| blob | 89c830ef3da1dcffe1f04b2da7c5fe1f099b2c25 |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 {
6 'variables': {
7 'conditions': [
8 ['OS=="linux"', {
9 'compile_suid_client': 1,
10 'compile_credentials': 1,
11 }, {
12 'compile_suid_client': 0,
13 'compile_credentials': 0,
14 }],
15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or '
16 'target_arch=="mipsel")', {
17 'compile_seccomp_bpf_demo': 1,
18 }, {
19 'compile_seccomp_bpf_demo': 0,
20 }],
21 ],
22 },
23 'target_defaults': {
24 'target_conditions': [
25 # All linux/ files will automatically be excluded on Android
26 # so make sure we re-include them explicitly.
27 ['OS == "android"', {
28 'sources/': [
29 ['include', '^linux/'],
30 ],
31 }],
32 ],
33 },
34 'targets': [
35 # We have two principal targets: sandbox and sandbox_linux_unittests
36 # All other targets are listed as dependencies.
37 # There is one notable exception: for historical reasons, chrome_sandbox is
38 # the setuid sandbox and is its own target.
39 {
40 'target_name': 'sandbox',
41 'type': 'none',
42 'dependencies': [
43 'sandbox_services',
44 ],
45 'conditions': [
46 [ 'compile_suid_client==1', {
47 'dependencies': [
48 'suid_sandbox_client',
49 ],
50 }],
51 # Compile seccomp BPF when we support it.
52 [ 'use_seccomp_bpf==1', {
53 'dependencies': [
54 'seccomp_bpf',
55 'seccomp_bpf_helpers',
56 ],
57 }],
58 ],
59 },
60 {
61 'target_name': 'sandbox_linux_test_utils',
62 'type': 'static_library',
63 'dependencies': [
64 '../testing/gtest.gyp:gtest',
65 ],
66 'include_dirs': [
67 '../..',
68 ],
69 'sources': [
70 'tests/sandbox_test_runner.cc',
71 'tests/sandbox_test_runner.h',
72 'tests/sandbox_test_runner_function_pointer.cc',
73 'tests/sandbox_test_runner_function_pointer.h',
74 'tests/test_utils.cc',
75 'tests/test_utils.h',
76 'tests/unit_tests.cc',
77 'tests/unit_tests.h',
78 ],
79 'conditions': [
80 [ 'use_seccomp_bpf==1', {
81 'sources': [
82 'seccomp-bpf/bpf_tester_compatibility_delegate.h',
83 'seccomp-bpf/bpf_tests.h',
84 'seccomp-bpf/sandbox_bpf_test_runner.cc',
85 'seccomp-bpf/sandbox_bpf_test_runner.h',
86 ],
87 'dependencies': [
88 'seccomp_bpf',
89 ]
90 }],
91 ],
92 },
93 {
94 # The main sandboxing test target.
95 'target_name': 'sandbox_linux_unittests',
96 'includes': [
97 'sandbox_linux_test_sources.gypi',
98 ],
99 'type': 'executable',
100 },
101 {
102 # This target is the shared library used by Android APK (i.e.
103 # JNI-friendly) tests.
