| blob | 289d6fbad5f36e4ab1e388fcf9ef66bcbbd18cc7 |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 {
6 'variables': {
7 'conditions': [
8 ['OS=="linux"', {
9 'compile_suid_client': 1,
10 'compile_credentials': 1,
11 'use_base_test_suite': 1,
12 }, {
13 'compile_suid_client': 0,
14 'compile_credentials': 0,
15 'use_base_test_suite': 0,
16 }],
17 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or '
18 'target_arch=="mipsel")', {
19 'compile_seccomp_bpf_demo': 1,
20 }, {
21 'compile_seccomp_bpf_demo': 0,
22 }],
23 ],
24 },
25 'target_defaults': {
26 'target_conditions': [
27 # All linux/ files will automatically be excluded on Android
28 # so make sure we re-include them explicitly.
29 ['OS == "android"', {
30 'sources/': [
31 ['include', '^linux/'],
32 ],
33 }],
34 ],
35 },
36 'targets': [
37 # We have two principal targets: sandbox and sandbox_linux_unittests
38 # All other targets are listed as dependencies.
39 # There is one notable exception: for historical reasons, chrome_sandbox is
40 # the setuid sandbox and is its own target.
41 {
42 'target_name': 'sandbox',
43 'type': 'none',
44 'dependencies': [
45 'sandbox_services',
46 ],
47 'conditions': [
48 [ 'compile_suid_client==1', {
49 'dependencies': [
50 'suid_sandbox_client',
51 ],
52 }],
53 # Compile seccomp BPF when we support it.
54 [ 'use_seccomp_bpf==1', {
55 'dependencies': [
56 'seccomp_bpf',
57 'seccomp_bpf_helpers',
58 ],
59 }],
60 ],
61 },
62 {
63 'target_name': 'sandbox_linux_test_utils',
64 'type': 'static_library',
65 'dependencies': [
66 '../testing/gtest.gyp:gtest',
67 ],
68 'include_dirs': [
69 '../..',
70 ],
71 'sources': [
72 'tests/sandbox_test_runner.cc',
73 'tests/sandbox_test_runner.h',
74 'tests/sandbox_test_runner_function_pointer.cc',
75 'tests/sandbox_test_runner_function_pointer.h',
76 'tests/test_utils.cc',
77 'tests/test_utils.h',
78 'tests/unit_tests.cc',
79 'tests/unit_tests.h',
80 ],
81 'conditions': [
82 [ 'use_seccomp_bpf==1', {
83 'sources': [
84 'seccomp-bpf/bpf_tester_compatibility_delegate.h',
85 'seccomp-bpf/bpf_tests.h',
86 'seccomp-bpf/sandbox_bpf_test_runner.cc',
87 'seccomp-bpf/sandbox_bpf_test_runner.h',
88 ],
89 'dependencies': [
90 'seccomp_bpf',
91 ]
92 }],
93 [ 'use_base_test_suite==1', {
94 'dependencies': [
95 '../base/base.gyp:test_support_base',
96 ],
97 'defines': [
98 'SANDBOX_USES_BASE_TEST_SUITE',
99 ],
100 }],
101 ],
102 },
103 {
104 # The main sandboxing test target.
105 'target_name': 'sandbox_linux_unittests',
106 'includes': [
107 'sandbox_linux_test_sources.gypi',
108 ],
109 'type': 'executable',
110 },
111 {
112 # This target is the shared library used by Android APK (i.e.
113 # JNI-friendly) tests.
