build.rs: find compile_seccomp_policy via which

If a copy of the compile_seccomp_policy program that is used to generate BPF versions of the seccomp policies is available in the $PATH, use it in preference to the one in the submodule. This makes the ChromeOS ebuild able to embed seccomp policies, since it has compile_secomp_policy installed as part of the cros_sdk, so the special case for CROSVM_BUILD_VARIANT is removed. BUG=b:235858187 TEST=emerge-kevin crosvm # with submodules deinitialized Change-Id: I30f23a507ee444bc3fe5d78af394fbe651191be0 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/3998113 Reviewed-by: Dennis Kempin <denniskempin@google.com> Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
2024-11-25 05:03:05 +00:00 · 2022-11-01 18:16:50 -07:00 · 2022-11-01 18:16:50 -07:00 · be900c3aae
commit be900c3aae
parent 47a7306703
3 changed files with 17 additions and 14 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -540,6 +540,7 @@ dependencies = [
 "vhost",
 "vm_control",
 "vm_memory",
+ "which",
 "win_audio",
 "win_util",
 "winapi",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -404,6 +404,7 @@ win_util = { path = "win_util"}

 [build-dependencies]
 cc = "*"
+which = "4"

 [dev-dependencies]
 base = "*"
--- a/build.rs
+++ b/build.rs
@ -22,7 +22,7 @@ fn rewrite_policies(seccomp_policy_path: &Path, rewrote_policy_folder: &Path) {
    }
 }

-fn compile_policies(out_dir: &Path, rewrote_policy_folder: &Path, minijail_dir: &Path) {
+fn compile_policies(out_dir: &Path, rewrote_policy_folder: &Path, compile_seccomp_policy: &Path) {
    let compiled_policy_folder = out_dir.join("policy_output");
    fs::create_dir_all(&compiled_policy_folder).unwrap();
    let mut include_all_bytes = String::from("std::collections::HashMap::from([\n");
@ -36,7 +36,7 @@ fn compile_policies(out_dir: &Path, rewrote_policy_folder: &Path, minijail_dir:
                    .file_name()
                    .unwrap(),
            );
-            Command::new(minijail_dir.join("tools/compile_seccomp_policy.py"))
+            Command::new(compile_seccomp_policy)
                .arg("--arch-json")
                .arg(rewrote_policy_folder.join("constants.json"))
                .arg("--default-action")
@ -69,18 +69,19 @@ fn main() {

    let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
    let src_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap());
-    let minijail_dir = if let Ok(minijail_dir_env) = env::var("MINIJAIL_DIR") {
-        PathBuf::from(minijail_dir_env)
-    } else {
-        src_dir.join("third_party/minijail")
-    };

-    // Disable embedding of seccomp policy files on ChromeOS builds.
-    println!("cargo:rerun-if-env-changed=CROSVM_BUILD_VARIANT");
-    if env::var("CROSVM_BUILD_VARIANT").unwrap_or_default() == "chromeos" {
-        fs::write(out_dir.join("bpf_includes.in"), "Default::default()").unwrap();
-        return;
-    }
+    let compile_seccomp_policy = if let Ok(path) = which::which("compile_seccomp_policy") {
+        // If `compile_seccomp_policy` exists in the path (e.g. ChromeOS builds), use it.
+        path
+    } else {
+        // Otherwise, use compile_seccomp_policy.py from the minijail submodule.
+        let minijail_dir = if let Ok(minijail_dir_env) = env::var("MINIJAIL_DIR") {
+            PathBuf::from(minijail_dir_env)
+        } else {
+            src_dir.join("third_party/minijail")
+        };
+        minijail_dir.join("tools/compile_seccomp_policy.py")
+    };

    // check policies exist for target architecuture
    let seccomp_arch_name = match env::var("CARGO_CFG_TARGET_ARCH").unwrap().as_str() {
@ -96,5 +97,5 @@ fn main() {
    let rewrote_policy_folder = out_dir.join("policy_input");
    fs::create_dir_all(&rewrote_policy_folder).unwrap();
    rewrite_policies(&seccomp_policy_path, &rewrote_policy_folder);
-    compile_policies(&out_dir, &rewrote_policy_folder, &minijail_dir);
+    compile_policies(&out_dir, &rewrote_policy_folder, &compile_seccomp_policy);
 }