104 'target_name': 'sandbox_linux_jni_unittests',
105 'includes': [
106 'sandbox_linux_test_sources.gypi',
107 ],
108 'type': 'shared_library',
109 'conditions': [
110 [ 'OS == "android"', {
111 'dependencies': [
112 '../testing/android/native_test.gyp:native_test_native_code',
113 ],
114 }],
115 ],
116 },
117 {
118 'target_name': 'seccomp_bpf',
119 'type': '<(component)',
120 'sources': [
121 'bpf_dsl/bpf_dsl.cc',
122 'bpf_dsl/bpf_dsl.h',
123 'bpf_dsl/bpf_dsl_forward.h',
124 'bpf_dsl/bpf_dsl_impl.h',
125 'bpf_dsl/cons.h',
126 'bpf_dsl/dump_bpf.cc',
127 'bpf_dsl/dump_bpf.h',
128 'bpf_dsl/policy.cc',
129 'bpf_dsl/policy.h',
130 'bpf_dsl/policy_compiler.cc',
131 'bpf_dsl/policy_compiler.h',
132 'bpf_dsl/trap_registry.h',
133 'seccomp-bpf/codegen.cc',
134 'seccomp-bpf/codegen.h',
135 'seccomp-bpf/die.cc',
136 'seccomp-bpf/die.h',
137 'seccomp-bpf/errorcode.cc',
138 'seccomp-bpf/errorcode.h',
139 'seccomp-bpf/linux_seccomp.h',
140 'seccomp-bpf/sandbox_bpf.cc',
141 'seccomp-bpf/sandbox_bpf.h',
142 'seccomp-bpf/syscall.cc',
143 'seccomp-bpf/syscall.h',
144 'seccomp-bpf/syscall_iterator.cc',
145 'seccomp-bpf/syscall_iterator.h',
146 'seccomp-bpf/trap.cc',
147 'seccomp-bpf/trap.h',
148 'seccomp-bpf/verifier.cc',
149 'seccomp-bpf/verifier.h',
150 ],
151 'dependencies': [
152 '../base/base.gyp:base',
153 'sandbox_services',
154 'sandbox_services_headers',
155 ],
156 'defines': [
157 'SANDBOX_IMPLEMENTATION',
158 ],
159 'includes': [
160 # Disable LTO due to compiler bug
161 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57703
162 '../../build/android/disable_lto.gypi',
163 ],
164 'include_dirs': [
165 '../..',
166 ],
167 },
168 {
169 'target_name': 'seccomp_bpf_helpers',
170 'type': '<(component)',
171 'sources': [
172 'seccomp-bpf-helpers/baseline_policy.cc',
173 'seccomp-bpf-helpers/baseline_policy.h',
174 'seccomp-bpf-helpers/sigsys_handlers.cc',
175 'seccomp-bpf-helpers/sigsys_handlers.h',
176 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
177 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
178 'seccomp-bpf-helpers/syscall_sets.cc',
179 'seccomp-bpf-helpers/syscall_sets.h',
180 ],
181 'dependencies': [
182 '../base/base.gyp:base',
183 'sandbox_services',
184 'seccomp_bpf',
185 ],
186 'defines': [
187 'SANDBOX_IMPLEMENTATION',
188 ],
189 'include_dirs': [
190 '../..',
191 ],
192 },
193 {
194 # The setuid sandbox, for Linux
195 'target_name': 'chrome_sandbox',
196 'type': 'executable',
197 'sources': [
198 'suid/common/sandbox.h',
199 'suid/common/suid_unsafe_environment_variables.h',
200 'suid/process_util.h',
201 'suid/process_util_linux.c',
202 'suid/sandbox.c',
203 ],
204 'cflags': [
205 # For ULLONG_MAX
206 '-std=gnu99',
207 ],
208 'include_dirs': [
209 '../..',
210 ],
211 # Do not use any sanitizer tools with this binary. http://crbug.com/382766
212 'cflags/': [
213 ['exclude', '-fsanitize'],
214 ],
215 'ldflags/': [
216 ['exclude', '-fsanitize'],
217 ],
218 },
219 { 'target_name': 'sandbox_services',
220 'type': '<(component)',
221 'sources': [
222 'services/init_process_reaper.cc',
223 'services/init_process_reaper.h',
224 'services/scoped_process.cc',
225 'services/scoped_process.h',
226 'services/syscall_wrappers.cc',
227 'services/syscall_wrappers.h',
228 'services/thread_helpers.cc',
229 'services/thread_helpers.h',
230 'services/yama.cc',
231 'services/yama.h',
232 'syscall_broker/broker_channel.cc',
233 'syscall_broker/broker_channel.h',
234 'syscall_broker/broker_client.cc',
235 'syscall_broker/broker_client.h',
236 'syscall_broker/broker_common.h',
237 'syscall_broker/broker_file_permission.cc',
238 'syscall_broker/broker_file_permission.h',
239 'syscall_broker/broker_host.cc',
240 'syscall_broker/broker_host.h',
241 'syscall_broker/broker_policy.cc',
242 'syscall_broker/broker_policy.h',
243 'syscall_broker/broker_process.cc',
244 'syscall_broker/broker_process.h',
245 ],
246 'dependencies': [
247 '../base/base.gyp:base',
248 ],
249 'defines': [
250 'SANDBOX_IMPLEMENTATION',
251 ],
252 'conditions': [
253 ['compile_credentials==1', {
254 'sources': [
255 'services/credentials.cc',
256 'services/credentials.h',
257 'services/proc_util.cc',
258 'services/proc_util.h',
259 ],
260 'dependencies': [
261 # for capabilities.cc.
