// Copyright (C) 2023 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

cc_binary {
    name: "shell-as",
    cflags: [
      "-Wall",
      "-Werror",
      "-Wextra",
    ],
    srcs: [
      "*.cpp",
      ":shell-as-test-app-apk-cpp",
    ],
    header_libs: ["libcutils_headers"],
    static_executable: true,
    static_libs: [
      "libbase",
      "libcap",
      "liblog",
      "libseccomp_policy",
      "libselinux",
    ],
    arch: {
        arm: {
            srcs: ["shell-code/*-arm.S"]
        },
        arm64: {
            srcs: ["shell-code/*-arm64.S"]
        },
        x86: {
            srcs: ["shell-code/*-x86.S"]
        },
        x86_64: {
            srcs: ["shell-code/*-x86_64.S"]
        }
    }
}

// A simple app that requests all non-system permissions and contains no other
// functionality. This can be used as a target for shell-as to emulate the
// security context of the most privileged possible non-system app.
android_app {
  name: "shell-as-test-app",
  manifest: ":shell-as-test-app-manifest",
  srcs: ["app/**/*.java"],
  sdk_version: "9",
  certificate: ":shell-as-test-app-cert",
}

// https://source.android.com/docs/core/ota/sign_builds#release-keys
// Generated by running:
// $ANDROID_BUILD_TOP/development/tools/make_key \
//     shell-as-test-app-key \
//     '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com
android_app_certificate {
    name: "shell-as-test-app-cert",
    certificate: "shell-as-test-app-key",
}

genrule {
  name: "shell-as-test-app-manifest",
  srcs: [
    ":permission-list-normal",
    "AndroidManifest.xml.template"
  ],
  cmd: "$(location gen-manifest.sh) " +
       "$(location AndroidManifest.xml.template) " +
       "$(location :permission-list-normal) " +
       "$(out)",
  out: ["AndroidManifest.xml"],
  tool_files: ["gen-manifest.sh"],
}

// A source file that contains the contents of the above shell-as-test-app APK
// embedded as an array.
cc_genrule {
  name: "shell-as-test-app-apk-cpp",
  srcs: [":shell-as-test-app"],
  cmd: "(" +
       "  echo '#include <stddef.h>';" +
       "  echo '#include <stdint.h>';" +
       "  echo '';" +
       "  echo 'namespace shell_as {';" +
       "  echo 'const uint8_t kTestAppApk[] = {';" +
       "  $(location toybox) xxd -i < $(in);" +
       "  echo '};';" +
       "  echo 'void GetTestApk(uint8_t **apk, size_t *length) {';" +
       "  echo '  *apk = (uint8_t*) kTestAppApk;';" +
       "  echo '  *length = sizeof(kTestAppApk);';" +
       "  echo '}';" +
       "  echo '}  // namespace shell_as';" +
       ") > $(out)",
  out: ["test-app-apk.cpp"],
  tools: ["toybox"]
}