blob: fe535bb8a5f71e0573f2ecebb2ebe9625f97b401 [file] [log] [blame]
[email protected]75cd8f02014-05-29 20:56:021# Copyright 2014 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import("//build/config/features.gni")
phosek636bceb32015-10-27 03:36:486import("//build/config/nacl/config.gni")
rsesek7b1273af02016-12-06 20:55:477import("//sandbox/features.gni")
qsrfb5251d12015-01-21 15:57:228import("//testing/test.gni")
[email protected]75cd8f02014-05-29 20:56:029
pkotwiczbbe8d902015-10-29 17:10:0710if (is_android) {
11 import("//build/config/android/rules.gni")
12}
13
[email protected]75cd8f02014-05-29 20:56:0214declare_args() {
15 compile_suid_client = is_linux
16
17 compile_credentials = is_linux
18
jln01954fd2015-05-15 06:19:3319 # On Android, use plain GTest.
20 use_base_test_suite = is_linux
[email protected]75cd8f02014-05-29 20:56:0221}
22
phosek636bceb32015-10-27 03:36:4823if (is_nacl_nonsfi) {
24 config("nacl_nonsfi_warnings") {
25 # There are number of platform specific functions in
26 # seccomp-bpf syscall helpers, which are not being used.
27 cflags = [ "-Wno-unused-function" ]
28 }
29}
30
[email protected]75cd8f02014-05-29 20:56:0231# We have two principal targets: sandbox and sandbox_linux_unittests
32# All other targets are listed as dependencies.
33# There is one notable exception: for historical reasons, chrome_sandbox is
34# the setuid sandbox and is its own target.
35
36group("sandbox") {
brettw00709df2015-12-02 01:40:5037 public_deps = [
[email protected]75cd8f02014-05-29 20:56:0238 ":sandbox_services",
39 ]
40
phosek636bceb32015-10-27 03:36:4841 if (compile_suid_client || is_nacl_nonsfi) {
brettw00709df2015-12-02 01:40:5042 public_deps += [ ":suid_sandbox_client" ]
[email protected]75cd8f02014-05-29 20:56:0243 }
phosek636bceb32015-10-27 03:36:4844 if (use_seccomp_bpf || is_nacl_nonsfi) {
ejcarusob7865802016-08-30 06:14:3045 public_deps += [ ":seccomp_bpf" ]
[email protected]75cd8f02014-05-29 20:56:0246 }
47}
48
49source_set("sandbox_linux_test_utils") {
Brett Wilson0c8745a2014-09-08 22:59:4950 testonly = true
[email protected]75cd8f02014-05-29 20:56:0251 sources = [
52 "tests/sandbox_test_runner.cc",
53 "tests/sandbox_test_runner.h",
54 "tests/sandbox_test_runner_function_pointer.cc",
55 "tests/sandbox_test_runner_function_pointer.h",
[email protected]75cd8f02014-05-29 20:56:0256 "tests/unit_tests.cc",
57 "tests/unit_tests.h",
58 ]
59
60 deps = [
61 "//testing/gtest",
62 ]
63
phosekca8571a92015-12-17 16:35:4264 if (!is_nacl_nonsfi) {
65 sources += [
66 "tests/test_utils.cc",
67 "tests/test_utils.h",
68 ]
69 }
70
71 if (use_seccomp_bpf || is_nacl_nonsfi) {
[email protected]75cd8f02014-05-29 20:56:0272 sources += [
73 "seccomp-bpf/bpf_tester_compatibility_delegate.h",
74 "seccomp-bpf/bpf_tests.h",
75 "seccomp-bpf/sandbox_bpf_test_runner.cc",
76 "seccomp-bpf/sandbox_bpf_test_runner.h",
77 ]
scottmg34fb7e52014-12-03 23:27:2478 deps += [ ":seccomp_bpf" ]
[email protected]75cd8f02014-05-29 20:56:0279 }
jln01954fd2015-05-15 06:19:3380
81 if (use_base_test_suite) {
82 deps += [ "//base/test:test_support" ]
83 defines = [ "SANDBOX_USES_BASE_TEST_SUITE" ]
84 }
[email protected]75cd8f02014-05-29 20:56:0285}
86
pkotwicz41889e32015-10-28 22:17:4887# Sources for sandbox_linux_unittests.
