| blob | 69b782326b0099e3a0698affb652cb1c57933077 |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 {
6 'variables': {
7 'conditions': [
8 ['OS=="linux"', {
9 'compile_suid_client': 1,
10 'compile_credentials': 1,
11 }, {
12 'compile_suid_client': 0,
13 'compile_credentials': 0,
14 }],
15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or '
16 'target_arch=="mipsel")', {
17 'compile_seccomp_bpf_demo': 1,
18 }, {
19 'compile_seccomp_bpf_demo': 0,
20 }],
21 ],
22 },
23 'target_defaults': {
24 'target_conditions': [
25 # All linux/ files will automatically be excluded on Android
26 # so make sure we re-include them explicitly.
27 ['OS == "android"', {
28 'sources/': [
29 ['include', '^linux/'],
30 ],
31 }],
32 ],
33 },
34 'targets': [
35 # We have two principal targets: sandbox and sandbox_linux_unittests
36 # All other targets are listed as dependencies.
37 # There is one notable exception: for historical reasons, chrome_sandbox is
38 # the setuid sandbox and is its own target.
39 {
40 'target_name': 'sandbox',
41 'type': 'none',
42 'dependencies': [
43 'sandbox_services',
44 ],
45 'conditions': [
46 [ 'compile_suid_client==1', {
47 'dependencies': [
48 'suid_sandbox_client',
49 ],
50 }],
51 # Compile seccomp BPF when we support it.
52 [ 'use_seccomp_bpf==1', {
53 'dependencies': [
54 'seccomp_bpf',
55 'seccomp_bpf_helpers',
56 ],
57 }],
58 ],
59 },
60 {
61 'target_name': 'sandbox_linux_test_utils',
62 'type': 'static_library',
63 'dependencies': [
64 '../testing/gtest.gyp:gtest',
65 ],
66 'include_dirs': [
67 '../..',
68 ],
69 'sources': [
70 'tests/sandbox_test_runner.cc',
71 'tests/sandbox_test_runner.h',
72 'tests/sandbox_test_runner_function_pointer.cc',
73 'tests/sandbox_test_runner_function_pointer.h',
74 'tests/test_utils.cc',
75 'tests/test_utils.h',
76 'tests/unit_tests.cc',
77 'tests/unit_tests.h',
78 ],
79 'conditions': [
80 [ 'use_seccomp_bpf==1', {
81 'sources': [
82 'seccomp-bpf/bpf_tester_compatibility_delegate.h',
83 'seccomp-bpf/bpf_tests.h',
84 'seccomp-bpf/sandbox_bpf_test_runner.cc',
85 'seccomp-bpf/sandbox_bpf_test_runner.h',
86 ],
87 'dependencies': [
88 'seccomp_bpf',
89 ]
90 }],
91 ],
92 },
93 {
94 # The main sandboxing test target.
95 'target_name': 'sandbox_linux_unittests',
96 'includes': [
97 'sandbox_linux_test_sources.gypi',
98 ],
99 'type': 'executable',
100 },
101 {
102 # This target is the shared library used by Android APK (i.e.
103 # JNI-friendly) tests.
