Skip to content

seccomp tools

seccomp tools #8

Workflow file for this run

name: CI
on:
push:
pull_request:
merge_group:
schedule:
- cron: "21 3 * * 5"
jobs:
test-android:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- target: x86_64-linux-android
emulator-arch: x86_64
- target: i686-linux-android
emulator-arch: x86
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install JDK
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '21'
- name: Install Android SDK
uses: android-actions/setup-android@v2
- name: Install Android NDK
run: sdkmanager --install "ndk;25.2.9519653"
- name: Install Rust
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
target: ${{ matrix.target }}
- uses: Swatinem/rust-cache@v2
- name: Install cargo-ndk
run: cargo install cargo-ndk
- name: Build unit tests for Android
run: cargo ndk -t ${{ matrix.target }} test --no-run
- name: Enable KVM group perms
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
- name: Install seccomp-tools
run: sudo apt-get update && sudo apt-get install -y seccomp-tools
- name: Check for recvmmsg syscall
run: |
if seccomp-tools inspect $(pgrep -x emulator) | grep recvmmsg; then
echo "recvmmsg syscall is allowed"
else
echo "recvmmsg syscall is not allowed"
fi
- name: Create emulator script
run: |
echo '#!/bin/bash
set -e
adb wait-for-device
while [[ -z "$(adb shell getprop sys.boot_completed | tr -d '\r')" ]]; do sleep 1; done
adb shell su 0 getenforce
adb shell su 0 setenforce 1
adb wait-for-device
while [[ -z "$(adb shell getprop sys.boot_completed | tr -d '\r')" ]]; do sleep 1; done
any_failures=0
for test in $(find target/${{ matrix.target }}/debug/deps/ -type f -executable ! -name "*.so" -name "*-*"); do
adb push "$test" /data/local/tmp/
adb shell chmod +x /data/local/tmp/$(basename "$test")
adb shell /data/local/tmp/$(basename "$test") || any_failures=1
done
exit $any_failures' > run_tests_on_emulator.sh && chmod +x run_tests_on_emulator.sh
- name: Set up Android Emulator and run tests
uses: reactivecircus/android-emulator-runner@v2
with:
api-level: 29
target: google_apis
arch: ${{ matrix.emulator-arch }}
script: ./run_tests_on_emulator.sh