[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 1 | # Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 | # Use of this source code is governed by a BSD-style license that can be |
| 3 | # found in the LICENSE file. |
| 4 | |
| 5 | import("//build/config/features.gni") |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 6 | import("//build/config/nacl/config.gni") |
rsesek | 7b1273af0 | 2016-12-06 20:55:47 | [diff] [blame] | 7 | import("//sandbox/features.gni") |
qsr | fb5251d1 | 2015-01-21 15:57:22 | [diff] [blame] | 8 | import("//testing/test.gni") |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 9 | |
pkotwicz | bbe8d90 | 2015-10-29 17:10:07 | [diff] [blame] | 10 | if (is_android) { |
| 11 | import("//build/config/android/rules.gni") |
| 12 | } |
| 13 | |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 14 | declare_args() { |
| 15 | compile_suid_client = is_linux |
| 16 | |
| 17 | compile_credentials = is_linux |
| 18 | |
jln | 01954fd | 2015-05-15 06:19:33 | [diff] [blame] | 19 | # On Android, use plain GTest. |
| 20 | use_base_test_suite = is_linux |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 21 | } |
| 22 | |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 23 | if (is_nacl_nonsfi) { |
| 24 | config("nacl_nonsfi_warnings") { |
| 25 | # There are number of platform specific functions in |
| 26 | # seccomp-bpf syscall helpers, which are not being used. |
| 27 | cflags = [ "-Wno-unused-function" ] |
| 28 | } |
| 29 | } |
| 30 | |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 31 | # We have two principal targets: sandbox and sandbox_linux_unittests |
| 32 | # All other targets are listed as dependencies. |
| 33 | # There is one notable exception: for historical reasons, chrome_sandbox is |
| 34 | # the setuid sandbox and is its own target. |
| 35 | |
| 36 | group("sandbox") { |
brettw | 00709df | 2015-12-02 01:40:50 | [diff] [blame] | 37 | public_deps = [ |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 38 | ":sandbox_services", |
| 39 | ] |
| 40 | |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 41 | if (compile_suid_client || is_nacl_nonsfi) { |
brettw | 00709df | 2015-12-02 01:40:50 | [diff] [blame] | 42 | public_deps += [ ":suid_sandbox_client" ] |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 43 | } |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 44 | if (use_seccomp_bpf || is_nacl_nonsfi) { |
ejcaruso | b786580 | 2016-08-30 06:14:30 | [diff] [blame] | 45 | public_deps += [ ":seccomp_bpf" ] |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 46 | } |
| 47 | } |
| 48 | |
| 49 | source_set("sandbox_linux_test_utils") { |
Brett Wilson | 0c8745a | 2014-09-08 22:59:49 | [diff] [blame] | 50 | testonly = true |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 51 | sources = [ |
| 52 | "tests/sandbox_test_runner.cc", |
| 53 | "tests/sandbox_test_runner.h", |
| 54 | "tests/sandbox_test_runner_function_pointer.cc", |
| 55 | "tests/sandbox_test_runner_function_pointer.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 56 | "tests/unit_tests.cc", |
| 57 | "tests/unit_tests.h", |
| 58 | ] |
| 59 | |
| 60 | deps = [ |
| 61 | "//testing/gtest", |
| 62 | ] |
| 63 | |
phosek | ca8571a9 | 2015-12-17 16:35:42 | [diff] [blame] | 64 | if (!is_nacl_nonsfi) { |
| 65 | sources += [ |
| 66 | "tests/test_utils.cc", |
| 67 | "tests/test_utils.h", |
| 68 | ] |
| 69 | } |
| 70 | |
| 71 | if (use_seccomp_bpf || is_nacl_nonsfi) { |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 72 | sources += [ |
| 73 | "seccomp-bpf/bpf_tester_compatibility_delegate.h", |
| 74 | "seccomp-bpf/bpf_tests.h", |