114 'target_name': 'sandbox_linux_jni_unittests',
115 'includes': [
116 'sandbox_linux_test_sources.gypi',
117 ],
118 'type': 'shared_library',
119 'conditions': [
120 [ 'OS == "android"', {
121 'dependencies': [
122 '../testing/android/native_test.gyp:native_test_native_code',
123 ],
124 }],
125 ],
126 },
127 {
128 'target_name': 'seccomp_bpf',
129 'type': '<(component)',
130 'sources': [
131 'bpf_dsl/bpf_dsl.cc',
132 'bpf_dsl/bpf_dsl.h',
133 'bpf_dsl/bpf_dsl_forward.h',
134 'bpf_dsl/bpf_dsl_impl.h',
135 'bpf_dsl/codegen.cc',
136 'bpf_dsl/codegen.h',
137 'bpf_dsl/cons.h',
138 'bpf_dsl/errorcode.cc',
139 'bpf_dsl/errorcode.h',
140 'bpf_dsl/linux_syscall_ranges.h',
141 'bpf_dsl/policy.cc',
142 'bpf_dsl/policy.h',
143 'bpf_dsl/policy_compiler.cc',
144 'bpf_dsl/policy_compiler.h',
145 'bpf_dsl/seccomp_macros.h',
146 'bpf_dsl/seccomp_macros.h',
147 'bpf_dsl/syscall_set.cc',
148 'bpf_dsl/syscall_set.h',
149 'bpf_dsl/trap_registry.h',
150 'seccomp-bpf/die.cc',
151 'seccomp-bpf/die.h',
152 'seccomp-bpf/sandbox_bpf.cc',
153 'seccomp-bpf/sandbox_bpf.h',
154 'seccomp-bpf/syscall.cc',
155 'seccomp-bpf/syscall.h',
156 'seccomp-bpf/trap.cc',
157 'seccomp-bpf/trap.h',
158 ],
159 'dependencies': [
160 '../base/base.gyp:base',
161 'sandbox_services',
162 'sandbox_services_headers',
163 ],
164 'defines': [
165 'SANDBOX_IMPLEMENTATION',
166 ],
167 'includes': [
168 # Disable LTO due to compiler bug
169 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57703
170 '../../build/android/disable_gcc_lto.gypi',
171 ],
172 'include_dirs': [
173 '../..',
174 ],
175 },
176 {
177 'target_name': 'seccomp_bpf_helpers',
178 'type': '<(component)',
179 'sources': [
180 'seccomp-bpf-helpers/baseline_policy.cc',
181 'seccomp-bpf-helpers/baseline_policy.h',
182 'seccomp-bpf-helpers/sigsys_handlers.cc',
183 'seccomp-bpf-helpers/sigsys_handlers.h',
184 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
185 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
186 'seccomp-bpf-helpers/syscall_sets.cc',
187 'seccomp-bpf-helpers/syscall_sets.h',
188 ],
189 'dependencies': [
190 '../base/base.gyp:base',
191 'sandbox_services',
192 'seccomp_bpf',
193 ],
194 'defines': [
195 'SANDBOX_IMPLEMENTATION',
196 ],
197 'include_dirs': [
198 '../..',
199 ],
200 },
201 {
202 # The setuid sandbox, for Linux
203 'target_name': 'chrome_sandbox',
204 'type': 'executable',
205 'sources': [
206 'suid/common/sandbox.h',
207 'suid/common/suid_unsafe_environment_variables.h',
208 'suid/process_util.h',
209 'suid/process_util_linux.c',
210 'suid/sandbox.c',
211 ],
212 'cflags': [
213 # For ULLONG_MAX
214 '-std=gnu99',
215 ],
216 'include_dirs': [
217 '../..',
218 ],
219 # Do not use any sanitizer tools with this binary. http://crbug.com/382766
220 'cflags/': [
221 ['exclude', '-fsanitize'],
222 ],
223 'ldflags/': [
224 ['exclude', '-fsanitize'],
225 ],
226 },
227 { 'target_name': 'sandbox_services',
228 'type': '<(component)',
229 'sources': [
230 'services/init_process_reaper.cc',
231 'services/init_process_reaper.h',
232 'services/proc_util.cc',
233 'services/proc_util.h',
234 'services/resource_limits.cc',
235 'services/resource_limits.h',
236 'services/scoped_process.cc',
237 'services/scoped_process.h',
238 'services/syscall_wrappers.cc',
239 'services/syscall_wrappers.h',
240 'services/thread_helpers.cc',
241 'services/thread_helpers.h',