104 'target_name': 'sandbox_linux_jni_unittests',
105 'includes': [
106 'sandbox_linux_test_sources.gypi',
107 ],
108 'type': 'shared_library',
109 'conditions': [
110 [ 'OS == "android"', {
111 'dependencies': [
112 '../testing/android/native_test.gyp:native_test_native_code',
113 ],
114 }],
115 ],
116 },
117 {
118 'target_name': 'seccomp_bpf',
119 'type': '<(component)',
120 'sources': [
121 'bpf_dsl/bpf_dsl.cc',
122 'bpf_dsl/bpf_dsl.h',
123 'bpf_dsl/cons.h',
124 'seccomp-bpf/basicblock.cc',
125 'seccomp-bpf/basicblock.h',
126 'seccomp-bpf/codegen.cc',
127 'seccomp-bpf/codegen.h',
128 'seccomp-bpf/die.cc',
129 'seccomp-bpf/die.h',
130 'seccomp-bpf/errorcode.cc',
131 'seccomp-bpf/errorcode.h',
132 'seccomp-bpf/instruction.h',
133 'seccomp-bpf/linux_seccomp.h',
134 'seccomp-bpf/sandbox_bpf.cc',
135 'seccomp-bpf/sandbox_bpf.h',
136 'seccomp-bpf/sandbox_bpf_compatibility_policy.h',
137 'seccomp-bpf/sandbox_bpf_policy.cc',
138 'seccomp-bpf/sandbox_bpf_policy.h',
139 'seccomp-bpf/syscall.cc',
140 'seccomp-bpf/syscall.h',
141 'seccomp-bpf/syscall_iterator.cc',
142 'seccomp-bpf/syscall_iterator.h',
143 'seccomp-bpf/trap.cc',
144 'seccomp-bpf/trap.h',
145 'seccomp-bpf/verifier.cc',
146 'seccomp-bpf/verifier.h',
147 ],
148 'dependencies': [
149 '../base/base.gyp:base',
150 'sandbox_services_headers',
151 ],
152 'defines': [
153 'SANDBOX_IMPLEMENTATION',
154 ],
155 'include_dirs': [
156 '../..',
157 ],
158 },
159 {
160 'target_name': 'seccomp_bpf_helpers',
161 'type': '<(component)',
162 'sources': [
163 'seccomp-bpf-helpers/baseline_policy.cc',
164 'seccomp-bpf-helpers/baseline_policy.h',
165 'seccomp-bpf-helpers/sigsys_handlers.cc',
166 'seccomp-bpf-helpers/sigsys_handlers.h',
167 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
168 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
169 'seccomp-bpf-helpers/syscall_sets.cc',
170 'seccomp-bpf-helpers/syscall_sets.h',
171 ],
172 'dependencies': [
173 '../base/base.gyp:base',
174 'seccomp_bpf',
175 ],
176 'defines': [
177 'SANDBOX_IMPLEMENTATION',
178 ],
179 'include_dirs': [
180 '../..',
181 ],
182 },
183 {
184 # A demonstration program for the seccomp-bpf sandbox.
185 'target_name': 'seccomp_bpf_demo',
186 'conditions': [
187 ['compile_seccomp_bpf_demo==1', {
188 'type': 'executable',
189 'sources': [
190 'seccomp-bpf/demo.cc',
191 ],
192 'dependencies': [
193 'seccomp_bpf',
194 ],
195 }, {
196 'type': 'none',
197 }],
198 ],
199 'include_dirs': [
200 '../../',
201 ],
202 },
203 {
204 # The setuid sandbox, for Linux
205 'target_name': 'chrome_sandbox',
206 'type': 'executable',
207 'sources': [
208 'suid/common/sandbox.h',
209 'suid/common/suid_unsafe_environment_variables.h',
210 'suid/linux_util.c',
211 'suid/linux_util.h',
212 'suid/process_util.h',
213 'suid/process_util_linux.c',
214 'suid/sandbox.c',
215 ],
216 'cflags': [
217 # For ULLONG_MAX
218 '-std=gnu99',
219 ],
220 'include_dirs': [
221 '../..',
222 ],
223 # Do not use any sanitizer tools with this binary. http://crbug.com/382766
224 'cflags/': [
225 ['exclude', '-fsanitize'],
226 ],
227 'ldflags/': [
228 ['exclude', '-fsanitize'],
229 ],
230 },
231 { 'target_name': 'sandbox_services',
232 'type': '<(component)',
233 'sources': [
234 'services/broker_process.cc',
235 'services/broker_process.h',
236 'services/init_process_reaper.cc',
237 'services/init_process_reaper.h',
238 'services/scoped_process.cc',
239 'services/scoped_process.h',
240 'services/thread_helpers.cc',
241 'services/thread_helpers.h',
242 'services/yama.h',
243 'services/yama.cc',
244 ],
245 'dependencies': [
246 '../base/base.gyp:base',
247 ],
248 'defines': [
249 'SANDBOX_IMPLEMENTATION',
250 ],
251 'conditions': [
252 ['compile_credentials==1', {
253 'sources': [
254 'services/credentials.cc',
255 'services/credentials.h',
256 ],
257 'dependencies': [
258 # for capabilities.cc.