rockot86da06c7f2015-02-21 00:40:5888source_set("sandbox_linux_unittests_sources") {
89 testonly = true
90
[email protected]75cd8f02014-05-29 20:56:0291 sources = [
jlnb14fc802015-02-12 05:32:1192 "services/proc_util_unittest.cc",
jln977185982015-02-13 20:58:4193 "services/resource_limits_unittests.cc",
[email protected]75cd8f02014-05-29 20:56:0294 "services/scoped_process_unittest.cc",
jlnc420f0d2014-11-22 01:12:0995 "services/syscall_wrappers_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:0296 "services/thread_helpers_unittests.cc",
97 "services/yama_unittests.cc",
leecamad78f422014-11-26 22:08:4598 "syscall_broker/broker_file_permission_unittest.cc",
jln70c42c202014-11-01 00:59:5799 "syscall_broker/broker_process_unittest.cc",
[email protected]232f6e112014-06-27 07:51:38100 "tests/main.cc",
101 "tests/scoped_temporary_file.cc",
102 "tests/scoped_temporary_file.h",
103 "tests/scoped_temporary_file_unittest.cc",
jlnc420f0d2014-11-22 01:12:09104 "tests/test_utils_unittest.cc",
[email protected]232f6e112014-06-27 07:51:38105 "tests/unit_tests_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02106 ]
107
108 deps = [
109 ":sandbox",
110 ":sandbox_linux_test_utils",
111 "//base",
[email protected]75cd8f02014-05-29 20:56:02112 "//testing/gtest",
113 ]
114
jln01954fd2015-05-15 06:19:33115 if (use_base_test_suite) {
116 deps += [ "//base/test:test_support" ]
117 defines = [ "SANDBOX_USES_BASE_TEST_SUITE" ]
118 }
119
[email protected]75cd8f02014-05-29 20:56:02120 if (compile_suid_client) {
mdempsky3cc942a2015-02-05 03:29:25121 sources += [
122 "suid/client/setuid_sandbox_client_unittest.cc",
123 "suid/client/setuid_sandbox_host_unittest.cc",
124 ]
[email protected]75cd8f02014-05-29 20:56:02125 }
126 if (use_seccomp_bpf) {
127 sources += [
[email protected]fb75e2a2014-07-17 07:24:58128 "bpf_dsl/bpf_dsl_unittest.cc",
mdempskyb80b1f52015-02-05 00:54:35129 "bpf_dsl/codegen_unittest.cc",
[email protected]fb75e2a2014-07-17 07:24:58130 "bpf_dsl/cons_unittest.cc",
mdempsky937389d2015-08-31 22:27:23131 "bpf_dsl/dump_bpf.cc",
132 "bpf_dsl/dump_bpf.h",
mdempskyce4c9f12015-02-05 06:23:05133 "bpf_dsl/syscall_set_unittest.cc",
mdempsky3909ebf2015-08-20 23:18:18134 "bpf_dsl/test_trap_registry.cc",
135 "bpf_dsl/test_trap_registry.h",
136 "bpf_dsl/test_trap_registry_unittest.cc",
mdempsky937389d2015-08-31 22:27:23137 "bpf_dsl/verifier.cc",
138 "bpf_dsl/verifier.h",
jlnaedcc3e2015-02-12 03:18:10139 "integration_tests/bpf_dsl_seccomp_unittest.cc",
140 "integration_tests/seccomp_broker_process_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02141 "seccomp-bpf-helpers/baseline_policy_unittest.cc",
jlnfcdfb102014-09-12 02:47:44142 "seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc",
[email protected]75cd8f02014-05-29 20:56:02143 "seccomp-bpf/bpf_tests_unittest.cc",
jlna29d0a32014-11-26 22:38:35144 "seccomp-bpf/sandbox_bpf_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02145 "seccomp-bpf/syscall_unittest.cc",
hidehikoa926d0b2015-04-24 21:55:21146 "seccomp-bpf/trap_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02147 ]
mdempskya3fd0ec2015-08-26 00:45:52148 deps += [ ":bpf_dsl_golden" ]
[email protected]75cd8f02014-05-29 20:56:02149 }
150 if (compile_credentials) {
151 sources += [
jlnaedcc3e2015-02-12 03:18:10152 "integration_tests/namespace_unix_domain_socket_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02153 "services/credentials_unittest.cc",
rickyz41fb1452015-01-27 03:57:58154 "services/namespace_utils_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02155 ]
rickyz966f039d2015-03-17 07:23:43156
jln01954fd2015-05-15 06:19:33157 if (use_base_test_suite) {
158 # Tests that use advanced features not available in stock GTest.
