Google Git
Sign in
chromium / chromium / src.git / 3909ebfa69566f7374a6900e63cd4d3c73a35378 / . / sandbox / linux / BUILD.gn
blob: d632bd4fafbb67d1a2dc1501671f8f0893a63468 [file] [log] [blame]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]1# Copyright 2014 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import("//build/config/features.gni")
qsrfb5251d12015-01-21 15:57:22[diff] [blame]6import("//testing/test.gni")
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]7
8declare_args() {
9 compile_suid_client = is_linux
10
11 compile_credentials = is_linux
12
jln01954fd2015-05-15 06:19:33[diff] [blame]13 # On Android, use plain GTest.
14 use_base_test_suite = is_linux
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]15}
16
17# We have two principal targets: sandbox and sandbox_linux_unittests
18# All other targets are listed as dependencies.
19# There is one notable exception: for historical reasons, chrome_sandbox is
20# the setuid sandbox and is its own target.
21
22group("sandbox") {
23 deps = [
24 ":sandbox_services",
25 ]
26
27 if (compile_suid_client) {
28 deps += [ ":suid_sandbox_client" ]
29 }
30 if (use_seccomp_bpf) {
31 deps += [
32 ":seccomp_bpf",
33 ":seccomp_bpf_helpers",
34 ]
35 }
36}
37
38source_set("sandbox_linux_test_utils") {
Brett Wilson0c8745a2014-09-08 22:59:49[diff] [blame]39 testonly = true
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]40 sources = [
41 "tests/sandbox_test_runner.cc",
42 "tests/sandbox_test_runner.h",
43 "tests/sandbox_test_runner_function_pointer.cc",
44 "tests/sandbox_test_runner_function_pointer.h",
45 "tests/test_utils.cc",
46 "tests/test_utils.h",
47 "tests/unit_tests.cc",
48 "tests/unit_tests.h",
49 ]
50
51 deps = [
52 "//testing/gtest",
53 ]
54
55 if (use_seccomp_bpf) {
56 sources += [
57 "seccomp-bpf/bpf_tester_compatibility_delegate.h",
58 "seccomp-bpf/bpf_tests.h",
59 "seccomp-bpf/sandbox_bpf_test_runner.cc",
60 "seccomp-bpf/sandbox_bpf_test_runner.h",
61 ]
scottmg34fb7e52014-12-03 23:27:24[diff] [blame]62 deps += [ ":seccomp_bpf" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]63 }
jln01954fd2015-05-15 06:19:33[diff] [blame]64
65 if (use_base_test_suite) {
66 deps += [ "//base/test:test_support" ]
67 defines = [ "SANDBOX_USES_BASE_TEST_SUITE" ]
68 }
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]69}
70
rockot86da06c7f2015-02-21 00:40:58[diff] [blame]71# Sources shared by sandbox_linux_unittests and sandbox_linux_jni_unittests.
72source_set("sandbox_linux_unittests_sources") {
73 testonly = true
74
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]75 sources = [
jlnb14fc802015-02-12 05:32:11[diff] [blame]76 "services/proc_util_unittest.cc",
jln977185982015-02-13 20:58:41[diff] [blame]77 "services/resource_limits_unittests.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]78 "services/scoped_process_unittest.cc",
jlnc420f0d2014-11-22 01:12:09[diff] [blame]79 "services/syscall_wrappers_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]80 "services/thread_helpers_unittests.cc",
81 "services/yama_unittests.cc",
leecamad78f422014-11-26 22:08:45[diff] [blame]82 "syscall_broker/broker_file_permission_unittest.cc",
jln70c42c202014-11-01 00:59:57[diff] [blame]83 "syscall_broker/broker_process_unittest.cc",
[email protected]232f6e112014-06-27 07:51:38[diff] [blame]84 "tests/main.cc",
85 "tests/scoped_temporary_file.cc",
86 "tests/scoped_temporary_file.h",
87 "tests/scoped_temporary_file_unittest.cc",
jlnc420f0d2014-11-22 01:12:09[diff] [blame]88 "tests/test_utils_unittest.cc",
[email protected]232f6e112014-06-27 07:51:38[diff] [blame]89 "tests/unit_tests_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]90 ]
91
92 deps = [
93 ":sandbox",
94 ":sandbox_linux_test_utils",
95 "//base",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]96 "//testing/gtest",
97 ]
98
jln01954fd2015-05-15 06:19:33[diff] [blame]99 if (use_base_test_suite) {
100 deps += [ "//base/test:test_support" ]
101 defines = [ "SANDBOX_USES_BASE_TEST_SUITE" ]
102 }
103
Brett Wilson73067532014-09-12 22:24:14[diff] [blame]104 if (is_linux) {
105 # Don't use this on Android.
