| blob | 9ddcf0c874c7b3ade23d3a8fdeac0d7d6a39526b |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 {
6 'variables': {
7 'conditions': [
8 ['OS=="linux"', {
9 'compile_suid_client': 1,
10 'compile_credentials': 1,
11 }, {
12 'compile_suid_client': 0,
13 'compile_credentials': 0,
14 }],
15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', {
16 'compile_seccomp_bpf_demo': 1,
17 }, {
18 'compile_seccomp_bpf_demo': 0,
19 }],
20 ],
21 },
22 'target_defaults': {
23 'target_conditions': [
24 # All linux/ files will automatically be excluded on Android
25 # so make sure we re-include them explicitly.
26 ['OS == "android"', {
27 'sources/': [
28 ['include', '^linux/'],
29 ],
30 }],
31 ],
32 },
33 'targets': [
34 # We have two principal targets: sandbox and sandbox_linux_unittests
35 # All other targets are listed as dependencies.
36 # There is one notable exception: for historical reasons, chrome_sandbox is
37 # the setuid sandbox and is its own target.
38 {
39 'target_name': 'sandbox',
40 'type': 'none',
41 'dependencies': [
42 'sandbox_services',
43 ],
44 'conditions': [
45 [ 'compile_suid_client==1', {
46 'dependencies': [
47 'suid_sandbox_client',
48 ],
49 }],
50 # Compile seccomp BPF when we support it.
51 [ 'use_seccomp_bpf==1', {
52 'dependencies': [
53 'seccomp_bpf',
54 'seccomp_bpf_helpers',
55 ],
56 }],
57 ],
58 },
59 {
60 'target_name': 'sandbox_linux_test_utils',
61 'type': 'static_library',
62 'dependencies': [
63 '../testing/gtest.gyp:gtest',
64 ],
65 'include_dirs': [
66 '../..',
67 ],
68 'sources': [
69 'tests/sandbox_test_runner.cc',
70 'tests/sandbox_test_runner.h',
71 'tests/sandbox_test_runner_function_pointer.cc',
72 'tests/sandbox_test_runner_function_pointer.h',
73 'tests/test_utils.cc',
74 'tests/test_utils.h',
75 'tests/unit_tests.cc',
76 'tests/unit_tests.h',
77 ],
78 'conditions': [
79 [ 'use_seccomp_bpf==1', {
80 'sources': [
81 'seccomp-bpf/bpf_tester_compatibility_delegate.h',
82 'seccomp-bpf/bpf_tests.h',
83 'seccomp-bpf/sandbox_bpf_test_runner.cc',
84 'seccomp-bpf/sandbox_bpf_test_runner.h',
85 ],
86 'dependencies': [
87 'seccomp_bpf',
88 ]
89 }],
90 ],
91 },
92 {
93 # The main sandboxing test target.
94 'target_name': 'sandbox_linux_unittests',
95 'includes': [
96 'sandbox_linux_test_sources.gypi',
97 ],
98 'type': 'executable',
99 },
100 {
101 # This target is the shared library used by Android APK (i.e.
102 # JNI-friendly) tests.
103 'target_name': 'sandbox_linux_jni_unittests',
104 'includes': [
105 'sandbox_linux_test_sources.gypi',
106 ],
107 'type': 'shared_library',
108 'conditions': [
109 [ 'OS == "android"', {
110 'dependencies': [
111 '../testing/android/native_test.gyp:native_test_native_code',
112 ],
113 }],
114 ],
115 },
116 {
117 'target_name': 'seccomp_bpf',
118 'type': '<(component)',
119 'sources': [
120 'seccomp-bpf/basicblock.cc',
121 'seccomp-bpf/basicblock.h',
122 'seccomp-bpf/codegen.cc',
123 'seccomp-bpf/codegen.h',
124 'seccomp-bpf/die.cc',
125 'seccomp-bpf/die.h',
126 'seccomp-bpf/errorcode.cc',
127 'seccomp-bpf/errorcode.h',
128 'seccomp-bpf/instruction.h',
129 'seccomp-bpf/linux_seccomp.h',
130 'seccomp-bpf/sandbox_bpf.cc',
131 'seccomp-bpf/sandbox_bpf.h',
132 'seccomp-bpf/sandbox_bpf_compatibility_policy.h',
133 'seccomp-bpf/sandbox_bpf_policy.cc',
134 'seccomp-bpf/sandbox_bpf_policy.h',
135 'seccomp-bpf/syscall.cc',
136 'seccomp-bpf/syscall.h',
137 'seccomp-bpf/syscall_iterator.cc',
138 'seccomp-bpf/syscall_iterator.h',
139 'seccomp-bpf/trap.cc',
140 'seccomp-bpf/trap.h',
141 'seccomp-bpf/verifier.cc',
142 'seccomp-bpf/verifier.h',
143 ],
144 'dependencies': [
145 '../base/base.gyp:base',
146 'sandbox_services_headers',
147 ],
148 'defines': [
149 'SANDBOX_IMPLEMENTATION',
150 ],
151 'include_dirs': [
152 '../..',
153 ],
154 },
155 {
156 'target_name': 'seccomp_bpf_helpers',
157 'type': '<(component)',
158 'sources': [
159 'seccomp-bpf-helpers/baseline_policy.cc',
160 'seccomp-bpf-helpers/baseline_policy.h',
161 'seccomp-bpf-helpers/sigsys_handlers.cc',
162 'seccomp-bpf-helpers/sigsys_handlers.h',
163 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
164 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
165 'seccomp-bpf-helpers/syscall_sets.cc',
166 'seccomp-bpf-helpers/syscall_sets.h',
167 ],
168 'dependencies': [
169 '../base/base.gyp:base',
170 'seccomp_bpf',
171 ],
172 'defines': [
173 'SANDBOX_IMPLEMENTATION',
174 ],
175 'include_dirs': [
176 '../..',
177 ],
178 },
179 {
180 # A demonstration program for the seccomp-bpf sandbox.
