| blob | 59c61ff1e136fa7305fed05442df733f56b493ed |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 {
6 'variables': {
7 'conditions': [
8 ['OS=="linux"', {
9 'compile_suid_client': 1,
10 'compile_credentials': 1,
11 }, {
12 'compile_suid_client': 0,
13 'compile_credentials': 0,
14 }],
15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', {
16 'compile_seccomp_bpf_demo': 1,
17 }, {
18 'compile_seccomp_bpf_demo': 0,
19 }],
20 ],
21 },
22 'target_defaults': {
23 'target_conditions': [
24 # All linux/ files will automatically be excluded on Android
25 # so make sure we re-include them explicitly.
26 ['OS == "android"', {
27 'sources/': [
28 ['include', '^linux/'],
29 ],
30 }],
31 ],
32 },
33 'targets': [
34 # We have two principal targets: sandbox and sandbox_linux_unittests
35 # All other targets are listed as dependencies.
36 # There is one notable exception: for historical reasons, chrome_sandbox is
37 # the setuid sandbox and is its own target.
38 {
39 'target_name': 'sandbox',
40 'type': 'none',
41 'dependencies': [
42 'sandbox_services',
43 ],
44 'conditions': [
45 [ 'compile_suid_client==1', {
46 'dependencies': [
47 'suid_sandbox_client',
48 ],
49 }],
50 # Compile seccomp BPF when we support it.
51 [ 'use_seccomp_bpf==1', {
52 'dependencies': [
53 'seccomp_bpf',
54 'seccomp_bpf_helpers',
55 ],
56 }],
57 ],
58 },
59 {
60 # The main sandboxing test target.
61 'target_name': 'sandbox_linux_unittests',
62 'includes': [
63 'sandbox_linux_test_sources.gypi',
64 ],
65 'type': 'executable',
66 },
67 {
68 # This target is the shared library used by Android APK (i.e.
69 # JNI-friendly) tests.
70 'target_name': 'sandbox_linux_jni_unittests',
71 'includes': [
72 'sandbox_linux_test_sources.gypi',
73 ],
74 'type': 'shared_library',
75 'conditions': [
76 [ 'OS == "android" and gtest_target_type == "shared_library"', {
77 'dependencies': [
78 '../testing/android/native_test.gyp:native_test_native_code',
79 ],
80 }],
81 ],
82 },
83 {
84 'target_name': 'seccomp_bpf',
85 'type': 'static_library',
86 'sources': [
87 'seccomp-bpf/basicblock.cc',
88 'seccomp-bpf/basicblock.h',
89 'seccomp-bpf/codegen.cc',
90 'seccomp-bpf/codegen.h',
91 'seccomp-bpf/die.cc',
92 'seccomp-bpf/die.h',
93 'seccomp-bpf/errorcode.cc',
94 'seccomp-bpf/errorcode.h',
95 'seccomp-bpf/instruction.h',
96 'seccomp-bpf/linux_seccomp.h',
97 'seccomp-bpf/sandbox_bpf.cc',
98 'seccomp-bpf/sandbox_bpf.h',
99 'seccomp-bpf/sandbox_bpf_policy.h',
100 'seccomp-bpf/syscall.cc',
101 'seccomp-bpf/syscall.h',
102 'seccomp-bpf/syscall_iterator.cc',
103 'seccomp-bpf/syscall_iterator.h',
104 'seccomp-bpf/trap.cc',
105 'seccomp-bpf/trap.h',
106 'seccomp-bpf/verifier.cc',
107 'seccomp-bpf/verifier.h',
108 ],
109 'dependencies': [
110 '../base/base.gyp:base',
111 'sandbox_services_headers',
112 ],
113 'include_dirs': [
114 '../..',
115 ],
116 },
117 {
118 'target_name': 'seccomp_bpf_helpers',
119 'type': 'static_library',
120 'sources': [
121 'seccomp-bpf-helpers/baseline_policy.cc',
122 'seccomp-bpf-helpers/baseline_policy.h',
123 'seccomp-bpf-helpers/sigsys_handlers.cc',
124 'seccomp-bpf-helpers/sigsys_handlers.h',
125 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
126 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
127 'seccomp-bpf-helpers/syscall_sets.cc',
128 'seccomp-bpf-helpers/syscall_sets.h',
129 ],
130 'dependencies': [
131 ],
132 'include_dirs': [
133 '../..',
134 ],
135 },
136 {
137 # A demonstration program for the seccomp-bpf sandbox.
