Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2d997046 authored by Spandan Das's avatar Spandan Das
Browse files

nsjail support verification should respect BUILD_BROKEN* flag for SrcDir 

This ensures that soong_ui is successful in setting up its own nsjail in
workflows that externally make the source tree ReadOnly (e.g. a nested
nsjail in multitree).

Test: TH
Change-Id: I6d0ec4a9fffda1d4e5996f475da611e1deb0888d
parent 925cb2a8

ui/build/sandbox_config.go

+9 −0
Original line number Diff line number Diff line
@@ -27,6 +27,15 @@ func (sc *SandboxConfig) SrcDirIsRO() bool { 
	return sc.srcDirIsRO

}



// Return the mount flag of the source directory in the nsjail command

func (sc *SandboxConfig) SrcDirMountFlag() string {

	ret := "-B" // Read-write

	if sc.SrcDirIsRO() {

		ret = "-R" // Read-only

	}

	return ret

}



func (sc *SandboxConfig) SetSrcDirRWAllowlist(allowlist []string) {

	sc.srcDirRWAllowlist = allowlist

}

ui/build/sandbox_linux.go

+2 −9
Original line number Diff line number Diff line
@@ -101,7 +101,7 @@ func (c *Cmd) sandboxSupported() bool { 
			// srcDir is /tmp/.* in integration tests, which is a child dir of /tmp

			// nsjail throws an error if a child dir is mounted before its parent

			"-B", "/tmp",

			"-B", sandboxConfig.srcDir,

			c.config.sandboxConfig.SrcDirMountFlag(), sandboxConfig.srcDir,

			"-B", sandboxConfig.outDir,

		}
@@ -148,13 +148,6 @@ func (c *Cmd) sandboxSupported() bool { 
func (c *Cmd) wrapSandbox() {

	wd, _ := os.Getwd()



	var srcDirMountFlag string

	if c.config.sandboxConfig.SrcDirIsRO() {

		srcDirMountFlag = "-R"

	} else {

		srcDirMountFlag = "-B" //Read-Write

	}



	sandboxArgs := []string{

		// The executable to run

		"-x", c.Path,
@@ -195,7 +188,7 @@ func (c *Cmd) wrapSandbox() { 
		"-B", "/tmp",



		// Mount source

		srcDirMountFlag, sandboxConfig.srcDir,

		c.config.sandboxConfig.SrcDirMountFlag(), sandboxConfig.srcDir,



		//Mount out dir as read-write

		"-B", sandboxConfig.outDir,