159 sources += [ "services/namespace_sandbox_unittest.cc" ]
160 }
161
rickyz966f039d2015-03-17 07:23:43162 # For credentials_unittest.cc
163 configs += [ "//build/config/linux:libcap" ]
[email protected]75cd8f02014-05-29 20:56:02164 }
165}
166
mdempskya3fd0ec2015-08-26 00:45:52167action("bpf_dsl_golden") {
168 script = "bpf_dsl/golden/generate.py"
169 inputs = [
170 "bpf_dsl/golden/i386/ArgSizePolicy.txt",
171 "bpf_dsl/golden/i386/BasicPolicy.txt",
172 "bpf_dsl/golden/i386/ElseIfPolicy.txt",
173 "bpf_dsl/golden/i386/MaskingPolicy.txt",
174 "bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt",
175 "bpf_dsl/golden/i386/NegativeConstantsPolicy.txt",
176 "bpf_dsl/golden/i386/SwitchPolicy.txt",
177 "bpf_dsl/golden/x86-64/ArgSizePolicy.txt",
178 "bpf_dsl/golden/x86-64/BasicPolicy.txt",
179 "bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt",
180 "bpf_dsl/golden/x86-64/ElseIfPolicy.txt",
181 "bpf_dsl/golden/x86-64/MaskingPolicy.txt",
182 "bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt",
183 "bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt",
184 "bpf_dsl/golden/x86-64/SwitchPolicy.txt",
185 ]
186 outputs = [
187 "$target_gen_dir/bpf_dsl/golden/golden_files.h",
188 ]
189 args =
190 rebase_path(outputs, root_build_dir) + rebase_path(inputs, root_build_dir)
191}
192
agrieve62ab00282016-04-05 02:03:45193test("sandbox_linux_unittests") {
rockot86da06c7f2015-02-21 00:40:58194 deps = [
195 ":sandbox_linux_unittests_sources",
pkotwiczbbe8d902015-10-29 17:10:07196 "//build/config/sanitizers:deps",
rockot86da06c7f2015-02-21 00:40:58197 ]
agrieve62ab00282016-04-05 02:03:45198 if (is_android) {
199 use_raw_android_executable = true
200 }
rockot86da06c7f2015-02-21 00:40:58201}
202
[email protected]75cd8f02014-05-29 20:56:02203component("seccomp_bpf") {
204 sources = [
[email protected]fb75e2a2014-07-17 07:24:58205 "bpf_dsl/bpf_dsl.cc",
206 "bpf_dsl/bpf_dsl.h",
mdempskyc60a1c52014-10-24 23:07:10207 "bpf_dsl/bpf_dsl_forward.h",
mdempskyfb10cce2014-10-14 17:56:44208 "bpf_dsl/bpf_dsl_impl.h",
mdempskyb80b1f52015-02-05 00:54:35209 "bpf_dsl/codegen.cc",
210 "bpf_dsl/codegen.h",
[email protected]fb75e2a2014-07-17 07:24:58211 "bpf_dsl/cons.h",
mdempsky3909ebf2015-08-20 23:18:18212 "bpf_dsl/errorcode.h",
jlna65ffca2015-02-13 04:12:43213 "bpf_dsl/linux_syscall_ranges.h",
mdempskyc60a1c52014-10-24 23:07:10214 "bpf_dsl/policy.cc",
215 "bpf_dsl/policy.h",
mdempsky27e78ad72014-10-16 16:49:54216 "bpf_dsl/policy_compiler.cc",
217 "bpf_dsl/policy_compiler.h",
jlna65ffca2015-02-13 04:12:43218 "bpf_dsl/seccomp_macros.h",
mdempskyce4c9f12015-02-05 06:23:05219 "bpf_dsl/syscall_set.cc",
220 "bpf_dsl/syscall_set.h",
mdempsky27e78ad72014-10-16 16:49:54221 "bpf_dsl/trap_registry.h",
ejcarusob7865802016-08-30 06:14:30222 "seccomp-bpf-helpers/baseline_policy.cc",
223 "seccomp-bpf-helpers/baseline_policy.h",
224 "seccomp-bpf-helpers/sigsys_handlers.cc",
225 "seccomp-bpf-helpers/sigsys_handlers.h",
226 "seccomp-bpf-helpers/syscall_parameters_restrictions.cc",
