Google Git
Sign in
chromium / chromium / src.git / 10ec8a62efd2843f18facd2dfe29bc31b874c2cc / . / sandbox / linux / BUILD.gn
blob: fe535bb8a5f71e0573f2ecebb2ebe9625f97b401 [file] [log] [blame]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]1# Copyright 2014 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import("//build/config/features.gni")
phosek636bceb32015-10-27 03:36:48[diff] [blame]6import("//build/config/nacl/config.gni")
rsesek7b1273af02016-12-06 20:55:47[diff] [blame]7import("//sandbox/features.gni")
qsrfb5251d12015-01-21 15:57:22[diff] [blame]8import("//testing/test.gni")
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]9
pkotwiczbbe8d902015-10-29 17:10:07[diff] [blame]10if (is_android) {
11 import("//build/config/android/rules.gni")
12}
13
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]14declare_args() {
15 compile_suid_client = is_linux
16
17 compile_credentials = is_linux
18
jln01954fd2015-05-15 06:19:33[diff] [blame]19 # On Android, use plain GTest.
20 use_base_test_suite = is_linux
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]21}
22
phosek636bceb32015-10-27 03:36:48[diff] [blame]23if (is_nacl_nonsfi) {
24 config("nacl_nonsfi_warnings") {
25 # There are number of platform specific functions in
26 # seccomp-bpf syscall helpers, which are not being used.
27 cflags = [ "-Wno-unused-function" ]
28 }
29}
30
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]31# We have two principal targets: sandbox and sandbox_linux_unittests
32# All other targets are listed as dependencies.
33# There is one notable exception: for historical reasons, chrome_sandbox is
34# the setuid sandbox and is its own target.
35
36group("sandbox") {
brettw00709df2015-12-02 01:40:50[diff] [blame]37 public_deps = [
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]38 ":sandbox_services",
39 ]
40
phosek636bceb32015-10-27 03:36:48[diff] [blame]41 if (compile_suid_client || is_nacl_nonsfi) {
brettw00709df2015-12-02 01:40:50[diff] [blame]42 public_deps += [ ":suid_sandbox_client" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]43 }
phosek636bceb32015-10-27 03:36:48[diff] [blame]44 if (use_seccomp_bpf || is_nacl_nonsfi) {
ejcarusob7865802016-08-30 06:14:30[diff] [blame]45 public_deps += [ ":seccomp_bpf" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]46 }
47}
48
49source_set("sandbox_linux_test_utils") {
Brett Wilson0c8745a2014-09-08 22:59:49[diff] [blame]50 testonly = true
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]51 sources = [
52 "tests/sandbox_test_runner.cc",
53 "tests/sandbox_test_runner.h",
54 "tests/sandbox_test_runner_function_pointer.cc",
55 "tests/sandbox_test_runner_function_pointer.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]56 "tests/unit_tests.cc",
57 "tests/unit_tests.h",
58 ]
59
60 deps = [
61 "//testing/gtest",
62 ]
63
phosekca8571a92015-12-17 16:35:42[diff] [blame]64 if (!is_nacl_nonsfi) {
65 sources += [
66 "tests/test_utils.cc",
67 "tests/test_utils.h",
68 ]
69 }
70
71 if (use_seccomp_bpf || is_nacl_nonsfi) {
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]72 sources += [
73 "seccomp-bpf/bpf_tester_compatibility_delegate.h",
74 "seccomp-bpf/bpf_tests.h",
75 "seccomp-bpf/sandbox_bpf_test_runner.cc",
76 "seccomp-bpf/sandbox_bpf_test_runner.h",
77 ]
scottmg34fb7e52014-12-03 23:27:24[diff] [blame]78 deps += [ ":seccomp_bpf" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]79 }
jln01954fd2015-05-15 06:19:33[diff] [blame]80
81 if (use_base_test_suite) {
82 deps += [ "//base/test:test_support" ]
83 defines = [ "SANDBOX_USES_BASE_TEST_SUITE" ]
84 }
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]85}
86
pkotwicz41889e32015-10-28 22:17:48[diff] [blame]87# Sources for sandbox_linux_unittests.
