'compile_suid_client': 0,
'compile_credentials': 0,
}],
- ['((OS=="linux" or OS=="android") and '
- '(target_arch=="ia32" or target_arch=="x64" or '
- 'target_arch=="arm"))', {
- 'compile_seccomp_bpf': 1,
+ ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or '
+ 'target_arch=="mipsel")', {
+ 'compile_seccomp_bpf_demo': 1,
}, {
- 'compile_seccomp_bpf': 0,
+ 'compile_seccomp_bpf_demo': 0,
}],
],
},
'targets': [
# We have two principal targets: sandbox and sandbox_linux_unittests
# All other targets are listed as dependencies.
- # FIXME(jln): for historial reasons, sandbox_linux is the setuid sandbox
- # and is its own target.
+ # There is one notable exception: for historical reasons, chrome_sandbox is
+ # the setuid sandbox and is its own target.
{
'target_name': 'sandbox',
'type': 'none',
],
}],
# Compile seccomp BPF when we support it.
- [ 'compile_seccomp_bpf==1', {
+ [ 'use_seccomp_bpf==1', {
'dependencies': [
'seccomp_bpf',
+ 'seccomp_bpf_helpers',
],
}],
],
},
{
+ 'target_name': 'sandbox_linux_test_utils',
+ 'type': 'static_library',
+ 'dependencies': [
+ '../testing/gtest.gyp:gtest',
+ ],
+ 'include_dirs': [
+ '../..',
+ ],
+ 'sources': [
+ 'tests/sandbox_test_runner.cc',
+ 'tests/sandbox_test_runner.h',
+ 'tests/sandbox_test_runner_function_pointer.cc',
+ 'tests/sandbox_test_runner_function_pointer.h',
+ 'tests/test_utils.cc',
+ 'tests/test_utils.h',
+ 'tests/unit_tests.cc',
+ 'tests/unit_tests.h',
+ ],
+ 'conditions': [
+ [ 'use_seccomp_bpf==1', {
+ 'sources': [
+ 'seccomp-bpf/bpf_tester_compatibility_delegate.h',
+ 'seccomp-bpf/bpf_tests.h',
+ 'seccomp-bpf/sandbox_bpf_test_runner.cc',
+ 'seccomp-bpf/sandbox_bpf_test_runner.h',
+ ],
+ 'dependencies': [
+ 'seccomp_bpf',
+ ]
+ }],
+ ],
+ },
+ {
# The main sandboxing test target.
'target_name': 'sandbox_linux_unittests',
'includes': [
],
'type': 'shared_library',
'conditions': [
- [ 'OS == "android" and gtest_target_type == "shared_library"', {
+ [ 'OS == "android"', {
'dependencies': [
'../testing/android/native_test.gyp:native_test_native_code',
],
- 'ldflags!': [
- # Remove warnings about text relocations, to prevent build
- # failure.
- '-Wl,--warn-shared-textrel'
- ],
}],
],
},
{
'target_name': 'seccomp_bpf',
- 'type': 'static_library',
+ 'type': '<(component)',
'sources': [
+ 'bpf_dsl/bpf_dsl.cc',
+ 'bpf_dsl/bpf_dsl.h',
+ 'bpf_dsl/cons.h',
'seccomp-bpf/basicblock.cc',
'seccomp-bpf/basicblock.h',
'seccomp-bpf/codegen.cc',
'seccomp-bpf/errorcode.h',
'seccomp-bpf/instruction.h',
'seccomp-bpf/linux_seccomp.h',
- 'seccomp-bpf/port.h',
'seccomp-bpf/sandbox_bpf.cc',
'seccomp-bpf/sandbox_bpf.h',
- 'seccomp-bpf/sandbox_bpf_policy_forward.h',
+ 'seccomp-bpf/sandbox_bpf_policy.cc',
+ 'seccomp-bpf/sandbox_bpf_policy.h',
'seccomp-bpf/syscall.cc',
'seccomp-bpf/syscall.h',
'seccomp-bpf/syscall_iterator.cc',
'../base/base.gyp:base',
'sandbox_services_headers',
],
+ 'defines': [
+ 'SANDBOX_IMPLEMENTATION',
+ ],
+ 'include_dirs': [
+ '../..',
+ ],
+ },
+ {
+ 'target_name': 'seccomp_bpf_helpers',
+ 'type': '<(component)',
+ 'sources': [
+ 'seccomp-bpf-helpers/baseline_policy.cc',
+ 'seccomp-bpf-helpers/baseline_policy.h',
+ 'seccomp-bpf-helpers/sigsys_handlers.cc',
+ 'seccomp-bpf-helpers/sigsys_handlers.h',
+ 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
+ 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