242 'services/yama.cc',
243 'services/yama.h',
244 'syscall_broker/broker_channel.cc',
245 'syscall_broker/broker_channel.h',
246 'syscall_broker/broker_client.cc',
247 'syscall_broker/broker_client.h',
248 'syscall_broker/broker_common.h',
249 'syscall_broker/broker_file_permission.cc',
250 'syscall_broker/broker_file_permission.h',
251 'syscall_broker/broker_host.cc',
252 'syscall_broker/broker_host.h',
253 'syscall_broker/broker_policy.cc',
254 'syscall_broker/broker_policy.h',
255 'syscall_broker/broker_process.cc',
256 'syscall_broker/broker_process.h',
257 ],
258 'dependencies': [
259 '../base/base.gyp:base',
260 ],
261 'defines': [
262 'SANDBOX_IMPLEMENTATION',
263 ],
264 'conditions': [
265 ['compile_credentials==1', {
266 'sources': [
267 'services/credentials.cc',
268 'services/credentials.h',
269 'services/namespace_sandbox.cc',
270 'services/namespace_sandbox.h',
271 'services/namespace_utils.cc',
272 'services/namespace_utils.h',
273 ],
274 'dependencies': [
275 # for capability.h.
276 'sandbox_services_headers',
277 ],
278 }],
279 ],
280 'include_dirs': [
281 '..',
282 ],
283 },
284 { 'target_name': 'sandbox_services_headers',
285 'type': 'none',
286 'sources': [
287 'system_headers/arm64_linux_syscalls.h',
288 'system_headers/arm64_linux_ucontext.h',
289 'system_headers/arm_linux_syscalls.h',
290 'system_headers/arm_linux_ucontext.h',
291 'system_headers/capability.h',
292 'system_headers/i386_linux_ucontext.h',
293 'system_headers/linux_futex.h',
294 'system_headers/linux_seccomp.h',
295 'system_headers/linux_syscalls.h',
296 'system_headers/linux_time.h',
297 'system_headers/linux_ucontext.h',
298 'system_headers/mips_linux_syscalls.h',
299 'system_headers/mips_linux_ucontext.h',
300 'system_headers/x86_32_linux_syscalls.h',
301 'system_headers/x86_64_linux_syscalls.h',
302 ],
303 'include_dirs': [
304 '..',
305 ],
306 },
307 {
308 # We make this its own target so that it does not interfere
309 # with our tests, and so that it may be selectively included
310 # in ports which need it.
311 'target_name': 'libc_urandom_override',
312 'type': 'static_library',
313 'sources': [
314 'services/libc_urandom_override.cc',
315 'services/libc_urandom_override.h',
316 ],
317 'dependencies': [
318 '../base/base.gyp:base',
319 ],
320 'include_dirs': [
321 '..',
322 ],
323 },
324 {
325 'target_name': 'suid_sandbox_client',
326 'type': '<(component)',
327 'sources': [
328 'suid/common/sandbox.h',
329 'suid/common/suid_unsafe_environment_variables.h',
330 'suid/client/setuid_sandbox_client.cc',
331 'suid/client/setuid_sandbox_client.h',
332 'suid/client/setuid_sandbox_host.cc',
333 'suid/client/setuid_sandbox_host.h',
334 ],
335 'defines': [
336 'SANDBOX_IMPLEMENTATION',
337 ],
338 'dependencies': [
339 '../base/base.gyp:base',
340 'sandbox_services',
341 ],
342 'include_dirs': [
343 '..',
344 ],
345 },
346 {
347 'target_name': 'bpf_dsl_golden',
348 'type': 'none',
349 'actions': [
350 {
351 'action_name': 'generate',
352 'inputs': [
353 'bpf_dsl/golden/generate.py',
354 'bpf_dsl/golden/i386/ArgSizePolicy.txt',
355 'bpf_dsl/golden/i386/BasicPolicy.txt',
356 'bpf_dsl/golden/i386/ElseIfPolicy.txt',
357 'bpf_dsl/golden/i386/MaskingPolicy.txt',
358 'bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt',
359 'bpf_dsl/golden/i386/NegativeConstantsPolicy.txt',
360 'bpf_dsl/golden/i386/SwitchPolicy.txt',