rockot86da06c7f2015-02-21 00:40:58[diff] [blame]88source_set("sandbox_linux_unittests_sources") {
89 testonly = true
90
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]91 sources = [
jlnb14fc802015-02-12 05:32:11[diff] [blame]92 "services/proc_util_unittest.cc",
jln977185982015-02-13 20:58:41[diff] [blame]93 "services/resource_limits_unittests.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]94 "services/scoped_process_unittest.cc",
jlnc420f0d2014-11-22 01:12:09[diff] [blame]95 "services/syscall_wrappers_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]96 "services/thread_helpers_unittests.cc",
97 "services/yama_unittests.cc",
leecamad78f422014-11-26 22:08:45[diff] [blame]98 "syscall_broker/broker_file_permission_unittest.cc",
jln70c42c202014-11-01 00:59:57[diff] [blame]99 "syscall_broker/broker_process_unittest.cc",
[email protected]232f6e112014-06-27 07:51:38[diff] [blame]100 "tests/main.cc",
101 "tests/scoped_temporary_file.cc",
102 "tests/scoped_temporary_file.h",
103 "tests/scoped_temporary_file_unittest.cc",
jlnc420f0d2014-11-22 01:12:09[diff] [blame]104 "tests/test_utils_unittest.cc",
[email protected]232f6e112014-06-27 07:51:38[diff] [blame]105 "tests/unit_tests_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]106 ]
107
108 deps = [
109 ":sandbox",
110 ":sandbox_linux_test_utils",
111 "//base",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]112 "//testing/gtest",
113 ]
114
jln01954fd2015-05-15 06:19:33[diff] [blame]115 if (use_base_test_suite) {
116 deps += [ "//base/test:test_support" ]
117 defines = [ "SANDBOX_USES_BASE_TEST_SUITE" ]
118 }
119
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]120 if (compile_suid_client) {
mdempsky3cc942a2015-02-05 03:29:25[diff] [blame]121 sources += [
122 "suid/client/setuid_sandbox_client_unittest.cc",
123 "suid/client/setuid_sandbox_host_unittest.cc",
124 ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]125 }
126 if (use_seccomp_bpf) {
127 sources += [
[email protected]fb75e2a2014-07-17 07:24:58[diff] [blame]128 "bpf_dsl/bpf_dsl_unittest.cc",
mdempskyb80b1f52015-02-05 00:54:35[diff] [blame]129 "bpf_dsl/codegen_unittest.cc",
[email protected]fb75e2a2014-07-17 07:24:58[diff] [blame]130 "bpf_dsl/cons_unittest.cc",
mdempsky937389d2015-08-31 22:27:23[diff] [blame]131 "bpf_dsl/dump_bpf.cc",
132 "bpf_dsl/dump_bpf.h",
mdempskyce4c9f12015-02-05 06:23:05[diff] [blame]133 "bpf_dsl/syscall_set_unittest.cc",
mdempsky3909ebf2015-08-20 23:18:18[diff] [blame]134 "bpf_dsl/test_trap_registry.cc",
135 "bpf_dsl/test_trap_registry.h",
136 "bpf_dsl/test_trap_registry_unittest.cc",
mdempsky937389d2015-08-31 22:27:23[diff] [blame]137 "bpf_dsl/verifier.cc",
138 "bpf_dsl/verifier.h",
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]139 "integration_tests/bpf_dsl_seccomp_unittest.cc",
140 "integration_tests/seccomp_broker_process_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]141 "seccomp-bpf-helpers/baseline_policy_unittest.cc",
jlnfcdfb102014-09-12 02:47:44[diff] [blame]142 "seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]143 "seccomp-bpf/bpf_tests_unittest.cc",
jlna29d0a32014-11-26 22:38:35[diff] [blame]144 "seccomp-bpf/sandbox_bpf_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]145 "seccomp-bpf/syscall_unittest.cc",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]146 "seccomp-bpf/trap_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]147 ]
mdempskya3fd0ec2015-08-26 00:45:52[diff] [blame]148 deps += [ ":bpf_dsl_golden" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]149 }
150 if (compile_credentials) {
151 sources += [
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]152 "integration_tests/namespace_unix_domain_socket_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]153 "services/credentials_unittest.cc",
rickyz41fb1452015-01-27 03:57:58[diff] [blame]154 "services/namespace_utils_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]155 ]
rickyz966f039d2015-03-17 07:23:43[diff] [blame]156
jln01954fd2015-05-15 06:19:33[diff] [blame]157 if (use_base_test_suite) {
158 # Tests that use advanced features not available in stock GTest.