227 "seccomp-bpf-helpers/syscall_parameters_restrictions.h",
228 "seccomp-bpf-helpers/syscall_sets.cc",
229 "seccomp-bpf-helpers/syscall_sets.h",
[email protected]75cd8f02014-05-29 20:56:02230 "seccomp-bpf/die.cc",
231 "seccomp-bpf/die.h",
[email protected]75cd8f02014-05-29 20:56:02232 "seccomp-bpf/sandbox_bpf.cc",
233 "seccomp-bpf/sandbox_bpf.h",
[email protected]75cd8f02014-05-29 20:56:02234 "seccomp-bpf/syscall.cc",
235 "seccomp-bpf/syscall.h",
[email protected]75cd8f02014-05-29 20:56:02236 "seccomp-bpf/trap.cc",
237 "seccomp-bpf/trap.h",
[email protected]75cd8f02014-05-29 20:56:02238 ]
239 defines = [ "SANDBOX_IMPLEMENTATION" ]
240
brettw63340882016-03-22 17:09:49241 public_deps = [
242 ":sandbox_services_headers",
Thiago Farina10ec8a62017-05-15 20:38:09243 "//sandbox:sandbox_export",
brettw63340882016-03-22 17:09:49244 ]
[email protected]75cd8f02014-05-29 20:56:02245 deps = [
jlnbd4df41c2014-11-25 02:32:30246 ":sandbox_services",
[email protected]75cd8f02014-05-29 20:56:02247 "//base",
248 ]
phosek636bceb32015-10-27 03:36:48249
250 if (is_nacl_nonsfi) {
251 cflags = [ "-fgnu-inline-asm" ]
252 sources -= [
253 "bpf_dsl/bpf_dsl_forward.h",
254 "bpf_dsl/bpf_dsl_impl.h",
255 "bpf_dsl/cons.h",
256 "bpf_dsl/errorcode.h",
257 "bpf_dsl/linux_syscall_ranges.h",
258 "bpf_dsl/seccomp_macros.h",
259 "bpf_dsl/trap_registry.h",
phosek636bceb32015-10-27 03:36:48260 "seccomp-bpf-helpers/baseline_policy.cc",
261 "seccomp-bpf-helpers/baseline_policy.h",
262 "seccomp-bpf-helpers/syscall_sets.cc",
263 "seccomp-bpf-helpers/syscall_sets.h",
264 ]
265 configs += [ ":nacl_nonsfi_warnings" ]
266 }
[email protected]75cd8f02014-05-29 20:56:02267}
268
James Robinson060f2e32014-09-10 22:31:37269if (is_linux) {
scottmg34fb7e52014-12-03 23:27:24270 # The setuid sandbox for Linux.
James Robinson060f2e32014-09-10 22:31:37271 executable("chrome_sandbox") {
272 sources = [
273 "suid/common/sandbox.h",
274 "suid/common/suid_unsafe_environment_variables.h",
James Robinson060f2e32014-09-10 22:31:37275 "suid/process_util.h",
276 "suid/process_util_linux.c",
277 "suid/sandbox.c",
278 ]
[email protected]75cd8f02014-05-29 20:56:02279
James Robinson060f2e32014-09-10 22:31:37280 cflags = [
281 # For ULLONG_MAX
282 "-std=gnu99",
scottmg34fb7e52014-12-03 23:27:24283
James Robinson060f2e32014-09-10 22:31:37284 # These files have a suspicious comparison.
285 # TODO fix this and re-enable this warning.
286 "-Wno-sign-compare",
287 ]
brettwba7a73d2015-08-31 22:17:39288
dpranke3ea22b3a2016-06-09 23:39:50289 import("//build/config/compiler/compiler.gni")
290 import("//build/config/sanitizers/sanitizers.gni")
dpranke651705f2016-07-15 03:58:47291 if (is_component_build || using_sanitizer) {
dpranke3ea22b3a2016-06-09 23:39:50292 # WARNING! We remove this config so that we don't accidentally
293 # pick up the //build/config:rpath_for_built_shared_libraries
294 # sub-config. However, this means that we need to duplicate any
295 # other flags that executable_config might have.