138 'target_name': 'seccomp_bpf_demo',
139 'conditions': [
140 ['compile_seccomp_bpf_demo==1', {
141 'type': 'executable',
142 'sources': [
143 'seccomp-bpf/demo.cc',
144 ],
145 'dependencies': [
146 'seccomp_bpf',
147 ],
148 }, {
149 'type': 'none',
150 }],
151 ],
152 'include_dirs': [
153 '../../',
154 ],
155 },
156 {
157 # The setuid sandbox, for Linux
158 'target_name': 'chrome_sandbox',
159 'type': 'executable',
160 'sources': [
161 'suid/common/sandbox.h',
162 'suid/common/suid_unsafe_environment_variables.h',
163 'suid/linux_util.c',
164 'suid/linux_util.h',
165 'suid/process_util.h',
166 'suid/process_util_linux.c',
167 'suid/sandbox.c',
168 ],
169 'cflags': [
170 # For ULLONG_MAX
171 '-std=gnu99',
172 ],
173 'include_dirs': [
174 '../..',
175 ],
176 },
177 { 'target_name': 'sandbox_services',
178 'type': 'static_library',
179 'sources': [
180 'services/broker_process.cc',
181 'services/broker_process.h',
182 'services/init_process_reaper.cc',
183 'services/init_process_reaper.h',
184 'services/scoped_process.cc',
185 'services/scoped_process.h',
186 'services/thread_helpers.cc',
187 'services/thread_helpers.h',
188 'services/yama.h',
189 'services/yama.cc',
190 ],
191 'dependencies': [
192 '../base/base.gyp:base',
193 ],
194 'conditions': [
195 ['compile_credentials==1', {
196 'sources': [
197 'services/credentials.cc',
198 'services/credentials.h',
199 ],
200 'dependencies': [
201 # for capabilities.cc.
202 '../build/linux/system.gyp:libcap',
203 ],
204 }],
205 ],
206 'include_dirs': [
207 '..',
208 ],
209 },
210 { 'target_name': 'sandbox_services_headers',
211 'type': 'none',
212 'sources': [
213 'services/android_arm_ucontext.h',
214 'services/android_ucontext.h',
215 'services/android_i386_ucontext.h',
216 'services/arm_linux_syscalls.h',
217 'services/linux_syscalls.h',
218 'services/x86_32_linux_syscalls.h',
219 'services/x86_64_linux_syscalls.h',
220 ],
221 'include_dirs': [
222 '..',
223 ],
224 },
225 {
226 # We make this its own target so that it does not interfere
227 # with our tests.
228 'target_name': 'libc_urandom_override',
229 'type': 'static_library',
230 'sources': [
231 'services/libc_urandom_override.cc',
232 'services/libc_urandom_override.h',
233 ],
234 'dependencies': [
235 '../base/base.gyp:base',
236 ],
237 'include_dirs': [
238 '..',
239 ],
240 },
241 {
242 'target_name': 'suid_sandbox_client',
243 'type': 'static_library',
244 'sources': [
245 'suid/common/sandbox.h',
246 'suid/common/suid_unsafe_environment_variables.h',
247 'suid/client/setuid_sandbox_client.cc',
248 'suid/client/setuid_sandbox_client.h',
249 ],
250 'dependencies': [
251 '../base/base.gyp:base',
252 'sandbox_services',
253 ],
254 'include_dirs': [
255 '..',
256 ],
257 },
258 ],
259 'conditions': [
260 [ 'OS=="android"', {
261 'targets': [
262 {
263 'target_name': 'sandbox_linux_unittests_stripped',
264 'type': 'none',
265 'dependencies': [ 'sandbox_linux_unittests' ],
266 'actions': [{
267 'action_name': 'strip sandbox_linux_unittests',
268 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
269 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
270 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
271 }],
272 }
273 ],
274 }],
275 # Strategy copied from base_unittests_apk in base/base.gyp.
276 [ 'OS=="android" and gtest_target_type == "shared_library"', {
277 'targets': [
278 {
279 'target_name': 'sandbox_linux_jni_unittests_apk',
280 'type': 'none',
281 'variables': {
282 'test_suite_name': 'sandbox_linux_jni_unittests',
283 'input_shlib_path':
284 '<(SHARED_LIB_DIR)/<(SHARED_LIB_PREFIX)'
285 'sandbox_linux_jni_unittests'
286 '<(SHARED_LIB_SUFFIX)',
287 },
288 'dependencies': [
289 'sandbox_linux_jni_unittests',
290 ],
291 'includes': [ '../../build/apk_test.gypi' ],
292 }
293 ],
294 }],
295 ],
296 }