159 sources += [ "services/namespace_sandbox_unittest.cc" ]
160 }
161
rickyz966f039d2015-03-17 07:23:43[diff] [blame]162 # For credentials_unittest.cc
163 configs += [ "//build/config/linux:libcap" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]164 }
165}
166
mdempskya3fd0ec2015-08-26 00:45:52[diff] [blame]167action("bpf_dsl_golden") {
168 script = "bpf_dsl/golden/generate.py"
169 inputs = [
170 "bpf_dsl/golden/i386/ArgSizePolicy.txt",
171 "bpf_dsl/golden/i386/BasicPolicy.txt",
172 "bpf_dsl/golden/i386/ElseIfPolicy.txt",
173 "bpf_dsl/golden/i386/MaskingPolicy.txt",
174 "bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt",
175 "bpf_dsl/golden/i386/NegativeConstantsPolicy.txt",
176 "bpf_dsl/golden/i386/SwitchPolicy.txt",
177 "bpf_dsl/golden/x86-64/ArgSizePolicy.txt",
178 "bpf_dsl/golden/x86-64/BasicPolicy.txt",
179 "bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt",
180 "bpf_dsl/golden/x86-64/ElseIfPolicy.txt",
181 "bpf_dsl/golden/x86-64/MaskingPolicy.txt",
182 "bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt",
183 "bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt",
184 "bpf_dsl/golden/x86-64/SwitchPolicy.txt",
185 ]
186 outputs = [
187 "$target_gen_dir/bpf_dsl/golden/golden_files.h",
188 ]
189 args =
190 rebase_path(outputs, root_build_dir) + rebase_path(inputs, root_build_dir)
191}
192
agrieve62ab00282016-04-05 02:03:45[diff] [blame]193test("sandbox_linux_unittests") {
rockot86da06c7f2015-02-21 00:40:58[diff] [blame]194 deps = [
195 ":sandbox_linux_unittests_sources",
pkotwiczbbe8d902015-10-29 17:10:07[diff] [blame]196 "//build/config/sanitizers:deps",
rockot86da06c7f2015-02-21 00:40:58[diff] [blame]197 ]
agrieve62ab00282016-04-05 02:03:45[diff] [blame]198 if (is_android) {
199 use_raw_android_executable = true
200 }
rockot86da06c7f2015-02-21 00:40:58[diff] [blame]201}
202
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]203component("seccomp_bpf") {
204 sources = [
[email protected]fb75e2a2014-07-17 07:24:58[diff] [blame]205 "bpf_dsl/bpf_dsl.cc",
206 "bpf_dsl/bpf_dsl.h",
mdempskyc60a1c52014-10-24 23:07:10[diff] [blame]207 "bpf_dsl/bpf_dsl_forward.h",
mdempskyfb10cce2014-10-14 17:56:44[diff] [blame]208 "bpf_dsl/bpf_dsl_impl.h",
mdempskyb80b1f52015-02-05 00:54:35[diff] [blame]209 "bpf_dsl/codegen.cc",
210 "bpf_dsl/codegen.h",
[email protected]fb75e2a2014-07-17 07:24:58[diff] [blame]211 "bpf_dsl/cons.h",
mdempsky3909ebf2015-08-20 23:18:18[diff] [blame]212 "bpf_dsl/errorcode.h",
jlna65ffca2015-02-13 04:12:43[diff] [blame]213 "bpf_dsl/linux_syscall_ranges.h",
mdempskyc60a1c52014-10-24 23:07:10[diff] [blame]214 "bpf_dsl/policy.cc",
215 "bpf_dsl/policy.h",
mdempsky27e78ad72014-10-16 16:49:54[diff] [blame]216 "bpf_dsl/policy_compiler.cc",
217 "bpf_dsl/policy_compiler.h",
jlna65ffca2015-02-13 04:12:43[diff] [blame]218 "bpf_dsl/seccomp_macros.h",
mdempskyce4c9f12015-02-05 06:23:05[diff] [blame]219 "bpf_dsl/syscall_set.cc",
220 "bpf_dsl/syscall_set.h",
mdempsky27e78ad72014-10-16 16:49:54[diff] [blame]221 "bpf_dsl/trap_registry.h",
