Hi, I am interesting in testing out firefox for android + seccomp-bpf sandboxing. I'm running a custom rom which has seccomp-bpf support in the kernel (backported to linux-3.4) and /system/lib/libseccomp.so (built as a shared library for other reasons). My development environment should be fine, as I can build AOSP/CM, android apps, have android-sdk and android-ndks, android-studio, etc..
I have successfully built fennec-50.0 from source code, using the instructions found here: https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Build_Instructions/Simple_Firefox_for_Android_build I've tried both the bootstrap script and/or using my installed SDK/NDK and have ended up with working builds of Fennec. (although, I prefer to use my system installed android-ndk/sdk). Now the problem: When I try to build Fennec with the sandboxing enabled ( --enable-content-sandbox ), the build fails. The sandbox enabled build fails here: 1:06.40 In file included from /run/media/ninez/Storage/firefox/mozilla-central/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp:18:0: 1:06.40 /run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/dist/system_wrappers/cutils/properties.h:3:36: fatal error: cutils/properties.h: No such file or directory 1:06.40 #include_next <cutils/properties.h> 1:06.40 ^ 1:06.40 compilation terminated. 1:06.40 1:06.41 In the directory /run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/security/sandbox/linux/broker 1:06.41 The following command failed to execute properly: 1:06.41 /opt/android-ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-g++ -std=gnu++11 -o SandboxBrokerPolicyFactory.o -c -I/run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/dist/stl_wrappers -I/run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/dist/system_wrappers -include /run/media/ninez/Storage/firefox/mozilla-central/config/gcc_hidden.h -DNDEBUG=1 -DTRIMMED=1 -DOS_POSIX=1 -DOS_LINUX=1 -DSTATIC_EXPORTABLE_JS_API -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -I/run/media/ninez/Storage/firefox/mozilla-central/security/sandbox/linux/broker -I/run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/security/sandbox/linux/broker -I/run/media/ninez/Storage/firefox/mozilla-central/security/sandbox/linux -I/run/media/ninez/Storage/firefox/mozilla-central/security/sandbox/linux/common -I/run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/ipc/ipdl/_ipdlheaders -I/run/media/ninez/Storage/firefox/mozilla-central/ipc/chromium/src -I/run/media/ninez/Storage/firefox/mozilla-central/ipc/glue -I/run/media/ninez/Storage/firefox/mozilla-central/security/sandbox/chromium -I/run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/dist/include -I/run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/dist/include/nspr -I/run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/dist/include/nss -fPIC -DMOZILLA_CLIENT -include /run/media/ninez/Storage/firefox/mozilla-central/objdir-droid/mozilla-config.h -MD -MP -MF .deps/SandboxBrokerPolicyFactory.o.pp -idirafter /opt/android-ndk/platforms/android-9/arch-arm/usr/include -Wall -Wc++11-compat -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wwrite-strings -Wthread-safety -Wno-invalid-offsetof -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -fno-short-enums -fno-exceptions -march=armv7-a -mthumb -mfpu=vfp -mfloat-abi=softfp -mno-unaligned-access -I/opt/android-ndk/sources/android/support/include -I/opt/android-ndk/sources/cxx-stl/llvm-libc++/libcxx/include -I/opt/android-ndk/sources/cxx-stl/llvm-libc++abi/libcxxabi/include -fno-exceptions -fno-strict-aliasing -fno-rtti -fno-exceptions -fno-math-errno -pipe -g -freorder-blocks -fno-reorder-functions -Os -fomit-frame-pointer /run/media/ninez/Storage/firefox/mozilla-central/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp 1:06.41 /run/media/ninez/Storage/firefox/mozilla-central/config/ rules.mk:934: recipe for target 'SandboxBrokerPolicyFactory.o' failed 1:06.41 make[5]: *** [SandboxBrokerPolicyFactory.o] Error 1 1:06.41 /run/media/ninez/Storage/firefox/mozilla-central/config/ recurse.mk:71: recipe for target 'security/sandbox/linux/broker/target' failed 1:06.41 make[4]: *** [security/sandbox/linux/broker/target] Error 2 1:06.41 make[4]: *** Waiting for unfinished jobs.... I'm not exactly sure how to fix this, so I am wondering if anyone has a solution? note: I can symlink from my AOSP tree ../cutils folder, but then it will fail at #include <hash_map> later on. I'd like to know if anyone is successfully building the seccomp/sandbox on android and what additional steps would I need to take to get it working? Lastly, I do see that I will need to use the override setting/preference found in SandboxBrokerPolicyFactory.cpp: // Allow overriding "unsupported"ness with a pref, for testing. if (!IsSystemSupported() && Preferences::GetInt("security.sandbox.content.level") <= 0) { return nullptr; } in Is ..to allow the sandbox to work on my system. (or instead by adding my device/hardware string in 'inIsSystemSupported'). anyway, any help would be appreciated. thx! Jordan
_______________________________________________ mobile-firefox-dev mailing list mobile-firefox-dev@mozilla.org https://mail.mozilla.org/listinfo/mobile-firefox-dev