| 75 | "seccomp-bpf/sandbox_bpf_test_runner.cc", |
| 76 | "seccomp-bpf/sandbox_bpf_test_runner.h", |
| 77 | ] |
scottmg | 34fb7e5 | 2014-12-03 23:27:24 | [diff] [blame] | 78 | deps += [ ":seccomp_bpf" ] |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 79 | } |
jln | 01954fd | 2015-05-15 06:19:33 | [diff] [blame] | 80 | |
| 81 | if (use_base_test_suite) { |
| 82 | deps += [ "//base/test:test_support" ] |
| 83 | defines = [ "SANDBOX_USES_BASE_TEST_SUITE" ] |
| 84 | } |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 85 | } |
| 86 | |
pkotwicz | 41889e3 | 2015-10-28 22:17:48 | [diff] [blame] | 87 | # Sources for sandbox_linux_unittests. |
rockot | 86da06c7f | 2015-02-21 00:40:58 | [diff] [blame] | 88 | source_set("sandbox_linux_unittests_sources") { |
| 89 | testonly = true |
| 90 | |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 91 | sources = [ |
jln | b14fc80 | 2015-02-12 05:32:11 | [diff] [blame] | 92 | "services/proc_util_unittest.cc", |
jln | 97718598 | 2015-02-13 20:58:41 | [diff] [blame] | 93 | "services/resource_limits_unittests.cc", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 94 | "services/scoped_process_unittest.cc", |
jln | c420f0d | 2014-11-22 01:12:09 | [diff] [blame] | 95 | "services/syscall_wrappers_unittest.cc", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 96 | "services/thread_helpers_unittests.cc", |
| 97 | "services/yama_unittests.cc", |
leecam | ad78f42 | 2014-11-26 22:08:45 | [diff] [blame] | 98 | "syscall_broker/broker_file_permission_unittest.cc", |
jln | 70c42c20 | 2014-11-01 00:59:57 | [diff] [blame] | 99 | "syscall_broker/broker_process_unittest.cc", |
[email protected] | 232f6e11 | 2014-06-27 07:51:38 | [diff] [blame] | 100 | "tests/main.cc", |
| 101 | "tests/scoped_temporary_file.cc", |
| 102 | "tests/scoped_temporary_file.h", |
| 103 | "tests/scoped_temporary_file_unittest.cc", |
jln | c420f0d | 2014-11-22 01:12:09 | [diff] [blame] | 104 | "tests/test_utils_unittest.cc", |
[email protected] | 232f6e11 | 2014-06-27 07:51:38 | [diff] [blame] | 105 | "tests/unit_tests_unittest.cc", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 106 | ] |
| 107 | |
| 108 | deps = [ |
| 109 | ":sandbox", |
| 110 | ":sandbox_linux_test_utils", |
| 111 | "//base", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 112 | "//testing/gtest", |
| 113 | ] |
| 114 | |
jln | 01954fd | 2015-05-15 06:19:33 | [diff] [blame] | 115 | if (use_base_test_suite) { |
| 116 | deps += [ "//base/test:test_support" ] |
| 117 | defines = [ "SANDBOX_USES_BASE_TEST_SUITE" ] |
| 118 | } |
| 119 | |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 120 | if (compile_suid_client) { |
mdempsky | 3cc942a | 2015-02-05 03:29:25 | [diff] [blame] | 121 | sources += [ |
| 122 | "suid/client/setuid_sandbox_client_unittest.cc", |
| 123 | "suid/client/setuid_sandbox_host_unittest.cc", |
| 124 | ] |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 125 | } |
| 126 | if (use_seccomp_bpf) { |
| 127 | sources += [ |
[email protected] | fb75e2a | 2014-07-17 07:24:58 | [diff] [blame] | 128 | "bpf_dsl/bpf_dsl_unittest.cc", |
mdempsky | b80b1f5 | 2015-02-05 00:54:35 | [diff] [blame] | 129 | "bpf_dsl/codegen_unittest.cc", |
[email protected] | fb75e2a | 2014-07-17 07:24:58 | [diff] [blame] | 130 | "bpf_dsl/cons_unittest.cc", |
mdempsky | 937389d | 2015-08-31 22:27:23 | [diff] [blame] | 131 | "bpf_dsl/dump_bpf.cc", |
| 132 | "bpf_dsl/dump_bpf.h", |
mdempsky | ce4c9f1 | 2015-02-05 06:23:05 | [diff] [blame] | 133 | "bpf_dsl/syscall_set_unittest.cc", |
mdempsky | 3909ebf | 2015-08-20 23:18:18 | [diff] [blame] | 134 | "bpf_dsl/test_trap_registry.cc", |
