| blob | 7f521bf7c6d4e002fcfa849a941acad99b2a3c7d |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 {
6 'variables': {
7 'conditions': [
8 ['OS=="linux"', {
9 'compile_suid_client': 1,
10 'compile_credentials': 1,
11 'use_base_test_suite': 1,
12 }, {
13 'compile_suid_client': 0,
14 'compile_credentials': 0,
15 'use_base_test_suite': 0,
16 }],
17 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or '
18 'target_arch=="mipsel")', {
19 'compile_seccomp_bpf_demo': 1,
20 }, {
21 'compile_seccomp_bpf_demo': 0,
22 }],
23 ],
24 },
25 'target_defaults': {
26 'target_conditions': [
27 # All linux/ files will automatically be excluded on Android
28 # so make sure we re-include them explicitly.
29 ['OS == "android"', {
30 'sources/': [
31 ['include', '^linux/'],
32 ],
33 }],
34 ],
35 },
36 'targets': [
37 # We have two principal targets: sandbox and sandbox_linux_unittests
38 # All other targets are listed as dependencies.
39 # There is one notable exception: for historical reasons, chrome_sandbox is
40 # the setuid sandbox and is its own target.
41 {
42 'target_name': 'sandbox',
43 'type': 'none',
44 'dependencies': [
45 'sandbox_services',
46 ],
47 'conditions': [
48 [ 'compile_suid_client==1', {
49 'dependencies': [
50 'suid_sandbox_client',
51 ],
52 }],
53 # Compile seccomp BPF when we support it.
54 [ 'use_seccomp_bpf==1', {
55 'dependencies': [
56 'seccomp_bpf',
57 'seccomp_bpf_helpers',
58 ],
59 }],
60 ],
61 },
62 {
63 'target_name': 'sandbox_linux_test_utils',
64 'type': 'static_library',
65 'dependencies': [
66 '../testing/gtest.gyp:gtest',
67 ],
68 'include_dirs': [
69 '../..',
70 ],
71 'sources': [
72 'tests/sandbox_test_runner.cc',
73 'tests/sandbox_test_runner.h',
74 'tests/sandbox_test_runner_function_pointer.cc',
75 'tests/sandbox_test_runner_function_pointer.h',
76 'tests/test_utils.cc',
77 'tests/test_utils.h',
78 'tests/unit_tests.cc',
79 'tests/unit_tests.h',
80 ],
81 'conditions': [
82 [ 'use_seccomp_bpf==1', {
83 'sources': [
84 'seccomp-bpf/bpf_tester_compatibility_delegate.h',
85 'seccomp-bpf/bpf_tests.h',
86 'seccomp-bpf/sandbox_bpf_test_runner.cc',
87 'seccomp-bpf/sandbox_bpf_test_runner.h',
88 ],
89 'dependencies': [
90 'seccomp_bpf',
91 ]
92 }],
93 [ 'use_base_test_suite==1', {
94 'dependencies': [
95 '../base/base.gyp:test_support_base',
96 ],
97 'defines': [
98 'SANDBOX_USES_BASE_TEST_SUITE',
99 ],
100 }],
101 ],
102 },
103 {
104 # The main sandboxing test target.
105 'target_name': 'sandbox_linux_unittests',
106 'includes': [
107 'sandbox_linux_test_sources.gypi',
108 ],
109 'type': 'executable',
110 },
111 {
112 # This target is the shared library used by Android APK (i.e.
113 # JNI-friendly) tests.