ejcarusob7865802016-08-30 06:14:30[diff] [blame]222 "seccomp-bpf-helpers/baseline_policy.cc",
223 "seccomp-bpf-helpers/baseline_policy.h",
224 "seccomp-bpf-helpers/sigsys_handlers.cc",
225 "seccomp-bpf-helpers/sigsys_handlers.h",
226 "seccomp-bpf-helpers/syscall_parameters_restrictions.cc",
227 "seccomp-bpf-helpers/syscall_parameters_restrictions.h",
228 "seccomp-bpf-helpers/syscall_sets.cc",
229 "seccomp-bpf-helpers/syscall_sets.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]230 "seccomp-bpf/die.cc",
231 "seccomp-bpf/die.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]232 "seccomp-bpf/sandbox_bpf.cc",
233 "seccomp-bpf/sandbox_bpf.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]234 "seccomp-bpf/syscall.cc",
235 "seccomp-bpf/syscall.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]236 "seccomp-bpf/trap.cc",
237 "seccomp-bpf/trap.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]238 ]
239 defines = [ "SANDBOX_IMPLEMENTATION" ]
240
brettw63340882016-03-22 17:09:49[diff] [blame]241 public_deps = [
242 ":sandbox_services_headers",
Thiago Farina10ec8a62017-05-15 20:38:09[diff] [blame^]243 "//sandbox:sandbox_export",
brettw63340882016-03-22 17:09:49[diff] [blame]244 ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]245 deps = [
jlnbd4df41c2014-11-25 02:32:30[diff] [blame]246 ":sandbox_services",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]247 "//base",
248 ]
phosek636bceb32015-10-27 03:36:48[diff] [blame]249
250 if (is_nacl_nonsfi) {
251 cflags = [ "-fgnu-inline-asm" ]
252 sources -= [
253 "bpf_dsl/bpf_dsl_forward.h",
254 "bpf_dsl/bpf_dsl_impl.h",
255 "bpf_dsl/cons.h",
256 "bpf_dsl/errorcode.h",
257 "bpf_dsl/linux_syscall_ranges.h",
258 "bpf_dsl/seccomp_macros.h",
259 "bpf_dsl/trap_registry.h",
phosek636bceb32015-10-27 03:36:48[diff] [blame]260 "seccomp-bpf-helpers/baseline_policy.cc",
261 "seccomp-bpf-helpers/baseline_policy.h",
262 "seccomp-bpf-helpers/syscall_sets.cc",
263 "seccomp-bpf-helpers/syscall_sets.h",
264 ]
265 configs += [ ":nacl_nonsfi_warnings" ]
266 }
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]267}
268
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]269if (is_linux) {
scottmg34fb7e52014-12-03 23:27:24[diff] [blame]270 # The setuid sandbox for Linux.
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]271 executable("chrome_sandbox") {
272 sources = [
273 "suid/common/sandbox.h",
274 "suid/common/suid_unsafe_environment_variables.h",
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]275 "suid/process_util.h",
276 "suid/process_util_linux.c",
277 "suid/sandbox.c",
278 ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]279
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]280 cflags = [
281 # For ULLONG_MAX
282 "-std=gnu99",
scottmg34fb7e52014-12-03 23:27:24[diff] [blame]283
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]284 # These files have a suspicious comparison.
285 # TODO fix this and re-enable this warning.