| 135 | "bpf_dsl/test_trap_registry.h", |
| 136 | "bpf_dsl/test_trap_registry_unittest.cc", |
mdempsky | 937389d | 2015-08-31 22:27:23 | [diff] [blame] | 137 | "bpf_dsl/verifier.cc", |
| 138 | "bpf_dsl/verifier.h", |
jln | aedcc3e | 2015-02-12 03:18:10 | [diff] [blame] | 139 | "integration_tests/bpf_dsl_seccomp_unittest.cc", |
| 140 | "integration_tests/seccomp_broker_process_unittest.cc", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 141 | "seccomp-bpf-helpers/baseline_policy_unittest.cc", |
jln | fcdfb10 | 2014-09-12 02:47:44 | [diff] [blame] | 142 | "seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 143 | "seccomp-bpf/bpf_tests_unittest.cc", |
jln | a29d0a3 | 2014-11-26 22:38:35 | [diff] [blame] | 144 | "seccomp-bpf/sandbox_bpf_unittest.cc", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 145 | "seccomp-bpf/syscall_unittest.cc", |
hidehiko | a926d0b | 2015-04-24 21:55:21 | [diff] [blame] | 146 | "seccomp-bpf/trap_unittest.cc", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 147 | ] |
mdempsky | a3fd0ec | 2015-08-26 00:45:52 | [diff] [blame] | 148 | deps += [ ":bpf_dsl_golden" ] |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 149 | } |
| 150 | if (compile_credentials) { |
| 151 | sources += [ |
jln | aedcc3e | 2015-02-12 03:18:10 | [diff] [blame] | 152 | "integration_tests/namespace_unix_domain_socket_unittest.cc", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 153 | "services/credentials_unittest.cc", |
rickyz | 41fb145 | 2015-01-27 03:57:58 | [diff] [blame] | 154 | "services/namespace_utils_unittest.cc", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 155 | ] |
rickyz | 966f039d | 2015-03-17 07:23:43 | [diff] [blame] | 156 | |
jln | 01954fd | 2015-05-15 06:19:33 | [diff] [blame] | 157 | if (use_base_test_suite) { |
| 158 | # Tests that use advanced features not available in stock GTest. |
| 159 | sources += [ "services/namespace_sandbox_unittest.cc" ] |
| 160 | } |
| 161 | |
rickyz | 966f039d | 2015-03-17 07:23:43 | [diff] [blame] | 162 | # For credentials_unittest.cc |
| 163 | configs += [ "//build/config/linux:libcap" ] |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 164 | } |
| 165 | } |
| 166 | |
mdempsky | a3fd0ec | 2015-08-26 00:45:52 | [diff] [blame] | 167 | action("bpf_dsl_golden") { |
| 168 | script = "bpf_dsl/golden/generate.py" |
| 169 | inputs = [ |
| 170 | "bpf_dsl/golden/i386/ArgSizePolicy.txt", |
| 171 | "bpf_dsl/golden/i386/BasicPolicy.txt", |
| 172 | "bpf_dsl/golden/i386/ElseIfPolicy.txt", |
| 173 | "bpf_dsl/golden/i386/MaskingPolicy.txt", |
| 174 | "bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt", |
| 175 | "bpf_dsl/golden/i386/NegativeConstantsPolicy.txt", |
| 176 | "bpf_dsl/golden/i386/SwitchPolicy.txt", |
| 177 | "bpf_dsl/golden/x86-64/ArgSizePolicy.txt", |
| 178 | "bpf_dsl/golden/x86-64/BasicPolicy.txt", |
| 179 | "bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt", |
| 180 | "bpf_dsl/golden/x86-64/ElseIfPolicy.txt", |
| 181 | "bpf_dsl/golden/x86-64/MaskingPolicy.txt", |
| 182 | "bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt", |
| 183 | "bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt", |
| 184 | "bpf_dsl/golden/x86-64/SwitchPolicy.txt", |
| 185 | ] |
| 186 | outputs = [ |
| 187 | "$target_gen_dir/bpf_dsl/golden/golden_files.h", |
| 188 | ] |
| 189 | args = |
| 190 | rebase_path(outputs, root_build_dir) + rebase_path(inputs, root_build_dir) |
| 191 | } |
| 192 | |
agrieve | 62ab0028 | 2016-04-05 02:03:45 | [diff] [blame] | 193 | test("sandbox_linux_unittests") { |
rockot | 86da06c7f | 2015-02-21 00:40:58 | [diff] [blame] | 194 | deps = [ |