+ 'seccomp-bpf-helpers/syscall_sets.cc',
+ 'seccomp-bpf-helpers/syscall_sets.h',
+ ],
+ 'dependencies': [
+ '../base/base.gyp:base',
+ 'seccomp_bpf',
+ ],
+ 'defines': [
+ 'SANDBOX_IMPLEMENTATION',
+ ],
'include_dirs': [
'../..',
],
'sources': [
'suid/common/sandbox.h',
'suid/common/suid_unsafe_environment_variables.h',
- 'suid/linux_util.c',
- 'suid/linux_util.h',
'suid/process_util.h',
'suid/process_util_linux.c',
'suid/sandbox.c',
'include_dirs': [
'../..',
],
+ # Do not use any sanitizer tools with this binary. http://crbug.com/382766
+ 'cflags/': [
+ ['exclude', '-fsanitize'],
+ ],
+ 'ldflags/': [
+ ['exclude', '-fsanitize'],
+ ],
},
{ 'target_name': 'sandbox_services',
- 'type': 'static_library',
+ 'type': '<(component)',
'sources': [
'services/broker_process.cc',
'services/broker_process.h',
+ 'services/init_process_reaper.cc',
+ 'services/init_process_reaper.h',
+ 'services/scoped_process.cc',
+ 'services/scoped_process.h',
+ 'services/thread_helpers.cc',
+ 'services/thread_helpers.h',
+ 'services/yama.h',
+ 'services/yama.cc',
],
'dependencies': [
'../base/base.gyp:base',
],
+ 'defines': [
+ 'SANDBOX_IMPLEMENTATION',
+ ],
'conditions': [
['compile_credentials==1', {
'sources': [
'type': 'none',
'sources': [
'services/android_arm_ucontext.h',
+ 'services/android_arm64_ucontext.h',
+ 'services/android_futex.h',
'services/android_ucontext.h',
'services/android_i386_ucontext.h',
+ 'services/android_mips_ucontext.h',
'services/arm_linux_syscalls.h',
+ 'services/arm64_linux_syscalls.h',
+ 'services/mips_linux_syscalls.h',
'services/linux_syscalls.h',
'services/x86_32_linux_syscalls.h',
'services/x86_64_linux_syscalls.h',
},
{
'target_name': 'suid_sandbox_client',
- 'type': 'static_library',
+ 'type': '<(component)',
'sources': [
'suid/common/sandbox.h',
'suid/common/suid_unsafe_environment_variables.h',
'suid/client/setuid_sandbox_client.cc',
'suid/client/setuid_sandbox_client.h',
],
+ 'defines': [
+ 'SANDBOX_IMPLEMENTATION',
+ ],
'dependencies': [
'../base/base.gyp:base',
+ 'sandbox_services',
],
'include_dirs': [
'..',
},
],
'conditions': [
- # Strategy copied from base_unittests_apk in base/base.gyp.
- [ 'OS=="android" and gtest_target_type == "shared_library"', {
+ [ 'OS=="android"', {
+ 'targets': [
+ {
+ 'target_name': 'sandbox_linux_unittests_stripped',
+ 'type': 'none',
+ 'dependencies': [ 'sandbox_linux_unittests' ],
+ 'actions': [{
+ 'action_name': 'strip sandbox_linux_unittests',
+ 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
+ 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
+ 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
+ }],
+ }
+ ],
+ }],
+ [ 'OS=="android"', {
'targets': [
{
'target_name': 'sandbox_linux_jni_unittests_apk',
'type': 'none',
'variables': {
'test_suite_name': 'sandbox_linux_jni_unittests',
- 'input_shlib_path':
- '<(SHARED_LIB_DIR)/<(SHARED_LIB_PREFIX)'
- 'sandbox_linux_jni_unittests'
- '<(SHARED_LIB_SUFFIX)',
},
'dependencies': [
'sandbox_linux_jni_unittests',
}
],
}],
+ ['test_isolation_mode != "noop"', {
+ 'targets': [
+ {
+ 'target_name': 'sandbox_linux_unittests_run',
+ 'type': 'none',
+ 'dependencies': [
+ 'sandbox_linux_unittests',
+ ],
+ 'includes': [
+ '../../build/isolate.gypi',
+ '../sandbox_linux_unittests.isolate',
+ ],
+ 'sources': [
+ '../sandbox_linux_unittests.isolate',
+ ],
+ },
+ ],
+ }],
],
}