool uses different operations on different passes +// 1st: uses write() to fill the file +// 2nd-Nth: uses mmap() to update in place + +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 + +#if defined(__LP64__) +fcntl: 1 +fstat: 1 +geteuid: 1 +lseek: 1 +mmap: 1 +rt_sigreturn: 1 +#else +fcntl64: 1 +fstat64: 1 +geteuid32: 1 +_llseek: 1 +mmap2: 1 +sigreturn: 1 +#endif + +#if defined(__arm__) +gettimeofday: 1 +#endif + +#if defined(__i386__) +madvise: 1 +#endif + +#if defined(__arm__) +prctl: 1 +#elif defined(__aarch64__) +prctl: 1 +#endif + diff --git a/code_coverage/seccomp_policy/code_coverage.x86.policy b/code_coverage/seccomp_policy/code_coverage.x86.policy new file mode 100644 index 000000000..24ff8b9c0 --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.x86.policy @@ -0,0 +1,13 @@ +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 +fcntl64: 1 +fstat64: 1 +geteuid32: 1 +_llseek: 1 +mmap2: 1 +sigreturn: 1 +madvise: 1 diff --git a/code_coverage/seccomp_policy/code_coverage.x86_64.policy b/code_coverage/seccomp_policy/code_coverage.x86_64.policy new file mode 100644 index 000000000..308103654 --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.x86_64.policy @@ -0,0 +1,12 @@ +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 +fcntl: 1 +fstat: 1 +geteuid: 1 +lseek: 1 +mmap: 1 +rt_sigreturn: 1 diff --git a/code_coverage/seccomp_policy/generate.sh b/code_coverage/seccomp_policy/generate.sh new file mode 100755 index 000000000..ae582c647 --- /dev/null +++ b/code_coverage/seccomp_policy/generate.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# generate the arch-specific files from the generic one + +set -ex + +cd "$(dirname "$0")" +CPP='cpp -undef -E -P code_coverage.policy.def' +$CPP -D__arm__ -o code_coverage.arm.policy +$CPP -D__aarch64__ -D__LP64__ -o code_coverage.arm64.policy +$CPP -D__i386__ -o code_coverage.x86.policy +$CPP -D__x86_64__ -D__LP64__ -o code_coverage.x86_64.policy |