296 configs -= [ "//build/config:executable_config" ]
297 if (!use_gold) {
dpranke41d05be2016-06-13 18:59:31298 ldflags = [ "-Wl,--disable-new-dtags" ]
dpranke3ea22b3a2016-06-09 23:39:50299 }
300 }
301
dpranke651705f2016-07-15 03:58:47302 # We also do not want to pick up any of the other sanitizer
303 # flags (i.e. we do not want to build w/ the sanitizers at all).
304 # This is safe to delete unconditionally, because it is part of the
305 # default configs and empty when not using the sanitizers.
306 configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
James Robinson060f2e32014-09-10 22:31:37307 }
[email protected]75cd8f02014-05-29 20:56:02308}
309
310component("sandbox_services") {
311 sources = [
[email protected]75cd8f02014-05-29 20:56:02312 "services/init_process_reaper.cc",
313 "services/init_process_reaper.h",
jlnb14fc802015-02-12 05:32:11314 "services/proc_util.cc",
315 "services/proc_util.h",
jln977185982015-02-13 20:58:41316 "services/resource_limits.cc",
317 "services/resource_limits.h",
[email protected]75cd8f02014-05-29 20:56:02318 "services/scoped_process.cc",
319 "services/scoped_process.h",
jln610a4a612014-11-20 18:58:21320 "services/syscall_wrappers.cc",
321 "services/syscall_wrappers.h",
[email protected]75cd8f02014-05-29 20:56:02322 "services/thread_helpers.cc",
323 "services/thread_helpers.h",
[email protected]75cd8f02014-05-29 20:56:02324 "services/yama.cc",
jlnb14fc802015-02-12 05:32:11325 "services/yama.h",
jln878dca32014-11-11 07:43:57326 "syscall_broker/broker_channel.cc",
327 "syscall_broker/broker_channel.h",
jln70c42c202014-11-01 00:59:57328 "syscall_broker/broker_client.cc",
329 "syscall_broker/broker_client.h",
330 "syscall_broker/broker_common.h",
leecamad78f422014-11-26 22:08:45331 "syscall_broker/broker_file_permission.cc",
332 "syscall_broker/broker_file_permission.h",
jln70c42c202014-11-01 00:59:57333 "syscall_broker/broker_host.cc",
334 "syscall_broker/broker_host.h",
335 "syscall_broker/broker_policy.cc",
336 "syscall_broker/broker_policy.h",
337 "syscall_broker/broker_process.cc",
338 "syscall_broker/broker_process.h",
[email protected]75cd8f02014-05-29 20:56:02339 ]
340
341 defines = [ "SANDBOX_IMPLEMENTATION" ]
342
Thiago Farina10ec8a62017-05-15 20:38:09343 public_deps = [
344 "//sandbox:sandbox_export",
345 ]
rickyz966f039d2015-03-17 07:23:43346 deps = [
347 "//base",
348 ]
349
phosek636bceb32015-10-27 03:36:48350 if (compile_credentials || is_nacl_nonsfi) {
[email protected]75cd8f02014-05-29 20:56:02351 sources += [
352 "services/credentials.cc",
353 "services/credentials.h",
rickyz8f235da2015-02-03 07:26:19354 "services/namespace_sandbox.cc",
355 "services/namespace_sandbox.h",
rickyz41fb1452015-01-27 03:57:58356 "services/namespace_utils.cc",
357 "services/namespace_utils.h",
[email protected]75cd8f02014-05-29 20:56:02358 ]
scottmg34fb7e52014-12-03 23:27:24359
brettw63340882016-03-22 17:09:49360 public_deps += [ ":sandbox_services_headers" ]
[email protected]75cd8f02014-05-29 20:56:02361 }
phosek636bceb32015-10-27 03:36:48362
363 if (is_nacl_nonsfi) {
mcgrathr87cb1c072015-11-20 21:47:40364 cflags = [ "-fgnu-inline-asm" ]
365
phosek636bceb32015-10-27 03:36:48366 sources -= [
367 "services/init_process_reaper.cc",