114 'target_name': 'sandbox_linux_jni_unittests',
115 'includes': [
116 'sandbox_linux_test_sources.gypi',
117 ],
118 'type': 'shared_library',
119 'conditions': [
120 [ 'OS == "android"', {
121 'dependencies': [
122 '../testing/android/native_test.gyp:native_test_native_code',
123 ],
124 }],
125 ],
126 },
127 {
128 'target_name': 'seccomp_bpf',
129 'type': '<(component)',
130 'sources': [
131 'bpf_dsl/bpf_dsl.cc',
132 'bpf_dsl/bpf_dsl.h',
133 'bpf_dsl/bpf_dsl_forward.h',
134 'bpf_dsl/bpf_dsl_impl.h',
135 'bpf_dsl/codegen.cc',
136 'bpf_dsl/codegen.h',
137 'bpf_dsl/cons.h',
138 'bpf_dsl/dump_bpf.cc',
139 'bpf_dsl/dump_bpf.h',
140 'bpf_dsl/errorcode.cc',
141 'bpf_dsl/errorcode.h',
142 'bpf_dsl/linux_syscall_ranges.h',
143 'bpf_dsl/policy.cc',
144 'bpf_dsl/policy.h',
145 'bpf_dsl/policy_compiler.cc',
146 'bpf_dsl/policy_compiler.h',
147 'bpf_dsl/seccomp_macros.h',
148 'bpf_dsl/seccomp_macros.h',
149 'bpf_dsl/syscall_set.cc',
150 'bpf_dsl/syscall_set.h',
151 'bpf_dsl/trap_registry.h',
152 'bpf_dsl/verifier.cc',
153 'bpf_dsl/verifier.h',
154 'seccomp-bpf/die.cc',
155 'seccomp-bpf/die.h',
156 'seccomp-bpf/sandbox_bpf.cc',
157 'seccomp-bpf/sandbox_bpf.h',
158 'seccomp-bpf/syscall.cc',
159 'seccomp-bpf/syscall.h',
160 'seccomp-bpf/trap.cc',
161 'seccomp-bpf/trap.h',
162 ],
163 'dependencies': [
164 '../base/base.gyp:base',
165 'sandbox_services',
166 'sandbox_services_headers',
167 ],
168 'defines': [
169 'SANDBOX_IMPLEMENTATION',
170 ],
171 'includes': [
172 # Disable LTO due to compiler bug
173 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57703
174 '../../build/android/disable_gcc_lto.gypi',
175 ],
176 'include_dirs': [
177 '../..',
178 ],
179 },
180 {
181 'target_name': 'seccomp_bpf_helpers',
182 'type': '<(component)',
183 'sources': [
184 'seccomp-bpf-helpers/baseline_policy.cc',
185 'seccomp-bpf-helpers/baseline_policy.h',
186 'seccomp-bpf-helpers/sigsys_handlers.cc',
187 'seccomp-bpf-helpers/sigsys_handlers.h',
188 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
189 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
190 'seccomp-bpf-helpers/syscall_sets.cc',
191 'seccomp-bpf-helpers/syscall_sets.h',
192 ],
193 'dependencies': [
194 '../base/base.gyp:base',
195 'sandbox_services',
196 'seccomp_bpf',
197 ],
198 'defines': [
199 'SANDBOX_IMPLEMENTATION',
200 ],
201 'include_dirs': [
202 '../..',
203 ],
204 },
205 {
206 # The setuid sandbox, for Linux
207 'target_name': 'chrome_sandbox',
208 'type': 'executable',
209 'sources': [
210 'suid/common/sandbox.h',
211 'suid/common/suid_unsafe_environment_variables.h',
212 'suid/process_util.h',
213 'suid/process_util_linux.c',
214 'suid/sandbox.c',
215 ],
216 'cflags': [
217 # For ULLONG_MAX
218 '-std=gnu99',
219 ],
220 'include_dirs': [
221 '../..',
222 ],
223 # Do not use any sanitizer tools with this binary. http://crbug.com/382766
224 'cflags/': [
225 ['exclude', '-fsanitize'],
226 ],
227 'ldflags/': [
228 ['exclude', '-fsanitize'],
229 ],
230 },
231 { 'target_name': 'sandbox_services',
232 'type': '<(component)',
233 'sources': [
234 'services/init_process_reaper.cc',
235 'services/init_process_reaper.h',
236 'services/proc_util.cc',
237 'services/proc_util.h',
238 'services/resource_limits.cc',
239 'services/resource_limits.h',
240 'services/scoped_process.cc',
241 'services/scoped_process.h',
242 'services/syscall_wrappers.cc',
243 'services/syscall_wrappers.h',
