Snap for 11169761 from 26f8b0bc611317acc2911a7c405efd2451507584 to 24Q1-releaseandroid-14.0.0_r37android-14.0.0_r36android-14.0.0_r35android-14.0.0_r34android-14.0.0_r33android-14.0.0_r32android-14.0.0_r31android-14.0.0_r30android-14.0.0_r29android-14.0.0_r28android14-qpr2-s5-releaseandroid14-qpr2-s4-releaseandroid14-qpr2-s3-releaseandroid14-qpr2-s2-releaseandroid14-qpr2-s1-releaseandroid14-qpr2-release

Change-Id: I3bee264e556b8d5c72415851d1cd2288a10f16e5

4 files changed, 160 insertions, 6 deletions

diff --git a/Android.bp b/Android.bp
index ad5423c..fa43aa8 100644
--- a/Android.bp
+++ b/Android.bp
@@ -76,11 +76,35 @@ cc_defaults {
     },
     cflags: [
         "-Wno-unused-parameter",
+        "-Wno-missing-field-initializers", // for sandboxed_api/sandbox2/policy.cc
         "-fbracket-depth=768", // for syscall_defs.cc
     ],
     defaults: ["sandboxed_api_defaults"],
 }
 
+cc_library {
+    name: "sandboxed_api_shared_with_filewrapper",
+    srcs: [
+        "sandboxed_api/util/file_helpers.cc",
+        "sandboxed_api/util/fileops.cc",
+        "sandboxed_api/util/path.cc",
+        "sandboxed_api/util/raw_logging.cc",
+        "sandboxed_api/util/status.cc",
+        "sandboxed_api/util/strerror.cc",
+    ],
+    defaults: ["sandboxed_api_cc_defaults"],
+}
+
+cc_binary {
+    name: "sandboxed_api_filewrapper",
+    srcs: [
+        "sandboxed_api/tools/filewrapper/filewrapper.cc",
+    ],
+    static_libs: [
+        "sandboxed_api_shared_with_filewrapper",
+    ],
+    defaults: ["sandboxed_api_cc_defaults"],
+}
 
 cc_library {
     name: "sandboxed_api_shared_with_forkserver",
@@ -91,6 +115,7 @@ cc_library {
         "sandboxed_api/sandbox2/buffer.cc",
         "sandboxed_api/sandbox2/client.cc",
         "sandboxed_api/sandbox2/comms.cc",
+        "sandboxed_api/sandbox2/fork_client.cc",
         "sandboxed_api/sandbox2/forkserver.cc",
         "sandboxed_api/sandbox2/ipc.cc",
         "sandboxed_api/sandbox2/logserver.cc",
@@ -110,14 +135,11 @@ cc_library {
         "sandboxed_api/sandbox2/util/maps_parser.cc",
         "sandboxed_api/sandbox2/util/minielf.cc",
         "sandboxed_api/sandbox2/util/syscall_trap.cc",
-        "sandboxed_api/util/file_helpers.cc",
-        "sandboxed_api/util/fileops.cc",
-        "sandboxed_api/util/path.cc",
-        "sandboxed_api/util/raw_logging.cc",
-        "sandboxed_api/util/status.cc",
-        "sandboxed_api/util/strerror.cc",
         "sandboxed_api/util/temp_file.cc",
     ],
+    static_libs: [
+        "sandboxed_api_shared_with_filewrapper",
+    ],
     defaults: ["sandboxed_api_cc_defaults"],
 }
 
