| blob | c20ab0428d539f3b981978766f6f3859f66c5e01 |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 {
6 'variables': {
7 'conditions': [
8 ['OS=="linux"', {
9 'compile_suid_client': 1,
10 'compile_credentials': 1,
11 }, {
12 'compile_suid_client': 0,
13 'compile_credentials': 0,
14 }],
15 ['((OS=="linux" or OS=="android") and '
16 '(target_arch=="ia32" or target_arch=="x64" or '
17 'target_arch=="arm"))', {
18 'compile_seccomp_bpf': 1,
19 }, {
20 'compile_seccomp_bpf': 0,
21 }],
22 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', {
23 'compile_seccomp_bpf_demo': 1,
24 }, {
25 'compile_seccomp_bpf_demo': 0,
26 }],
27 ],
28 },
29 'target_defaults': {
30 'target_conditions': [
31 # All linux/ files will automatically be excluded on Android
32 # so make sure we re-include them explicitly.
33 ['OS == "android"', {
34 'sources/': [
35 ['include', '^linux/'],
36 ],
37 }],
38 ],
39 },
40 'targets': [
41 # We have two principal targets: sandbox and sandbox_linux_unittests
42 # All other targets are listed as dependencies.
43 # FIXME(jln): for historial reasons, sandbox_linux is the setuid sandbox
44 # and is its own target.
45 {
46 'target_name': 'sandbox',
47 'type': 'none',
48 'dependencies': [
49 'sandbox_services',
50 ],
51 'conditions': [
52 [ 'compile_suid_client==1', {
53 'dependencies': [
54 'suid_sandbox_client',
55 ],
56 }],
57 # Compile seccomp BPF when we support it.
58 [ 'compile_seccomp_bpf==1', {
59 'dependencies': [
60 'seccomp_bpf',
61 'seccomp_bpf_helpers',
62 ],
63 }],
64 ],
65 },
66 {
67 # The main sandboxing test target.
68 'target_name': 'sandbox_linux_unittests',
69 'includes': [
70 'sandbox_linux_test_sources.gypi',
71 ],
72 'type': 'executable',
73 },
74 {
75 # This target is the shared library used by Android APK (i.e.
76 # JNI-friendly) tests.
77 'target_name': 'sandbox_linux_jni_unittests',
78 'includes': [
79 'sandbox_linux_test_sources.gypi',
80 ],
81 'type': 'shared_library',
82 'conditions': [
83 [ 'OS == "android" and gtest_target_type == "shared_library"', {
84 'dependencies': [
85 '../testing/android/native_test.gyp:native_test_native_code',
86 ],
87 'ldflags!': [
88 # Remove warnings about text relocations, to prevent build
89 # failure.
90 '-Wl,--warn-shared-textrel'
91 ],
92 }],
93 ],
94 },
95 {
96 'target_name': 'seccomp_bpf',
97 'type': 'static_library',
98 'sources': [
99 'seccomp-bpf/basicblock.cc',
100 'seccomp-bpf/basicblock.h',
101 'seccomp-bpf/codegen.cc',
102 'seccomp-bpf/codegen.h',
103 'seccomp-bpf/die.cc',
104 'seccomp-bpf/die.h',
105 'seccomp-bpf/errorcode.cc',
106 'seccomp-bpf/errorcode.h',
107 'seccomp-bpf/instruction.h',
108 'seccomp-bpf/linux_seccomp.h',
109 'seccomp-bpf/sandbox_bpf.cc',
110 'seccomp-bpf/sandbox_bpf.h',
111 'seccomp-bpf/sandbox_bpf_policy.h',
112 'seccomp-bpf/syscall.cc',
113 'seccomp-bpf/syscall.h',
114 'seccomp-bpf/syscall_iterator.cc',
115 'seccomp-bpf/syscall_iterator.h',
116 'seccomp-bpf/trap.cc',
117 'seccomp-bpf/trap.h',
118 'seccomp-bpf/verifier.cc',
119 'seccomp-bpf/verifier.h',
120 ],
121 'dependencies': [
122 '../base/base.gyp:base',
123 'sandbox_services_headers',
124 ],
125 'include_dirs': [
126 '../..',
127 ],
128 },
129 {
130 'target_name': 'seccomp_bpf_helpers',
131 'type': 'static_library',
132 'sources': [
133 'seccomp-bpf-helpers/baseline_policy.cc',
134 'seccomp-bpf-helpers/baseline_policy.h',
135 'seccomp-bpf-helpers/sigsys_handlers.cc',
136 'seccomp-bpf-helpers/sigsys_handlers.h',
137 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
138 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
139 'seccomp-bpf-helpers/syscall_sets.cc',
140 'seccomp-bpf-helpers/syscall_sets.h',
141 ],
142 'dependencies': [
143 ],
144 'include_dirs': [
145 '../..',
146 ],
147 },
148 {
149 # A demonstration program for the seccomp-bpf sandbox.