259 '../build/linux/system.gyp:libcap',
260 ],
261 }],
262 ],
263 'include_dirs': [
264 '..',
265 ],
266 },
267 { 'target_name': 'sandbox_services_headers',
268 'type': 'none',
269 'sources': [
270 'services/android_arm_ucontext.h',
271 'services/android_arm64_ucontext.h',
272 'services/android_futex.h',
273 'services/android_ucontext.h',
274 'services/android_i386_ucontext.h',
275 'services/android_mips_ucontext.h',
276 'services/arm_linux_syscalls.h',
277 'services/arm64_linux_syscalls.h',
278 'services/mips_linux_syscalls.h',
279 'services/linux_syscalls.h',
280 'services/x86_32_linux_syscalls.h',
281 'services/x86_64_linux_syscalls.h',
282 ],
283 'include_dirs': [
284 '..',
285 ],
286 },
287 {
288 # We make this its own target so that it does not interfere
289 # with our tests.
290 'target_name': 'libc_urandom_override',
291 'type': 'static_library',
292 'sources': [
293 'services/libc_urandom_override.cc',
294 'services/libc_urandom_override.h',
295 ],
296 'dependencies': [
297 '../base/base.gyp:base',
298 ],
299 'include_dirs': [
300 '..',
301 ],
302 },
303 {
304 'target_name': 'suid_sandbox_client',
305 'type': '<(component)',
306 'sources': [
307 'suid/common/sandbox.h',
308 'suid/common/suid_unsafe_environment_variables.h',
309 'suid/client/setuid_sandbox_client.cc',
310 'suid/client/setuid_sandbox_client.h',
311 ],
312 'defines': [
313 'SANDBOX_IMPLEMENTATION',
314 ],
315 'dependencies': [
316 '../base/base.gyp:base',
317 'sandbox_services',
318 ],
319 'include_dirs': [
320 '..',
321 ],
322 },
323 ],
324 'conditions': [
325 [ 'OS=="android"', {
326 'targets': [
327 {
328 'target_name': 'sandbox_linux_unittests_stripped',
329 'type': 'none',
330 'dependencies': [ 'sandbox_linux_unittests' ],
331 'actions': [{
332 'action_name': 'strip sandbox_linux_unittests',
333 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
334 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
335 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
336 }],
337 }
338 ],
339 }],
340 [ 'OS=="android"', {
341 'targets': [
342 {
343 'target_name': 'sandbox_linux_jni_unittests_apk',
344 'type': 'none',
345 'variables': {
346 'test_suite_name': 'sandbox_linux_jni_unittests',
347 },
348 'dependencies': [
349 'sandbox_linux_jni_unittests',
350 ],
351 'includes': [ '../../build/apk_test.gypi' ],
352 }
353 ],
354 }],
355 ['test_isolation_mode != "noop"', {
356 'targets': [
357 {
358 'target_name': 'sandbox_linux_unittests_run',
359 'type': 'none',
360 'dependencies': [
361 'sandbox_linux_unittests',
362 ],
363 'includes': [
364 '../../build/isolate.gypi',
365 '../sandbox_linux_unittests.isolate',
366 ],
367 'sources': [
368 '../sandbox_linux_unittests.isolate',
369 ],
370 },
371 ],
372 }],
373 ],
374 }