361 'bpf_dsl/golden/x86-64/ArgSizePolicy.txt',
362 'bpf_dsl/golden/x86-64/BasicPolicy.txt',
363 'bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt',
364 'bpf_dsl/golden/x86-64/ElseIfPolicy.txt',
365 'bpf_dsl/golden/x86-64/MaskingPolicy.txt',
366 'bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt',
367 'bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt',
368 'bpf_dsl/golden/x86-64/SwitchPolicy.txt',
369 ],
370 'outputs': [
371 '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_files.h',
372 ],
373 'action': [
374 'python',
375 'linux/bpf_dsl/golden/generate.py',
376 '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_files.h',
377 'linux/bpf_dsl/golden/i386/ArgSizePolicy.txt',
378 'linux/bpf_dsl/golden/i386/BasicPolicy.txt',
379 'linux/bpf_dsl/golden/i386/ElseIfPolicy.txt',
380 'linux/bpf_dsl/golden/i386/MaskingPolicy.txt',
381 'linux/bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt',
382 'linux/bpf_dsl/golden/i386/NegativeConstantsPolicy.txt',
383 'linux/bpf_dsl/golden/i386/SwitchPolicy.txt',
384 'linux/bpf_dsl/golden/x86-64/ArgSizePolicy.txt',
385 'linux/bpf_dsl/golden/x86-64/BasicPolicy.txt',
386 'linux/bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt',
387 'linux/bpf_dsl/golden/x86-64/ElseIfPolicy.txt',
388 'linux/bpf_dsl/golden/x86-64/MaskingPolicy.txt',
389 'linux/bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt',
390 'linux/bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt',
391 'linux/bpf_dsl/golden/x86-64/SwitchPolicy.txt',
392 ],
393 'message': 'Generating header from golden files ...',
394 },
395 ],
396 },
397 ],
398 'conditions': [
399 [ 'OS=="android"', {
400 'targets': [
401 {
402 'target_name': 'sandbox_linux_unittests_stripped',
403 'type': 'none',
404 'dependencies': [ 'sandbox_linux_unittests' ],
405 'actions': [{
406 'action_name': 'strip sandbox_linux_unittests',
407 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
408 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
409 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
410 }],
411 },
412 {
413 'target_name': 'sandbox_linux_unittests_deps',
414 'type': 'none',
415 'dependencies': [
416 'sandbox_linux_unittests_stripped',
417 ],
418 # For the component build, ensure dependent shared libraries are
419 # stripped and put alongside sandbox_linux_unittests to simplify pushing
420 # to the device.
421 'variables': {
422 'output_dir': '<(PRODUCT_DIR)/sandbox_linux_unittests_deps/',
423 'native_binary': '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped',
424 'include_main_binary': 0,
425 },
426 'includes': [
427 '../../build/android/native_app_dependencies.gypi'
428 ],
429 }],
430 }],
431 [ 'OS=="android"', {
432 'targets': [
433 {
434 'target_name': 'sandbox_linux_jni_unittests_apk',
435 'type': 'none',
436 'variables': {
437 'test_suite_name': 'sandbox_linux_jni_unittests',
438 },
439 'dependencies': [
440 'sandbox_linux_jni_unittests',
441 ],
442 'includes': [ '../../build/apk_test.gypi' ],
443 }
444 ],
445 }],
446 ['test_isolation_mode != "noop"', {
447 'targets': [
448 {
449 'target_name': 'sandbox_linux_unittests_run',
450 'type': 'none',
451 'dependencies': [
452 'sandbox_linux_unittests',
453 ],
454 'includes': [
455 '../../build/isolate.gypi',
456 ],
457 'sources': [
458 '../sandbox_linux_unittests.isolate',
459 ],
460 },
461 ],
462 }],
463 ],
464 }