106 libs = [ "rt" ]
107 }
Brett Wilsone39344352014-09-12 21:07:26[diff] [blame]108
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]109 if (compile_suid_client) {
mdempsky3cc942a2015-02-05 03:29:25[diff] [blame]110 sources += [
111 "suid/client/setuid_sandbox_client_unittest.cc",
112 "suid/client/setuid_sandbox_host_unittest.cc",
113 ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]114 }
115 if (use_seccomp_bpf) {
116 sources += [
[email protected]fb75e2a2014-07-17 07:24:58[diff] [blame]117 "bpf_dsl/bpf_dsl_unittest.cc",
mdempskyb80b1f52015-02-05 00:54:35[diff] [blame]118 "bpf_dsl/codegen_unittest.cc",
[email protected]fb75e2a2014-07-17 07:24:58[diff] [blame]119 "bpf_dsl/cons_unittest.cc",
mdempsky3909ebf2015-08-20 23:18:18[diff] [blame^]120 "bpf_dsl/errorcode_unittest.cc",
mdempskyce4c9f12015-02-05 06:23:05[diff] [blame]121 "bpf_dsl/syscall_set_unittest.cc",
mdempsky3909ebf2015-08-20 23:18:18[diff] [blame^]122 "bpf_dsl/test_trap_registry.cc",
123 "bpf_dsl/test_trap_registry.h",
124 "bpf_dsl/test_trap_registry_unittest.cc",
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]125 "integration_tests/bpf_dsl_seccomp_unittest.cc",
126 "integration_tests/seccomp_broker_process_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]127 "seccomp-bpf-helpers/baseline_policy_unittest.cc",
jlnfcdfb102014-09-12 02:47:44[diff] [blame]128 "seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]129 "seccomp-bpf/bpf_tests_unittest.cc",
jlna29d0a32014-11-26 22:38:35[diff] [blame]130 "seccomp-bpf/sandbox_bpf_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]131 "seccomp-bpf/syscall_unittest.cc",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]132 "seccomp-bpf/trap_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]133 ]
134 }
135 if (compile_credentials) {
136 sources += [
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]137 "integration_tests/namespace_unix_domain_socket_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]138 "services/credentials_unittest.cc",
rickyz41fb1452015-01-27 03:57:58[diff] [blame]139 "services/namespace_utils_unittest.cc",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]140 ]
rickyz966f039d2015-03-17 07:23:43[diff] [blame]141
jln01954fd2015-05-15 06:19:33[diff] [blame]142 if (use_base_test_suite) {
143 # Tests that use advanced features not available in stock GTest.
144 sources += [ "services/namespace_sandbox_unittest.cc" ]
145 }
146
rickyz966f039d2015-03-17 07:23:43[diff] [blame]147 # For credentials_unittest.cc
148 configs += [ "//build/config/linux:libcap" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]149 }
150}
151
dpranke177c1e22015-07-22 23:07:43[diff] [blame]152# TODO(GYP): Delete this after we've converted everything to GN.
153# The _run targets exist only for compatibility w/ GYP.