262 '../build/linux/system.gyp:libcap',
263 ],
264 }],
265 ],
266 'include_dirs': [
267 '..',
268 ],
269 },
270 { 'target_name': 'sandbox_services_headers',
271 'type': 'none',
272 'sources': [
273 'services/android_arm_ucontext.h',
274 'services/android_arm64_ucontext.h',
275 'services/android_futex.h',
276 'services/android_ucontext.h',
277 'services/android_i386_ucontext.h',
278 'services/android_mips_ucontext.h',
279 'services/arm_linux_syscalls.h',
280 'services/arm64_linux_syscalls.h',
281 'services/mips_linux_syscalls.h',
282 'services/linux_syscalls.h',
283 'services/x86_32_linux_syscalls.h',
284 'services/x86_64_linux_syscalls.h',
285 ],
286 'include_dirs': [
287 '..',
288 ],
289 },
290 {
291 # We make this its own target so that it does not interfere
292 # with our tests.
293 'target_name': 'libc_urandom_override',
294 'type': 'static_library',
295 'sources': [
296 'services/libc_urandom_override.cc',
297 'services/libc_urandom_override.h',
298 ],
299 'dependencies': [
300 '../base/base.gyp:base',
301 ],
302 'include_dirs': [
303 '..',
304 ],
305 },
306 {
307 'target_name': 'suid_sandbox_client',
308 'type': '<(component)',
309 'sources': [
310 'suid/common/sandbox.h',
311 'suid/common/suid_unsafe_environment_variables.h',
312 'suid/client/setuid_sandbox_client.cc',
313 'suid/client/setuid_sandbox_client.h',
314 ],
315 'defines': [
316 'SANDBOX_IMPLEMENTATION',
317 ],
318 'dependencies': [
319 '../base/base.gyp:base',
320 'sandbox_services',
321 ],
322 'include_dirs': [
323 '..',
324 ],
325 },
326 ],
327 'conditions': [
328 [ 'OS=="android"', {
329 'targets': [
330 {
331 'target_name': 'sandbox_linux_unittests_stripped',
332 'type': 'none',
333 'dependencies': [ 'sandbox_linux_unittests' ],
334 'actions': [{
335 'action_name': 'strip sandbox_linux_unittests',
336 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
337 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
338 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
339 }],
340 },
341 {
342 'target_name': 'sandbox_linux_unittests_deps',
343 'type': 'none',
344 'dependencies': [
345 'sandbox_linux_unittests_stripped',
346 ],
347 # For the component build, ensure dependent shared libraries are
348 # stripped and put alongside sandbox_linux_unittests to simplify pushing
349 # to the device.
350 'variables': {
351 'output_dir': '<(PRODUCT_DIR)/sandbox_linux_unittests_deps/',
352 'native_binary': '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped',
353 'include_main_binary': 0,
354 },
355 'includes': [
356 '../../build/android/native_app_dependencies.gypi'
357 ],
358 }],
359 }],
360 [ 'OS=="android"', {
361 'targets': [
362 {
363 'target_name': 'sandbox_linux_jni_unittests_apk',
364 'type': 'none',
365 'variables': {
366 'test_suite_name': 'sandbox_linux_jni_unittests',
367 },
368 'dependencies': [
369 'sandbox_linux_jni_unittests',
370 ],
371 'includes': [ '../../build/apk_test.gypi' ],
372 }
373 ],
374 }],
375 ['test_isolation_mode != "noop"', {
376 'targets': [
377 {
378 'target_name': 'sandbox_linux_unittests_run',
379 'type': 'none',
380 'dependencies': [
381 'sandbox_linux_unittests',
382 ],
383 'includes': [
384 '../../build/isolate.gypi',
385 ],
386 'sources': [
387 '../sandbox_linux_unittests.isolate',
388 ],
389 },
390 ],
391 }],
392 ],
393 }