368 "services/init_process_reaper.h",
369 "services/scoped_process.cc",
370 "services/scoped_process.h",
371 "services/yama.cc",
372 "services/yama.h",
373 "syscall_broker/broker_channel.cc",
374 "syscall_broker/broker_channel.h",
375 "syscall_broker/broker_client.cc",
376 "syscall_broker/broker_client.h",
377 "syscall_broker/broker_common.h",
378 "syscall_broker/broker_file_permission.cc",
379 "syscall_broker/broker_file_permission.h",
380 "syscall_broker/broker_host.cc",
381 "syscall_broker/broker_host.h",
382 "syscall_broker/broker_policy.cc",
383 "syscall_broker/broker_policy.h",
384 "syscall_broker/broker_process.cc",
385 "syscall_broker/broker_process.h",
386 ]
387 }
[email protected]75cd8f02014-05-29 20:56:02388}
389
390source_set("sandbox_services_headers") {
391 sources = [
jlnaedcc3e2015-02-12 03:18:10392 "system_headers/arm64_linux_syscalls.h",
hidehikoa926d0b2015-04-24 21:55:21393 "system_headers/arm64_linux_ucontext.h",
jlna65ffca2015-02-13 04:12:43394 "system_headers/arm_linux_syscalls.h",
hidehikoa926d0b2015-04-24 21:55:21395 "system_headers/arm_linux_ucontext.h",
396 "system_headers/i386_linux_ucontext.h",
tfarina1d7984c2017-03-27 23:00:22397 "system_headers/linux_filter.h",
dnicoara97178052015-04-15 17:44:04398 "system_headers/linux_futex.h",
jlna65ffca2015-02-13 04:12:43399 "system_headers/linux_seccomp.h",
hidehikoa926d0b2015-04-24 21:55:21400 "system_headers/linux_signal.h",
jlnaedcc3e2015-02-12 03:18:10401 "system_headers/linux_syscalls.h",
ben7598f462015-05-22 23:19:51402 "system_headers/linux_time.h",
hidehikoa926d0b2015-04-24 21:55:21403 "system_headers/linux_ucontext.h",
tfarina1d7984c2017-03-27 23:00:22404 "system_headers/mips64_linux_syscalls.h",
405 "system_headers/mips_linux_syscalls.h",
406 "system_headers/mips_linux_ucontext.h",
jlnaedcc3e2015-02-12 03:18:10407 "system_headers/x86_32_linux_syscalls.h",
408 "system_headers/x86_64_linux_syscalls.h",
tfarina1d7984c2017-03-27 23:00:22409 "system_headers/x86_64_linux_ucontext.h",
[email protected]75cd8f02014-05-29 20:56:02410 ]
411}
412
phosek636bceb32015-10-27 03:36:48413if (compile_suid_client || is_nacl_nonsfi) {
James Robinson060f2e32014-09-10 22:31:37414 component("suid_sandbox_client") {
415 sources = [
James Robinson060f2e32014-09-10 22:31:37416 "suid/client/setuid_sandbox_client.cc",
417 "suid/client/setuid_sandbox_client.h",
mdempsky3cc942a2015-02-05 03:29:25418 "suid/client/setuid_sandbox_host.cc",
419 "suid/client/setuid_sandbox_host.h",
scottmg7c7296f42015-02-28 02:23:09420 "suid/common/sandbox.h",
421 "suid/common/suid_unsafe_environment_variables.h",
James Robinson060f2e32014-09-10 22:31:37422 ]
423 defines = [ "SANDBOX_IMPLEMENTATION" ]
Thiago Farina10ec8a62017-05-15 20:38:09424 public_deps = [
425 "//sandbox:sandbox_export",
426 ]
James Robinson060f2e32014-09-10 22:31:37427 deps = [
428 ":sandbox_services",
429 "//base",
430 ]
phosek636bceb32015-10-27 03:36:48431
432 if (is_nacl_nonsfi) {
433 sources -= [
434 "suid/client/setuid_sandbox_host.cc",
435 "suid/client/setuid_sandbox_host.h",
436 "suid/common/sandbox.h",
437 "suid/common/suid_unsafe_environment_variables.h",
438 ]
439 }
James Robinson060f2e32014-09-10 22:31:37440 }
[email protected]75cd8f02014-05-29 20:56:02441}