154group("sandbox_linux_unittests_run") {
155 testonly = true
156 deps = [
157 ":sandbox_linux_unittests",
158 ]
159}
160
rockot86da06c7f2015-02-21 00:40:58[diff] [blame]161# The main sandboxing test target.
162test("sandbox_linux_unittests") {
163 deps = [
164 ":sandbox_linux_unittests_sources",
165 ]
166}
167
168# This target is the shared library used by Android APK (i.e.
169# JNI-friendly) tests.
170shared_library("sandbox_linux_jni_unittests") {
171 testonly = true
172 deps = [
173 ":sandbox_linux_unittests_sources",
174 ]
175 if (is_android) {
jbudorick6ab224952015-04-09 21:51:55[diff] [blame]176 deps += [ "//testing/android/native_test:native_test_native_code" ]
rockot86da06c7f2015-02-21 00:40:58[diff] [blame]177 }
178}
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]179
180component("seccomp_bpf") {
181 sources = [
[email protected]fb75e2a2014-07-17 07:24:58[diff] [blame]182 "bpf_dsl/bpf_dsl.cc",
183 "bpf_dsl/bpf_dsl.h",
mdempskyc60a1c52014-10-24 23:07:10[diff] [blame]184 "bpf_dsl/bpf_dsl_forward.h",
mdempskyfb10cce2014-10-14 17:56:44[diff] [blame]185 "bpf_dsl/bpf_dsl_impl.h",
mdempskyb80b1f52015-02-05 00:54:35[diff] [blame]186 "bpf_dsl/codegen.cc",
187 "bpf_dsl/codegen.h",
[email protected]fb75e2a2014-07-17 07:24:58[diff] [blame]188 "bpf_dsl/cons.h",
mdempskya41c4042014-10-31 20:50:27[diff] [blame]189 "bpf_dsl/dump_bpf.cc",
190 "bpf_dsl/dump_bpf.h",
mdempsky3909ebf2015-08-20 23:18:18[diff] [blame^]191 "bpf_dsl/errorcode.cc",
192 "bpf_dsl/errorcode.h",
jlna65ffca2015-02-13 04:12:43[diff] [blame]193 "bpf_dsl/linux_syscall_ranges.h",
mdempskyc60a1c52014-10-24 23:07:10[diff] [blame]194 "bpf_dsl/policy.cc",
195 "bpf_dsl/policy.h",
mdempsky27e78ad72014-10-16 16:49:54[diff] [blame]196 "bpf_dsl/policy_compiler.cc",
197 "bpf_dsl/policy_compiler.h",
jlna65ffca2015-02-13 04:12:43[diff] [blame]198 "bpf_dsl/seccomp_macros.h",
mdempskyce4c9f12015-02-05 06:23:05[diff] [blame]199 "bpf_dsl/syscall_set.cc",
200 "bpf_dsl/syscall_set.h",
mdempsky27e78ad72014-10-16 16:49:54[diff] [blame]201 "bpf_dsl/trap_registry.h",
mdempsky5953fcd2015-03-09 18:06:18[diff] [blame]202 "bpf_dsl/verifier.cc",
203 "bpf_dsl/verifier.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]204 "seccomp-bpf/die.cc",
205 "seccomp-bpf/die.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]206 "seccomp-bpf/sandbox_bpf.cc",
207 "seccomp-bpf/sandbox_bpf.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]208 "seccomp-bpf/syscall.cc",
209 "seccomp-bpf/syscall.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]210 "seccomp-bpf/trap.cc",
211 "seccomp-bpf/trap.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]212 ]
213 defines = [ "SANDBOX_IMPLEMENTATION" ]
214
215 deps = [
jlnbd4df41c2014-11-25 02:32:30[diff] [blame]216 ":sandbox_services",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]217 ":sandbox_services_headers",
218 "//base",
219 ]
220}
221
222component("seccomp_bpf_helpers") {
223 sources = [
224 "seccomp-bpf-helpers/baseline_policy.cc",
225 "seccomp-bpf-helpers/baseline_policy.h",
226 "seccomp-bpf-helpers/sigsys_handlers.cc",
227 "seccomp-bpf-helpers/sigsys_handlers.h",
228 "seccomp-bpf-helpers/syscall_parameters_restrictions.cc",
229 "seccomp-bpf-helpers/syscall_parameters_restrictions.h",
230 "seccomp-bpf-helpers/syscall_sets.cc",
231 "seccomp-bpf-helpers/syscall_sets.h",
232 ]
233 defines = [ "SANDBOX_IMPLEMENTATION" ]
234
235 deps = [
236 "//base",
jamesr4359db72015-01-21 12:40:00[diff] [blame]237 ":sandbox_services",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]238 ":seccomp_bpf",
239 ]
240}
241
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]242if (is_linux) {
scottmg34fb7e52014-12-03 23:27:24[diff] [blame]243 # The setuid sandbox for Linux.