181 'target_name': 'seccomp_bpf_demo',
182 'conditions': [
183 ['compile_seccomp_bpf_demo==1', {
184 'type': 'executable',
185 'sources': [
186 'seccomp-bpf/demo.cc',
187 ],
188 'dependencies': [
189 'seccomp_bpf',
190 ],
191 }, {
192 'type': 'none',
193 }],
194 ],
195 'include_dirs': [
196 '../../',
197 ],
198 },
199 {
200 # The setuid sandbox, for Linux
201 'target_name': 'chrome_sandbox',
202 'type': 'executable',
203 'sources': [
204 'suid/common/sandbox.h',
205 'suid/common/suid_unsafe_environment_variables.h',
206 'suid/linux_util.c',
207 'suid/linux_util.h',
208 'suid/process_util.h',
209 'suid/process_util_linux.c',
210 'suid/sandbox.c',
211 ],
212 'cflags': [
213 # For ULLONG_MAX
214 '-std=gnu99',
215 ],
216 'include_dirs': [
217 '../..',
218 ],
219 # Do not use any sanitizer tools with this binary. http://crbug.com/382766
220 'cflags/': [
221 ['exclude', '-fsanitize'],
222 ],
223 'ldflags/': [
224 ['exclude', '-fsanitize'],
225 ],
226 },
227 { 'target_name': 'sandbox_services',
228 'type': '<(component)',
229 'sources': [
230 'services/broker_process.cc',
231 'services/broker_process.h',
232 'services/init_process_reaper.cc',
233 'services/init_process_reaper.h',
234 'services/scoped_process.cc',
235 'services/scoped_process.h',
236 'services/thread_helpers.cc',
237 'services/thread_helpers.h',
238 'services/yama.h',
239 'services/yama.cc',
240 ],
241 'dependencies': [
242 '../base/base.gyp:base',
243 ],
244 'defines': [
245 'SANDBOX_IMPLEMENTATION',
246 ],
247 'conditions': [
248 ['compile_credentials==1', {
249 'sources': [
250 'services/credentials.cc',
251 'services/credentials.h',
252 ],
253 'dependencies': [
254 # for capabilities.cc.
255 '../build/linux/system.gyp:libcap',
256 ],
257 }],
258 ],
259 'include_dirs': [
260 '..',
261 ],
262 },
263 { 'target_name': 'sandbox_services_headers',
264 'type': 'none',
265 'sources': [
266 'services/android_arm_ucontext.h',
267 'services/android_futex.h',
268 'services/android_ucontext.h',
269 'services/android_i386_ucontext.h',
270 'services/arm_linux_syscalls.h',
271 'services/linux_syscalls.h',
272 'services/x86_32_linux_syscalls.h',
273 'services/x86_64_linux_syscalls.h',
274 ],
275 'include_dirs': [
276 '..',
277 ],
278 },
279 {
280 # We make this its own target so that it does not interfere
281 # with our tests.
282 'target_name': 'libc_urandom_override',
283 'type': 'static_library',
284 'sources': [
285 'services/libc_urandom_override.cc',
286 'services/libc_urandom_override.h',
287 ],
288 'dependencies': [
289 '../base/base.gyp:base',
290 ],
291 'include_dirs': [
292 '..',
293 ],
294 },
295 {
296 'target_name': 'suid_sandbox_client',
297 'type': '<(component)',
298 'sources': [
299 'suid/common/sandbox.h',
300 'suid/common/suid_unsafe_environment_variables.h',
301 'suid/client/setuid_sandbox_client.cc',
302 'suid/client/setuid_sandbox_client.h',
303 ],
304 'defines': [
305 'SANDBOX_IMPLEMENTATION',
306 ],
307 'dependencies': [
308 '../base/base.gyp:base',
309 'sandbox_services',
310 ],
311 'include_dirs': [
312 '..',
313 ],
314 },
315 ],
316 'conditions': [
317 [ 'OS=="android"', {
318 'targets': [
319 {
320 'target_name': 'sandbox_linux_unittests_stripped',
321 'type': 'none',
322 'dependencies': [ 'sandbox_linux_unittests' ],
323 'actions': [{
324 'action_name': 'strip sandbox_linux_unittests',
325 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
326 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
327 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
328 }],
329 }
330 ],
331 }],
332 [ 'OS=="android"', {
333 'targets': [
334 {
335 'target_name': 'sandbox_linux_jni_unittests_apk',
336 'type': 'none',
337 'variables': {
338 'test_suite_name': 'sandbox_linux_jni_unittests',
339 },
340 'dependencies': [
341 'sandbox_linux_jni_unittests',
342 ],
343 'includes': [ '../../build/apk_test.gypi' ],
344 }
345 ],
346 }],
347 ['test_isolation_mode != "noop"', {
348 'targets': [
349 {
350 'target_name': 'sandbox_linux_unittests_run',
351 'type': 'none',
352 'dependencies': [
353 'sandbox_linux_unittests',
354 ],
355 'includes': [
356 '../../build/isolate.gypi',
357 '../sandbox_linux_unittests.isolate',
358 ],
359 'sources': [
360 '../sandbox_linux_unittests.isolate',
361 ],
362 },
363 ],
364 }],
365 ],
366 }