| 195 | ":sandbox_linux_unittests_sources", |
pkotwicz | bbe8d90 | 2015-10-29 17:10:07 | [diff] [blame] | 196 | "//build/config/sanitizers:deps", |
rockot | 86da06c7f | 2015-02-21 00:40:58 | [diff] [blame] | 197 | ] |
agrieve | 62ab0028 | 2016-04-05 02:03:45 | [diff] [blame] | 198 | if (is_android) { |
| 199 | use_raw_android_executable = true |
| 200 | } |
rockot | 86da06c7f | 2015-02-21 00:40:58 | [diff] [blame] | 201 | } |
| 202 | |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 203 | component("seccomp_bpf") { |
| 204 | sources = [ |
[email protected] | fb75e2a | 2014-07-17 07:24:58 | [diff] [blame] | 205 | "bpf_dsl/bpf_dsl.cc", |
| 206 | "bpf_dsl/bpf_dsl.h", |
mdempsky | c60a1c5 | 2014-10-24 23:07:10 | [diff] [blame] | 207 | "bpf_dsl/bpf_dsl_forward.h", |
mdempsky | fb10cce | 2014-10-14 17:56:44 | [diff] [blame] | 208 | "bpf_dsl/bpf_dsl_impl.h", |
mdempsky | b80b1f5 | 2015-02-05 00:54:35 | [diff] [blame] | 209 | "bpf_dsl/codegen.cc", |
| 210 | "bpf_dsl/codegen.h", |
[email protected] | fb75e2a | 2014-07-17 07:24:58 | [diff] [blame] | 211 | "bpf_dsl/cons.h", |
mdempsky | 3909ebf | 2015-08-20 23:18:18 | [diff] [blame] | 212 | "bpf_dsl/errorcode.h", |
jln | a65ffca | 2015-02-13 04:12:43 | [diff] [blame] | 213 | "bpf_dsl/linux_syscall_ranges.h", |
mdempsky | c60a1c5 | 2014-10-24 23:07:10 | [diff] [blame] | 214 | "bpf_dsl/policy.cc", |
| 215 | "bpf_dsl/policy.h", |
mdempsky | 27e78ad7 | 2014-10-16 16:49:54 | [diff] [blame] | 216 | "bpf_dsl/policy_compiler.cc", |
| 217 | "bpf_dsl/policy_compiler.h", |
jln | a65ffca | 2015-02-13 04:12:43 | [diff] [blame] | 218 | "bpf_dsl/seccomp_macros.h", |
mdempsky | ce4c9f1 | 2015-02-05 06:23:05 | [diff] [blame] | 219 | "bpf_dsl/syscall_set.cc", |
| 220 | "bpf_dsl/syscall_set.h", |
mdempsky | 27e78ad7 | 2014-10-16 16:49:54 | [diff] [blame] | 221 | "bpf_dsl/trap_registry.h", |
ejcaruso | b786580 | 2016-08-30 06:14:30 | [diff] [blame] | 222 | "seccomp-bpf-helpers/baseline_policy.cc", |
| 223 | "seccomp-bpf-helpers/baseline_policy.h", |
| 224 | "seccomp-bpf-helpers/sigsys_handlers.cc", |
| 225 | "seccomp-bpf-helpers/sigsys_handlers.h", |
| 226 | "seccomp-bpf-helpers/syscall_parameters_restrictions.cc", |
| 227 | "seccomp-bpf-helpers/syscall_parameters_restrictions.h", |
| 228 | "seccomp-bpf-helpers/syscall_sets.cc", |
| 229 | "seccomp-bpf-helpers/syscall_sets.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 230 | "seccomp-bpf/die.cc", |
| 231 | "seccomp-bpf/die.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 232 | "seccomp-bpf/sandbox_bpf.cc", |
| 233 | "seccomp-bpf/sandbox_bpf.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 234 | "seccomp-bpf/syscall.cc", |
| 235 | "seccomp-bpf/syscall.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 236 | "seccomp-bpf/trap.cc", |
| 237 | "seccomp-bpf/trap.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 238 | ] |
| 239 | defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 240 | |
brettw | 6334088 | 2016-03-22 17:09:49 | [diff] [blame] | 241 | public_deps = [ |
| 242 | ":sandbox_services_headers", |
Thiago Farina | 10ec8a6 | 2017-05-15 20:38:09 | [diff] [blame^] | 243 | "//sandbox:sandbox_export", |
brettw | 6334088 | 2016-03-22 17:09:49 | [diff] [blame] | 244 | ] |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 245 | deps = [ |
jln | bd4df41c | 2014-11-25 02:32:30 | [diff] [blame] | 246 | ":sandbox_services", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 247 | "//base", |
| 248 | ] |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 249 | |
| 250 | if (is_nacl_nonsfi) { |
| 251 | cflags = [ "-fgnu-inline-asm" ] |