@@ -127,6 +149,109 @@ cc_binary {
         "sandboxed_api/sandbox2/forkserver_bin.cc",
     ],
     static_libs: [
+        "sandboxed_api_shared_with_filewrapper",
+        "sandboxed_api_shared_with_forkserver",
+    ],
+    defaults: ["sandboxed_api_cc_defaults"],
+}
+
+cc_genrule {
+    name: "sandboxed_api_embed_forkserver_cc",
+    arch: { // `enabled: false` doesn't appear to work here
+        arm: {
+            srcs: ["android/placeholder_exe"],
+        },
+        arm64: {
+            srcs: [":sandboxed_api_forkserver"],
+        },
+        x86: {
+            srcs: ["android/placeholder_exe"],
+        },
+    },
+    target: {
+        linux_x86_64: {
+            srcs: [":sandboxed_api_forkserver"],
+        },
+        windows: {
+            srcs: ["android/placeholder_exe"],
+        },
+    },
+    cmd: "$(location sandboxed_api_filewrapper) " +
+         "'' " +
+         "forkserver_bin_embed " +
+         "'' " +
+         "$(genDir)/forkserver_bin_embed.h " +
+         "$(genDir)/forkserver_bin_embed.cc " +
+         "$(in)",
+    device_supported: false,
+    host_supported: true,
+    out: ["forkserver_bin_embed.cc"],
+    tools: ["sandboxed_api_filewrapper"],
+}
+
+cc_genrule {
+    name: "sandboxed_api_embed_forkserver_h",
+    arch: { // `enabled: false` doesn't appear to work here
+        arm: {
+            srcs: ["android/placeholder_exe"],
+        },
+        arm64: {
+            srcs: [":sandboxed_api_forkserver"],
+        },
+        x86: {
+            srcs: ["android/placeholder_exe"],
+        },
+    },
+    target: {
+        linux_x86_64: {
+            srcs: [":sandboxed_api_forkserver"],
+        },
+        windows: {
+            srcs: ["android/placeholder_exe"],
+        },
+    },
+    cmd: "mkdir -p $(genDir)/sandboxed_api/sandbox2/ && " +
+         "$(location sandboxed_api_filewrapper) " +
+         "'' " +
+         "forkserver_bin_embed " +
+         "'' " +
+         "$(genDir)/forkserver_bin_embed.h " +
+         "$(genDir)/forkserver_bin_embed.cc " +
+         "$(in) && " +
+         "cp $(genDir)/forkserver_bin_embed.h $(genDir)/sandboxed_api/sandbox2/",
+    device_supported: false,
+    host_supported: true,
+    out: [
+        "forkserver_bin_embed.h",
+        "sandboxed_api/sandbox2/forkserver_bin_embed.h",
+    ],
+    tools: ["sandboxed_api_filewrapper"],
+}
+
+cc_library {
+    name: "sandboxed_api_sandbox2",
+    export_include_dirs: ["."],
+    generated_headers: ["sandboxed_api_embed_forkserver_h"],
+    generated_sources: ["sandboxed_api_embed_forkserver_cc"],
+    srcs: [
+        "sandboxed_api/embed_file.cc",
+        "sandboxed_api/sandbox2/executor.cc",
+        "sandboxed_api/sandbox2/forkingclient.cc",
+        "sandboxed_api/sandbox2/global_forkclient.cc",
+        "sandboxed_api/sandbox2/monitor_base.cc",
+        "sandboxed_api/sandbox2/monitor_ptrace.cc",
+        "sandboxed_api/sandbox2/monitor_unotify.cc",
+        "sandboxed_api/sandbox2/policy.cc",
+        "sandboxed_api/sandbox2/policybuilder.cc",
+        "sandboxed_api/sandbox2/sandbox2.cc",
+        "sandboxed_api/sandbox2/stack_trace.cc",
+        "sandboxed_api/sandbox2/network_proxy/filtering.cc",
+        "sandboxed_api/sandbox2/network_proxy/server.cc",
+    ],
+    visibility: ["//device/google/cuttlefish:__subpackages__"],
+    whole_static_libs: [
+        "sandboxed_api_proto",
+        "sandboxed_api_shared_with_filewrapper",
         "sandboxed_api_shared_with_forkserver",
     ],
     defaults: ["sandboxed_api_cc_defaults"],
diff --git a/android/placeholder_exe b/android/placeholder_exe
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/android/placeholder_exe
diff --git a/android/sandboxed_api_glibc_compat.h b/android/sandboxed_api_glibc_compat.h
index 5765cf0..8211e98 100644
--- a/android/sandboxed_api_glibc_compat.h
+++ b/android/sandboxed_api_glibc_compat.h
@@ -17,3 +17,26 @@
 // Typo in old glibc
 #define PTRACE_EVENT_SECCOMP PTRAVE_EVENT_SECCOMP
 
+// From aosp/599933
+/*
+ * Older glibc builds predate seccomp inclusion.  These arches are the ones
+ * AOSP needs and doesn't provide anything newer.  All other targets can upgrade
+ * their kernel headers.
+ */
+#ifndef SYS_seccomp
+# if defined(__x86_64__)
+#  define SYS_seccomp 317
+# elif defined(__i386__)
+#  define SYS_seccomp 354
+# elif defined(__aarch64__)
+#  define SYS_seccomp 277
+# elif defined(__arm__)
+#  define SYS_seccomp 383
+# else
+#  error "Update your kernel headers"
+# endif
+#endif
+
+#ifndef PTRACE_O_EXITKILL
+#define PTRACE_O_EXITKILL (1 << 20)
+#endif
diff --git a/android/sandboxed_api_musl_compat.h b/android/sandboxed_api_musl_compat.h
index 370a57c..6d4f384 100644
--- a/android/sandboxed_api_musl_compat.h
+++ b/android/sandboxed_api_musl_compat.h
@@ -14,4 +14,10 @@
 // limitations under the License.
 #pragma once
 
+// From aosp/2263921
+#define __SIGRTMIN 32
+#define __SIGRTMAX 64
+
 typedef int __ptrace_request;
+
+typedef int __rlimit_resource;