244 'services/thread_helpers.cc',
245 'services/thread_helpers.h',
246 'services/yama.cc',
247 'services/yama.h',
248 'syscall_broker/broker_channel.cc',
249 'syscall_broker/broker_channel.h',
250 'syscall_broker/broker_client.cc',
251 'syscall_broker/broker_client.h',
252 'syscall_broker/broker_common.h',
253 'syscall_broker/broker_file_permission.cc',
254 'syscall_broker/broker_file_permission.h',
255 'syscall_broker/broker_host.cc',
256 'syscall_broker/broker_host.h',
257 'syscall_broker/broker_policy.cc',
258 'syscall_broker/broker_policy.h',
259 'syscall_broker/broker_process.cc',
260 'syscall_broker/broker_process.h',
261 ],
262 'dependencies': [
263 '../base/base.gyp:base',
264 ],
265 'defines': [
266 'SANDBOX_IMPLEMENTATION',
267 ],
268 'conditions': [
269 ['compile_credentials==1', {
270 'sources': [
271 'services/credentials.cc',
272 'services/credentials.h',
273 'services/namespace_sandbox.cc',
274 'services/namespace_sandbox.h',
275 'services/namespace_utils.cc',
276 'services/namespace_utils.h',
277 ],
278 'dependencies': [
279 # for capability.h.
280 'sandbox_services_headers',
281 ],
282 }],
283 ],
284 'include_dirs': [
285 '..',
286 ],
287 },
288 { 'target_name': 'sandbox_services_headers',
289 'type': 'none',
290 'sources': [
291 'system_headers/arm64_linux_syscalls.h',
292 'system_headers/arm64_linux_ucontext.h',
293 'system_headers/arm_linux_syscalls.h',
294 'system_headers/arm_linux_ucontext.h',
295 'system_headers/capability.h',
296 'system_headers/i386_linux_ucontext.h',
297 'system_headers/linux_futex.h',
298 'system_headers/linux_seccomp.h',
299 'system_headers/linux_syscalls.h',
300 'system_headers/linux_time.h',
301 'system_headers/linux_ucontext.h',
302 'system_headers/mips_linux_syscalls.h',
303 'system_headers/mips_linux_ucontext.h',
304 'system_headers/x86_32_linux_syscalls.h',
305 'system_headers/x86_64_linux_syscalls.h',
306 ],
307 'include_dirs': [
308 '..',
309 ],
310 },
311 {
312 # We make this its own target so that it does not interfere
313 # with our tests, and so that it may be selectively included
314 # in ports which need it.
315 'target_name': 'libc_urandom_override',
316 'type': 'static_library',
317 'sources': [
318 'services/libc_urandom_override.cc',
319 'services/libc_urandom_override.h',
320 ],
321 'dependencies': [
322 '../base/base.gyp:base',
323 ],
324 'include_dirs': [
325 '..',
326 ],
327 },
328 {
329 'target_name': 'suid_sandbox_client',
330 'type': '<(component)',
331 'sources': [
332 'suid/common/sandbox.h',
333 'suid/common/suid_unsafe_environment_variables.h',
334 'suid/client/setuid_sandbox_client.cc',
335 'suid/client/setuid_sandbox_client.h',
336 'suid/client/setuid_sandbox_host.cc',
337 'suid/client/setuid_sandbox_host.h',
338 ],
339 'defines': [
340 'SANDBOX_IMPLEMENTATION',
341 ],
342 'dependencies': [
343 '../base/base.gyp:base',
344 'sandbox_services',
345 ],
346 'include_dirs': [
347 '..',
348 ],
349 },
350 {
351 'target_name': 'bpf_dsl_golden',
352 'type': 'none',
353 'actions': [
354 {
355 'action_name': 'generate',
356 'inputs': [
357 'bpf_dsl/golden/generate.py',
358 'bpf_dsl/golden/i386/ArgSizePolicy.txt',
359 'bpf_dsl/golden/i386/BasicPolicy.txt',
360 'bpf_dsl/golden/i386/ElseIfPolicy.txt',
361 'bpf_dsl/golden/i386/MaskingPolicy.txt',
362 'bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt',
363 'bpf_dsl/golden/i386/NegativeConstantsPolicy.txt',