| 252 | sources -= [ |
| 253 | "bpf_dsl/bpf_dsl_forward.h", |
| 254 | "bpf_dsl/bpf_dsl_impl.h", |
| 255 | "bpf_dsl/cons.h", |
| 256 | "bpf_dsl/errorcode.h", |
| 257 | "bpf_dsl/linux_syscall_ranges.h", |
| 258 | "bpf_dsl/seccomp_macros.h", |
| 259 | "bpf_dsl/trap_registry.h", |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 260 | "seccomp-bpf-helpers/baseline_policy.cc", |
| 261 | "seccomp-bpf-helpers/baseline_policy.h", |
| 262 | "seccomp-bpf-helpers/syscall_sets.cc", |
| 263 | "seccomp-bpf-helpers/syscall_sets.h", |
| 264 | ] |
| 265 | configs += [ ":nacl_nonsfi_warnings" ] |
| 266 | } |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 267 | } |
| 268 | |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 269 | if (is_linux) { |
scottmg | 34fb7e5 | 2014-12-03 23:27:24 | [diff] [blame] | 270 | # The setuid sandbox for Linux. |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 271 | executable("chrome_sandbox") { |
| 272 | sources = [ |
| 273 | "suid/common/sandbox.h", |
| 274 | "suid/common/suid_unsafe_environment_variables.h", |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 275 | "suid/process_util.h", |
| 276 | "suid/process_util_linux.c", |
| 277 | "suid/sandbox.c", |
| 278 | ] |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 279 | |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 280 | cflags = [ |
| 281 | # For ULLONG_MAX |
| 282 | "-std=gnu99", |
scottmg | 34fb7e5 | 2014-12-03 23:27:24 | [diff] [blame] | 283 | |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 284 | # These files have a suspicious comparison. |
| 285 | # TODO fix this and re-enable this warning. |
| 286 | "-Wno-sign-compare", |
| 287 | ] |
brettw | ba7a73d | 2015-08-31 22:17:39 | [diff] [blame] | 288 | |
dpranke | 3ea22b3a | 2016-06-09 23:39:50 | [diff] [blame] | 289 | import("//build/config/compiler/compiler.gni") |
| 290 | import("//build/config/sanitizers/sanitizers.gni") |
dpranke | 651705f | 2016-07-15 03:58:47 | [diff] [blame] | 291 | if (is_component_build || using_sanitizer) { |
dpranke | 3ea22b3a | 2016-06-09 23:39:50 | [diff] [blame] | 292 | # WARNING! We remove this config so that we don't accidentally |
| 293 | # pick up the //build/config:rpath_for_built_shared_libraries |
| 294 | # sub-config. However, this means that we need to duplicate any |
| 295 | # other flags that executable_config might have. |
| 296 | configs -= [ "//build/config:executable_config" ] |
| 297 | if (!use_gold) { |
dpranke | 41d05be | 2016-06-13 18:59:31 | [diff] [blame] | 298 | ldflags = [ "-Wl,--disable-new-dtags" ] |
dpranke | 3ea22b3a | 2016-06-09 23:39:50 | [diff] [blame] | 299 | } |
| 300 | } |
| 301 | |
dpranke | 651705f | 2016-07-15 03:58:47 | [diff] [blame] | 302 | # We also do not want to pick up any of the other sanitizer |
| 303 | # flags (i.e. we do not want to build w/ the sanitizers at all). |
| 304 | # This is safe to delete unconditionally, because it is part of the |
| 305 | # default configs and empty when not using the sanitizers. |
| 306 | configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ] |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 307 | } |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 308 | } |
| 309 | |
| 310 | component("sandbox_services") { |
| 311 | sources = [ |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 312 | "services/init_process_reaper.cc", |
| 313 | "services/init_process_reaper.h", |
jln | b14fc80 | 2015-02-12 05:32:11 | [diff] [blame] | 314 | "services/proc_util.cc", |
| 315 | "services/proc_util.h", |
jln | 97718598 | 2015-02-13 20:58:41 | [diff] [blame] | 316 | "services/resource_limits.cc", |