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]244 executable("chrome_sandbox") {
245 sources = [
246 "suid/common/sandbox.h",
247 "suid/common/suid_unsafe_environment_variables.h",
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]248 "suid/process_util.h",
249 "suid/process_util_linux.c",
250 "suid/sandbox.c",
251 ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]252
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]253 cflags = [
254 # For ULLONG_MAX
255 "-std=gnu99",
scottmg34fb7e52014-12-03 23:27:24[diff] [blame]256
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]257 # These files have a suspicious comparison.
258 # TODO fix this and re-enable this warning.
259 "-Wno-sign-compare",
260 ]
261 }
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]262}
263
264component("sandbox_services") {
265 sources = [
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]266 "services/init_process_reaper.cc",
267 "services/init_process_reaper.h",
jlnb14fc802015-02-12 05:32:11[diff] [blame]268 "services/proc_util.cc",
269 "services/proc_util.h",
jln977185982015-02-13 20:58:41[diff] [blame]270 "services/resource_limits.cc",
271 "services/resource_limits.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]272 "services/scoped_process.cc",
273 "services/scoped_process.h",
jln610a4a612014-11-20 18:58:21[diff] [blame]274 "services/syscall_wrappers.cc",
275 "services/syscall_wrappers.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]276 "services/thread_helpers.cc",
277 "services/thread_helpers.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]278 "services/yama.cc",
jlnb14fc802015-02-12 05:32:11[diff] [blame]279 "services/yama.h",
jln878dca32014-11-11 07:43:57[diff] [blame]280 "syscall_broker/broker_channel.cc",
281 "syscall_broker/broker_channel.h",
jln70c42c202014-11-01 00:59:57[diff] [blame]282 "syscall_broker/broker_client.cc",
283 "syscall_broker/broker_client.h",
284 "syscall_broker/broker_common.h",
leecamad78f422014-11-26 22:08:45[diff] [blame]285 "syscall_broker/broker_file_permission.cc",
286 "syscall_broker/broker_file_permission.h",
jln70c42c202014-11-01 00:59:57[diff] [blame]287 "syscall_broker/broker_host.cc",
288 "syscall_broker/broker_host.h",
289 "syscall_broker/broker_policy.cc",
290 "syscall_broker/broker_policy.h",
291 "syscall_broker/broker_process.cc",
292 "syscall_broker/broker_process.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]293 ]
294
295 defines = [ "SANDBOX_IMPLEMENTATION" ]
296
rickyz966f039d2015-03-17 07:23:43[diff] [blame]297 deps = [
298 "//base",
299 ]
300
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]301 if (compile_credentials) {
302 sources += [
303 "services/credentials.cc",
304 "services/credentials.h",
rickyz8f235da2015-02-03 07:26:19[diff] [blame]305 "services/namespace_sandbox.cc",
306 "services/namespace_sandbox.h",
rickyz41fb1452015-01-27 03:57:58[diff] [blame]307 "services/namespace_utils.cc",
308 "services/namespace_utils.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]309 ]
scottmg34fb7e52014-12-03 23:27:24[diff] [blame]310
rickyz966f039d2015-03-17 07:23:43[diff] [blame]311 deps += [ ":sandbox_services_headers" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]312 }
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]313}
314