364 'bpf_dsl/golden/i386/SwitchPolicy.txt',
365 'bpf_dsl/golden/x86-64/ArgSizePolicy.txt',
366 'bpf_dsl/golden/x86-64/BasicPolicy.txt',
367 'bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt',
368 'bpf_dsl/golden/x86-64/ElseIfPolicy.txt',
369 'bpf_dsl/golden/x86-64/MaskingPolicy.txt',
370 'bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt',
371 'bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt',
372 'bpf_dsl/golden/x86-64/SwitchPolicy.txt',
373 ],
374 'outputs': [
375 '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_files.h',
376 ],
377 'action': [
378 'python',
379 'linux/bpf_dsl/golden/generate.py',
380 '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_files.h',
381 'linux/bpf_dsl/golden/i386/ArgSizePolicy.txt',
382 'linux/bpf_dsl/golden/i386/BasicPolicy.txt',
383 'linux/bpf_dsl/golden/i386/ElseIfPolicy.txt',
384 'linux/bpf_dsl/golden/i386/MaskingPolicy.txt',
385 'linux/bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt',
386 'linux/bpf_dsl/golden/i386/NegativeConstantsPolicy.txt',
387 'linux/bpf_dsl/golden/i386/SwitchPolicy.txt',
388 'linux/bpf_dsl/golden/x86-64/ArgSizePolicy.txt',
389 'linux/bpf_dsl/golden/x86-64/BasicPolicy.txt',
390 'linux/bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt',
391 'linux/bpf_dsl/golden/x86-64/ElseIfPolicy.txt',
392 'linux/bpf_dsl/golden/x86-64/MaskingPolicy.txt',
393 'linux/bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt',
394 'linux/bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt',
395 'linux/bpf_dsl/golden/x86-64/SwitchPolicy.txt',
396 ],
397 'message': 'Generating header from golden files ...',
398 },
399 ],
400 },
401 ],
402 'conditions': [
403 [ 'OS=="android"', {
404 'targets': [
405 {
406 'target_name': 'sandbox_linux_unittests_stripped',
407 'type': 'none',
408 'dependencies': [ 'sandbox_linux_unittests' ],
409 'actions': [{
410 'action_name': 'strip sandbox_linux_unittests',
411 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
412 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
413 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
414 }],
415 },
416 {
417 'target_name': 'sandbox_linux_unittests_deps',
418 'type': 'none',
419 'dependencies': [
420 'sandbox_linux_unittests_stripped',
421 ],
422 # For the component build, ensure dependent shared libraries are
423 # stripped and put alongside sandbox_linux_unittests to simplify pushing
424 # to the device.
425 'variables': {
426 'output_dir': '<(PRODUCT_DIR)/sandbox_linux_unittests_deps/',
427 'native_binary': '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped',
428 'include_main_binary': 0,
429 },
430 'includes': [
431 '../../build/android/native_app_dependencies.gypi'
432 ],
433 }],
434 }],
435 [ 'OS=="android"', {
436 'targets': [
437 {
438 'target_name': 'sandbox_linux_jni_unittests_apk',
439 'type': 'none',
440 'variables': {
441 'test_suite_name': 'sandbox_linux_jni_unittests',
442 },
443 'dependencies': [
444 'sandbox_linux_jni_unittests',
445 ],
446 'includes': [ '../../build/apk_test.gypi' ],
447 }
448 ],
449 }],
450 ['test_isolation_mode != "noop"', {
451 'targets': [
452 {
453 'target_name': 'sandbox_linux_unittests_run',
454 'type': 'none',
455 'dependencies': [
456 'sandbox_linux_unittests',
457 ],
458 'includes': [
459 '../../build/isolate.gypi',
460 ],
461 'sources': [
462 '../sandbox_linux_unittests.isolate',
463 ],
464 },
465 ],
466 }],
467 ],
468 }