| 317 | "services/resource_limits.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 318 | "services/scoped_process.cc", |
| 319 | "services/scoped_process.h", |
jln | 610a4a61 | 2014-11-20 18:58:21 | [diff] [blame] | 320 | "services/syscall_wrappers.cc", |
| 321 | "services/syscall_wrappers.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 322 | "services/thread_helpers.cc", |
| 323 | "services/thread_helpers.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 324 | "services/yama.cc", |
jln | b14fc80 | 2015-02-12 05:32:11 | [diff] [blame] | 325 | "services/yama.h", |
jln | 878dca3 | 2014-11-11 07:43:57 | [diff] [blame] | 326 | "syscall_broker/broker_channel.cc", |
| 327 | "syscall_broker/broker_channel.h", |
jln | 70c42c20 | 2014-11-01 00:59:57 | [diff] [blame] | 328 | "syscall_broker/broker_client.cc", |
| 329 | "syscall_broker/broker_client.h", |
| 330 | "syscall_broker/broker_common.h", |
leecam | ad78f42 | 2014-11-26 22:08:45 | [diff] [blame] | 331 | "syscall_broker/broker_file_permission.cc", |
| 332 | "syscall_broker/broker_file_permission.h", |
jln | 70c42c20 | 2014-11-01 00:59:57 | [diff] [blame] | 333 | "syscall_broker/broker_host.cc", |
| 334 | "syscall_broker/broker_host.h", |
| 335 | "syscall_broker/broker_policy.cc", |
| 336 | "syscall_broker/broker_policy.h", |
| 337 | "syscall_broker/broker_process.cc", |
| 338 | "syscall_broker/broker_process.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 339 | ] |
| 340 | |
| 341 | defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 342 | |
Thiago Farina | 10ec8a6 | 2017-05-15 20:38:09 | [diff] [blame^] | 343 | public_deps = [ |
| 344 | "//sandbox:sandbox_export", |
| 345 | ] |
rickyz | 966f039d | 2015-03-17 07:23:43 | [diff] [blame] | 346 | deps = [ |
| 347 | "//base", |
| 348 | ] |
| 349 | |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 350 | if (compile_credentials || is_nacl_nonsfi) { |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 351 | sources += [ |
| 352 | "services/credentials.cc", |
| 353 | "services/credentials.h", |
rickyz | 8f235da | 2015-02-03 07:26:19 | [diff] [blame] | 354 | "services/namespace_sandbox.cc", |
| 355 | "services/namespace_sandbox.h", |
rickyz | 41fb145 | 2015-01-27 03:57:58 | [diff] [blame] | 356 | "services/namespace_utils.cc", |
| 357 | "services/namespace_utils.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 358 | ] |
scottmg | 34fb7e5 | 2014-12-03 23:27:24 | [diff] [blame] | 359 | |
brettw | 6334088 | 2016-03-22 17:09:49 | [diff] [blame] | 360 | public_deps += [ ":sandbox_services_headers" ] |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 361 | } |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 362 | |
| 363 | if (is_nacl_nonsfi) { |
mcgrathr | 87cb1c07 | 2015-11-20 21:47:40 | [diff] [blame] | 364 | cflags = [ "-fgnu-inline-asm" ] |
| 365 | |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 366 | sources -= [ |
| 367 | "services/init_process_reaper.cc", |
| 368 | "services/init_process_reaper.h", |
| 369 | "services/scoped_process.cc", |
| 370 | "services/scoped_process.h", |
| 371 | "services/yama.cc", |
| 372 | "services/yama.h", |
| 373 | "syscall_broker/broker_channel.cc", |
| 374 | "syscall_broker/broker_channel.h", |
| 375 | "syscall_broker/broker_client.cc", |
| 376 | "syscall_broker/broker_client.h", |
| 377 | "syscall_broker/broker_common.h", |
| 378 | "syscall_broker/broker_file_permission.cc", |
| 379 | "syscall_broker/broker_file_permission.h", |
| 380 | "syscall_broker/broker_host.cc", |
| 381 | "syscall_broker/broker_host.h", |
| 382 | "syscall_broker/broker_policy.cc", |
