}
source_set("sandbox_linux_test_utils") {
+ testonly = true
sources = [
"tests/sandbox_test_runner.cc",
"tests/sandbox_test_runner.h",
"//testing/gtest",
]
+ if (is_linux) {
+ # Don't use this on Android.
+ libs = [ "rt" ]
+ }
+
if (compile_suid_client) {
sources += [
"suid/client/setuid_sandbox_client_unittest.cc",
}
if (use_seccomp_bpf) {
sources += [
+ "bpf_dsl/bpf_dsl_more_unittest.cc",
"bpf_dsl/bpf_dsl_unittest.cc",
"bpf_dsl/cons_unittest.cc",
"seccomp-bpf-helpers/baseline_policy_unittest.cc",
+ "seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc",
"seccomp-bpf/bpf_tests_unittest.cc",
"seccomp-bpf/codegen_unittest.cc",
"seccomp-bpf/errorcode_unittest.cc",
- "seccomp-bpf/sandbox_bpf_unittest.cc",
"seccomp-bpf/syscall_iterator_unittest.cc",
"seccomp-bpf/syscall_unittest.cc",
]
"seccomp-bpf/linux_seccomp.h",
"seccomp-bpf/sandbox_bpf.cc",
"seccomp-bpf/sandbox_bpf.h",
- "seccomp-bpf/sandbox_bpf_compatibility_policy.h",
"seccomp-bpf/sandbox_bpf_policy.cc",
"seccomp-bpf/sandbox_bpf_policy.h",
"seccomp-bpf/syscall.cc",
]
}
-if (compile_seccomp_bpf_demo) {
- # A demonstration program for the seccomp-bpf sandbox.
- executable("seccomp_bpf_demo") {
+if (is_linux) {
+# The setuid sandbox for Linux.
+ executable("chrome_sandbox") {
sources = [
- "seccomp-bpf/demo.cc",
+ "suid/common/sandbox.h",
+ "suid/common/suid_unsafe_environment_variables.h",
+ "suid/process_util.h",
+ "suid/process_util_linux.c",
+ "suid/sandbox.c",
]
- deps = [
- ":seccomp_bpf",
+
+ cflags = [
+ # For ULLONG_MAX
+ "-std=gnu99",
+ # These files have a suspicious comparison.
+ # TODO fix this and re-enable this warning.
+ "-Wno-sign-compare",
]
}
}
-# The setuid sandbox for Linux.
-executable("chrome_sandbox") {
- sources = [
- "suid/common/sandbox.h",
- "suid/common/suid_unsafe_environment_variables.h",
- "suid/linux_util.c",
- "suid/linux_util.h",
- "suid/process_util.h",
- "suid/process_util_linux.c",
- "suid/sandbox.c",
- ]
-
- cflags = [
- # For ULLONG_MAX
- "-std=gnu99",
- # These files have a suspicious comparison.
- # TODO fix this and re-enable this warning.
- "-Wno-sign-compare",
- ]
-}
-
component("sandbox_services") {
sources = [
"services/broker_process.cc",
source_set("sandbox_services_headers") {
sources = [
"services/android_arm_ucontext.h",
+ "services/android_arm64_ucontext.h",
"services/android_futex.h",
"services/android_ucontext.h",
"services/android_i386_ucontext.h",
"services/arm_linux_syscalls.h",
+ "services/arm64_linux_syscalls.h",
"services/linux_syscalls.h",
"services/x86_32_linux_syscalls.h",
"services/x86_64_linux_syscalls.h",
]
}
-component("suid_sandbox_client") {
- sources = [
- "suid/common/sandbox.h",
- "suid/common/suid_unsafe_environment_variables.h",
- "suid/client/setuid_sandbox_client.cc",
- "suid/client/setuid_sandbox_client.h",
- ]
- defines = [ "SANDBOX_IMPLEMENTATION" ]
+if (compile_suid_client) {
+ component("suid_sandbox_client") {
+ sources = [
+ "suid/common/sandbox.h",
+ "suid/common/suid_unsafe_environment_variables.h",
+ "suid/client/setuid_sandbox_client.cc",
+ "suid/client/setuid_sandbox_client.h",
+ ]
+ defines = [ "SANDBOX_IMPLEMENTATION" ]
- deps = [
- ":sandbox_services",
- "//base",
- ]
+ deps = [
+ ":sandbox_services",
+ "//base",
+ ]
+ }
}
if (is_android) {