150 'target_name': 'seccomp_bpf_demo',
151 'conditions': [
152 ['compile_seccomp_bpf_demo==1', {
153 'type': 'executable',
154 'sources': [
155 'seccomp-bpf/demo.cc',
156 ],
157 'dependencies': [
158 'seccomp_bpf',
159 ],
160 }, {
161 'type': 'none',
162 }],
163 ],
164 'include_dirs': [
165 '../../',
166 ],
167 },
168 {
169 # The setuid sandbox, for Linux
170 'target_name': 'chrome_sandbox',
171 'type': 'executable',
172 'sources': [
173 'suid/common/sandbox.h',
174 'suid/common/suid_unsafe_environment_variables.h',
175 'suid/linux_util.c',
176 'suid/linux_util.h',
177 'suid/process_util.h',
178 'suid/process_util_linux.c',
179 'suid/sandbox.c',
180 ],
181 'cflags': [
182 # For ULLONG_MAX
183 '-std=gnu99',
184 ],
185 'include_dirs': [
186 '../..',
187 ],
188 },
189 { 'target_name': 'sandbox_services',
190 'type': 'static_library',
191 'sources': [
192 'services/broker_process.cc',
193 'services/broker_process.h',
194 'services/init_process_reaper.cc',
195 'services/init_process_reaper.h',
196 ],
197 'dependencies': [
198 '../base/base.gyp:base',
199 ],
200 'conditions': [
201 ['compile_credentials==1', {
202 'sources': [
203 'services/credentials.cc',
204 'services/credentials.h',
205 ],
206 'dependencies': [
207 # for capabilities.cc.
208 '../build/linux/system.gyp:libcap',
209 ],
210 }],
211 ],
212 'include_dirs': [
213 '..',
214 ],
215 },
216 { 'target_name': 'sandbox_services_headers',
217 'type': 'none',
218 'sources': [
219 'services/android_arm_ucontext.h',
220 'services/android_ucontext.h',
221 'services/android_i386_ucontext.h',
222 'services/arm_linux_syscalls.h',
223 'services/linux_syscalls.h',
224 'services/x86_32_linux_syscalls.h',
225 'services/x86_64_linux_syscalls.h',
226 ],
227 'include_dirs': [
228 '..',
229 ],
230 },
231 {
232 # We make this its own target so that it does not interfere
233 # with our tests.
234 'target_name': 'libc_urandom_override',
235 'type': 'static_library',
236 'sources': [
237 'services/libc_urandom_override.cc',
238 'services/libc_urandom_override.h',
239 ],
240 'dependencies': [
241 '../base/base.gyp:base',
242 ],
243 'include_dirs': [
244 '..',
245 ],
246 },
247 {
248 'target_name': 'suid_sandbox_client',
249 'type': 'static_library',
250 'sources': [
251 'suid/common/sandbox.h',
252 'suid/common/suid_unsafe_environment_variables.h',
253 'suid/client/setuid_sandbox_client.cc',
254 'suid/client/setuid_sandbox_client.h',
255 ],
256 'dependencies': [
257 '../base/base.gyp:base',
258 'sandbox_services',
259 ],
260 'include_dirs': [
261 '..',
262 ],
263 },
264 ],
265 'conditions': [
266 # Strategy copied from base_unittests_apk in base/base.gyp.
267 [ 'OS=="android" and gtest_target_type == "shared_library"', {
268 'targets': [
269 {
270 'target_name': 'sandbox_linux_jni_unittests_apk',
271 'type': 'none',
272 'variables': {
273 'test_suite_name': 'sandbox_linux_jni_unittests',
274 'input_shlib_path':
275 '<(SHARED_LIB_DIR)/<(SHARED_LIB_PREFIX)'
276 'sandbox_linux_jni_unittests'
277 '<(SHARED_LIB_SUFFIX)',
278 },
279 'dependencies': [
280 'sandbox_linux_jni_unittests',
281 ],
282 'includes': [ '../../build/apk_test.gypi' ],
283 }
284 ],
285 }],
286 ],
287 }