286 "-Wno-sign-compare",
287 ]
brettwba7a73d2015-08-31 22:17:39[diff] [blame]288
dpranke3ea22b3a2016-06-09 23:39:50[diff] [blame]289 import("//build/config/compiler/compiler.gni")
290 import("//build/config/sanitizers/sanitizers.gni")
dpranke651705f2016-07-15 03:58:47[diff] [blame]291 if (is_component_build || using_sanitizer) {
dpranke3ea22b3a2016-06-09 23:39:50[diff] [blame]292 # WARNING! We remove this config so that we don't accidentally
293 # pick up the //build/config:rpath_for_built_shared_libraries
294 # sub-config. However, this means that we need to duplicate any
295 # other flags that executable_config might have.
296 configs -= [ "//build/config:executable_config" ]
297 if (!use_gold) {
dpranke41d05be2016-06-13 18:59:31[diff] [blame]298 ldflags = [ "-Wl,--disable-new-dtags" ]
dpranke3ea22b3a2016-06-09 23:39:50[diff] [blame]299 }
300 }
301
dpranke651705f2016-07-15 03:58:47[diff] [blame]302 # We also do not want to pick up any of the other sanitizer
303 # flags (i.e. we do not want to build w/ the sanitizers at all).
304 # This is safe to delete unconditionally, because it is part of the
305 # default configs and empty when not using the sanitizers.
306 configs -= [ "//build/config/sanitizers:default_sanitizer_flags" ]
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]307 }
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]308}
309
310component("sandbox_services") {
311 sources = [
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]312 "services/init_process_reaper.cc",
313 "services/init_process_reaper.h",
jlnb14fc802015-02-12 05:32:11[diff] [blame]314 "services/proc_util.cc",
315 "services/proc_util.h",
jln977185982015-02-13 20:58:41[diff] [blame]316 "services/resource_limits.cc",
317 "services/resource_limits.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]318 "services/scoped_process.cc",
319 "services/scoped_process.h",
jln610a4a612014-11-20 18:58:21[diff] [blame]320 "services/syscall_wrappers.cc",
321 "services/syscall_wrappers.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]322 "services/thread_helpers.cc",
323 "services/thread_helpers.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]324 "services/yama.cc",
jlnb14fc802015-02-12 05:32:11[diff] [blame]325 "services/yama.h",
jln878dca32014-11-11 07:43:57[diff] [blame]326 "syscall_broker/broker_channel.cc",
327 "syscall_broker/broker_channel.h",
jln70c42c202014-11-01 00:59:57[diff] [blame]328 "syscall_broker/broker_client.cc",
329 "syscall_broker/broker_client.h",
330 "syscall_broker/broker_common.h",
leecamad78f422014-11-26 22:08:45[diff] [blame]331 "syscall_broker/broker_file_permission.cc",
332 "syscall_broker/broker_file_permission.h",
jln70c42c202014-11-01 00:59:57[diff] [blame]333 "syscall_broker/broker_host.cc",
334 "syscall_broker/broker_host.h",
335 "syscall_broker/broker_policy.cc",
336 "syscall_broker/broker_policy.h",
337 "syscall_broker/broker_process.cc",
338 "syscall_broker/broker_process.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]339 ]
340
341 defines = [ "SANDBOX_IMPLEMENTATION" ]
342
Thiago Farina10ec8a62017-05-15 20:38:09[diff] [blame^]343 public_deps = [
344 "//sandbox:sandbox_export",
345 ]
rickyz966f039d2015-03-17 07:23:43[diff] [blame]346 deps = [
347 "//base",
348 ]
349
phosek636bceb32015-10-27 03:36:48[diff] [blame]350 if (compile_credentials || is_nacl_nonsfi) {
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]351 sources += [
352 "services/credentials.cc",
353 "services/credentials.h",
rickyz8f235da2015-02-03 07:26:19[diff] [blame]354 "services/namespace_sandbox.cc",
355 "services/namespace_sandbox.h",
rickyz41fb1452015-01-27 03:57:58[diff] [blame]356 "services/namespace_utils.cc",
357 "services/namespace_utils.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]358 ]
scottmg34fb7e52014-12-03 23:27:24[diff] [blame]359
brettw63340882016-03-22 17:09:49[diff] [blame]360 public_deps += [ ":sandbox_services_headers" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]361 }