315source_set("sandbox_services_headers") {
316 sources = [
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]317 "system_headers/arm64_linux_syscalls.h",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]318 "system_headers/arm64_linux_ucontext.h",
jlna65ffca2015-02-13 04:12:43[diff] [blame]319 "system_headers/arm_linux_syscalls.h",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]320 "system_headers/arm_linux_ucontext.h",
321 "system_headers/i386_linux_ucontext.h",
dnicoara97178052015-04-15 17:44:04[diff] [blame]322 "system_headers/linux_futex.h",
jlna65ffca2015-02-13 04:12:43[diff] [blame]323 "system_headers/linux_seccomp.h",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]324 "system_headers/linux_signal.h",
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]325 "system_headers/linux_syscalls.h",
ben7598f462015-05-22 23:19:51[diff] [blame]326 "system_headers/linux_time.h",
hidehikoa926d0b2015-04-24 21:55:21[diff] [blame]327 "system_headers/linux_ucontext.h",
jlnaedcc3e2015-02-12 03:18:10[diff] [blame]328 "system_headers/x86_32_linux_syscalls.h",
329 "system_headers/x86_64_linux_syscalls.h",
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]330 ]
331}
332
333# We make this its own target so that it does not interfere with our tests.
334source_set("libc_urandom_override") {
335 sources = [
336 "services/libc_urandom_override.cc",
337 "services/libc_urandom_override.h",
338 ]
339 deps = [
340 "//base",
341 ]
342}
343
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]344if (compile_suid_client) {
345 component("suid_sandbox_client") {
346 sources = [
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]347 "suid/client/setuid_sandbox_client.cc",
348 "suid/client/setuid_sandbox_client.h",
mdempsky3cc942a2015-02-05 03:29:25[diff] [blame]349 "suid/client/setuid_sandbox_host.cc",
350 "suid/client/setuid_sandbox_host.h",
scottmg7c7296f42015-02-28 02:23:09[diff] [blame]351 "suid/common/sandbox.h",
352 "suid/common/suid_unsafe_environment_variables.h",
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]353 ]
354 defines = [ "SANDBOX_IMPLEMENTATION" ]
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]355
James Robinson060f2e32014-09-10 22:31:37[diff] [blame]356 deps = [
357 ":sandbox_services",
358 "//base",
359 ]
360 }
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]361}
362
363if (is_android) {
364 # TODO(GYP) enable this. Needs an android_strip wrapper python script.
365 #action("sandbox_linux_unittests_stripped") {
366 # script = "android_stip.py"
367 #
368 # in_file = "$root_out_dir/sandbox_linux_unittests"
369 #
370 # out_file = "$root_out_dir/sandbox_linux_unittests_stripped"
371 # outputs = [ out_file ]
372 #
373 # args = [
374 # rebase_path(in_file, root_build_dir),
375 # "-o", rebase_path(out_file, root_build_dir),
376 # ]
377 #
378 # deps = [
379 # ":sandbox_linux_unittests",
380 # ]
381 #}
[email protected]75cd8f02014-05-29 20:56:02[diff] [blame]382 # TODO(GYP) convert this.
383 # {
384 # 'target_name': 'sandbox_linux_jni_unittests_apk',
385 # 'type': 'none',
386 # 'variables': {
387 # 'test_suite_name': 'sandbox_linux_jni_unittests',
388 # },
389 # 'dependencies': [
390 # 'sandbox_linux_jni_unittests',
391 # ],
392 # 'includes': [ '../../build/apk_test.gypi' ],
393 # }
394}