| 383 | "syscall_broker/broker_policy.h", |
| 384 | "syscall_broker/broker_process.cc", |
| 385 | "syscall_broker/broker_process.h", |
| 386 | ] |
| 387 | } |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 388 | } |
| 389 | |
| 390 | source_set("sandbox_services_headers") { |
| 391 | sources = [ |
jln | aedcc3e | 2015-02-12 03:18:10 | [diff] [blame] | 392 | "system_headers/arm64_linux_syscalls.h", |
hidehiko | a926d0b | 2015-04-24 21:55:21 | [diff] [blame] | 393 | "system_headers/arm64_linux_ucontext.h", |
jln | a65ffca | 2015-02-13 04:12:43 | [diff] [blame] | 394 | "system_headers/arm_linux_syscalls.h", |
hidehiko | a926d0b | 2015-04-24 21:55:21 | [diff] [blame] | 395 | "system_headers/arm_linux_ucontext.h", |
| 396 | "system_headers/i386_linux_ucontext.h", |
tfarina | 1d7984c | 2017-03-27 23:00:22 | [diff] [blame] | 397 | "system_headers/linux_filter.h", |
dnicoara | 9717805 | 2015-04-15 17:44:04 | [diff] [blame] | 398 | "system_headers/linux_futex.h", |
jln | a65ffca | 2015-02-13 04:12:43 | [diff] [blame] | 399 | "system_headers/linux_seccomp.h", |
hidehiko | a926d0b | 2015-04-24 21:55:21 | [diff] [blame] | 400 | "system_headers/linux_signal.h", |
jln | aedcc3e | 2015-02-12 03:18:10 | [diff] [blame] | 401 | "system_headers/linux_syscalls.h", |
ben | 7598f46 | 2015-05-22 23:19:51 | [diff] [blame] | 402 | "system_headers/linux_time.h", |
hidehiko | a926d0b | 2015-04-24 21:55:21 | [diff] [blame] | 403 | "system_headers/linux_ucontext.h", |
tfarina | 1d7984c | 2017-03-27 23:00:22 | [diff] [blame] | 404 | "system_headers/mips64_linux_syscalls.h", |
| 405 | "system_headers/mips_linux_syscalls.h", |
| 406 | "system_headers/mips_linux_ucontext.h", |
jln | aedcc3e | 2015-02-12 03:18:10 | [diff] [blame] | 407 | "system_headers/x86_32_linux_syscalls.h", |
| 408 | "system_headers/x86_64_linux_syscalls.h", |
tfarina | 1d7984c | 2017-03-27 23:00:22 | [diff] [blame] | 409 | "system_headers/x86_64_linux_ucontext.h", |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 410 | ] |
| 411 | } |
| 412 | |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 413 | if (compile_suid_client || is_nacl_nonsfi) { |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 414 | component("suid_sandbox_client") { |
| 415 | sources = [ |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 416 | "suid/client/setuid_sandbox_client.cc", |
| 417 | "suid/client/setuid_sandbox_client.h", |
mdempsky | 3cc942a | 2015-02-05 03:29:25 | [diff] [blame] | 418 | "suid/client/setuid_sandbox_host.cc", |
| 419 | "suid/client/setuid_sandbox_host.h", |
scottmg | 7c7296f4 | 2015-02-28 02:23:09 | [diff] [blame] | 420 | "suid/common/sandbox.h", |
| 421 | "suid/common/suid_unsafe_environment_variables.h", |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 422 | ] |
| 423 | defines = [ "SANDBOX_IMPLEMENTATION" ] |
Thiago Farina | 10ec8a6 | 2017-05-15 20:38:09 | [diff] [blame^] | 424 | public_deps = [ |
| 425 | "//sandbox:sandbox_export", |
| 426 | ] |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 427 | deps = [ |
| 428 | ":sandbox_services", |
| 429 | "//base", |
| 430 | ] |
phosek | 636bceb3 | 2015-10-27 03:36:48 | [diff] [blame] | 431 | |
| 432 | if (is_nacl_nonsfi) { |
| 433 | sources -= [ |
| 434 | "suid/client/setuid_sandbox_host.cc", |
| 435 | "suid/client/setuid_sandbox_host.h", |
| 436 | "suid/common/sandbox.h", |
| 437 | "suid/common/suid_unsafe_environment_variables.h", |
| 438 | ] |
| 439 | } |
James Robinson | 060f2e3 | 2014-09-10 22:31:37 | [diff] [blame] | 440 | } |
[email protected] | 75cd8f0 | 2014-05-29 20:56:02 | [diff] [blame] | 441 | } |