phosek636bceb32015-10-27 03:36:48[diff] [blame]362
363 if (is_nacl_nonsfi) {
mcgrathr87cb1c072015-11-20 21:47:40[diff] [blame]364 cflags = [ "-fgnu-inline-asm" ]
365
phosek636bceb32015-10-27 03:36:48[diff] [blame]366 sources -= [
367 "services/init_process_reaper.cc",
368 "services/init_process_reaper.h",
369 "services/scoped_process.cc",
370 "services/scoped_process.h",
371 "services/yama.cc",
372 "services/yama.h",
373 "syscall_broker/broker_channel.cc",
374 "syscall_broker/broker_channel.h",
375 "syscall_broker/broker_client.cc",
376 "syscall_broker/broker_client.h",
377 "syscall_broker/broker_common.h",
378 "syscall_broker/broker_file_permission.cc",
379 "syscall_broker/broker_file_permission.h",
380 "syscall_broker/broker_host.cc",
381 "syscall_broker/broker_host.h",
382 "syscall_broker/broker_policy.cc",
383 "syscall_broker/broker_policy.h",
384 "syscall_broker/broker_process.cc",
385 "syscall_broker/broker_process.h",
386 ]
387 }
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]388}
389
390source_set("sandbox_services_headers") {
391 sources = [
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]392 "system_headers/arm64_linux_syscalls.h",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]393 "system_headers/arm64_linux_ucontext.h",
jlna65ffca2015-02-13 04:12:43[diff] [blame]394 "system_headers/arm_linux_syscalls.h",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]395 "system_headers/arm_linux_ucontext.h",
396 "system_headers/i386_linux_ucontext.h",
tfarina1d7984c2017-03-27 23:00:22[diff] [blame]397 "system_headers/linux_filter.h",
dnicoara97178052015-04-15 17:44:04[diff] [blame]398 "system_headers/linux_futex.h",
jlna65ffca2015-02-13 04:12:43[diff] [blame]399 "system_headers/linux_seccomp.h",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]400 "system_headers/linux_signal.h",
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]401 "system_headers/linux_syscalls.h",
ben7598f462015-05-22 23:19:51[diff] [blame]402 "system_headers/linux_time.h",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]403 "system_headers/linux_ucontext.h",
tfarina1d7984c2017-03-27 23:00:22[diff] [blame]404 "system_headers/mips64_linux_syscalls.h",
405 "system_headers/mips_linux_syscalls.h",
406 "system_headers/mips_linux_ucontext.h",
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]407 "system_headers/x86_32_linux_syscalls.h",
408 "system_headers/x86_64_linux_syscalls.h",
tfarina1d7984c2017-03-27 23:00:22[diff] [blame]409 "system_headers/x86_64_linux_ucontext.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]410 ]
411}
412
phosek636bceb32015-10-27 03:36:48[diff] [blame]413if (compile_suid_client || is_nacl_nonsfi) {
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]414 component("suid_sandbox_client") {
415 sources = [
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]416 "suid/client/setuid_sandbox_client.cc",
417 "suid/client/setuid_sandbox_client.h",
mdempsky3cc942a2015-02-05 03:29:25[diff] [blame]418 "suid/client/setuid_sandbox_host.cc",
419 "suid/client/setuid_sandbox_host.h",
scottmg7c7296f42015-02-28 02:23:09[diff] [blame]420 "suid/common/sandbox.h",
421 "suid/common/suid_unsafe_environment_variables.h",
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]422 ]
423 defines = [ "SANDBOX_IMPLEMENTATION" ]
Thiago Farina10ec8a62017-05-15 20:38:09[diff] [blame^]424 public_deps = [
425 "//sandbox:sandbox_export",
426 ]
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]427 deps = [
428 ":sandbox_services",
429 "//base",
430 ]
phosek636bceb32015-10-27 03:36:48[diff] [blame]431
432 if (is_nacl_nonsfi) {
433 sources -= [
434 "suid/client/setuid_sandbox_host.cc",
435 "suid/client/setuid_sandbox_host.h",
436 "suid/common/sandbox.h",
437 "suid/common/suid_unsafe_environment_variables.h",
438 ]
439 }
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]440 }
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]441}