| blob | 75f37c935ce8df53f3491cdeaff51c8b3e466082 |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 {
6 'variables': {
7 'conditions': [
8 ['OS=="linux"', {
9 'compile_suid_client': 1,
10 'compile_credentials': 1,
11 }, {
12 'compile_suid_client': 0,
13 'compile_credentials': 0,
14 }],
15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', {
16 'compile_seccomp_bpf_demo': 1,
17 }, {
18 'compile_seccomp_bpf_demo': 0,
19 }],
20 ],
21 },
22 'target_defaults': {
23 'target_conditions': [
24 # All linux/ files will automatically be excluded on Android
25 # so make sure we re-include them explicitly.
26 ['OS == "android"', {
27 'sources/': [
28 ['include', '^linux/'],
29 ],
30 }],
31 ],
32 },
33 'targets': [
34 # We have two principal targets: sandbox and sandbox_linux_unittests
35 # All other targets are listed as dependencies.
36 # There is one notable exception: for historical reasons, chrome_sandbox is
37 # the setuid sandbox and is its own target.
38 {
39 'target_name': 'sandbox',
40 'type': 'none',
41 'dependencies': [
42 'sandbox_services',
43 ],
44 'conditions': [
45 [ 'compile_suid_client==1', {
46 'dependencies': [
47 'suid_sandbox_client',
48 ],
49 }],
50 # Compile seccomp BPF when we support it.
51 [ 'use_seccomp_bpf==1', {
52 'dependencies': [
53 'seccomp_bpf',
54 'seccomp_bpf_helpers',
55 ],
56 }],
57 ],
58 },
59 {
60 # The main sandboxing test target.
61 'target_name': 'sandbox_linux_unittests',
62 'includes': [
63 'sandbox_linux_test_sources.gypi',
64 ],
65 'type': 'executable',
66 },
67 {
68 # This target is the shared library used by Android APK (i.e.
69 # JNI-friendly) tests.
70 'target_name': 'sandbox_linux_jni_unittests',
71 'includes': [
72 'sandbox_linux_test_sources.gypi',
73 ],
74 'type': 'shared_library',
75 'conditions': [
76 [ 'OS == "android" and gtest_target_type == "shared_library"', {
77 'dependencies': [
78 '../testing/android/native_test.gyp:native_test_native_code',
79 ],
80 }],
81 ],
82 },
83 {
84 'target_name': 'seccomp_bpf',
85 'type': '<(component)',
86 'sources': [
87 'seccomp-bpf/basicblock.cc',
88 'seccomp-bpf/basicblock.h',
89 'seccomp-bpf/codegen.cc',
90 'seccomp-bpf/codegen.h',
91 'seccomp-bpf/die.cc',
92 'seccomp-bpf/die.h',
93 'seccomp-bpf/errorcode.cc',
94 'seccomp-bpf/errorcode.h',
95 'seccomp-bpf/instruction.h',
96 'seccomp-bpf/linux_seccomp.h',
97 'seccomp-bpf/sandbox_bpf.cc',
98 'seccomp-bpf/sandbox_bpf.h',
99 'seccomp-bpf/sandbox_bpf_policy.h',
100 'seccomp-bpf/syscall.cc',
101 'seccomp-bpf/syscall.h',
102 'seccomp-bpf/syscall_iterator.cc',
103 'seccomp-bpf/syscall_iterator.h',
104 'seccomp-bpf/trap.cc',
105 'seccomp-bpf/trap.h',
106 'seccomp-bpf/verifier.cc',
107 'seccomp-bpf/verifier.h',
108 ],
109 'dependencies': [
110 '../base/base.gyp:base',
111 'sandbox_services_headers',
112 ],
113 'defines': [
114 'SANDBOX_IMPLEMENTATION',
115 ],
116 'include_dirs': [
117 '../..',
118 ],
119 },
120 {
121 'target_name': 'seccomp_bpf_helpers',
122 'type': '<(component)',
123 'sources': [
124 'seccomp-bpf-helpers/baseline_policy.cc',
125 'seccomp-bpf-helpers/baseline_policy.h',
126 'seccomp-bpf-helpers/sigsys_handlers.cc',
127 'seccomp-bpf-helpers/sigsys_handlers.h',
128 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
129 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
130 'seccomp-bpf-helpers/syscall_sets.cc',
131 'seccomp-bpf-helpers/syscall_sets.h',
132 ],
133 'dependencies': [
134 '../base/base.gyp:base',
135 'seccomp_bpf',
136 ],
137 'defines': [
138 'SANDBOX_IMPLEMENTATION',
139 ],
140 'include_dirs': [
141 '../..',
142 ],
143 },
144 {
145 # A demonstration program for the seccomp-bpf sandbox.
146 'target_name': 'seccomp_bpf_demo',
147 'conditions': [
148 ['compile_seccomp_bpf_demo==1', {
149 'type': 'executable',
150 'sources': [
151 'seccomp-bpf/demo.cc',
152 ],
153 'dependencies': [
154 'seccomp_bpf',
155 ],
156 }, {
157 'type': 'none',
158 }],
159 ],
160 'include_dirs': [
161 '../../',
162 ],
163 },
164 {
165 # The setuid sandbox, for Linux
166 'target_name': 'chrome_sandbox',
167 'type': 'executable',
168 'sources': [
169 'suid/common/sandbox.h',
170 'suid/common/suid_unsafe_environment_variables.h',
171 'suid/linux_util.c',
172 'suid/linux_util.h',
173 'suid/process_util.h',
174 'suid/process_util_linux.c',
175 'suid/sandbox.c',
176 ],
177 'cflags': [
178 # For ULLONG_MAX
179 '-std=gnu99',
180 ],
181 'include_dirs': [
182 '../..',
183 ],
184 },
185 { 'target_name': 'sandbox_services',
186 'type': '<(component)',
187 'sources': [
188 'services/broker_process.cc',
189 'services/broker_process.h',
190 'services/init_process_reaper.cc',
191 'services/init_process_reaper.h',
192 'services/scoped_process.cc',
193 'services/scoped_process.h',
194 'services/thread_helpers.cc',
195 'services/thread_helpers.h',
196 'services/yama.h',
197 'services/yama.cc',
198 ],
199 'dependencies': [
200 '../base/base.gyp:base',
201 ],
202 'defines': [
203 'SANDBOX_IMPLEMENTATION',
204 ],
205 'conditions': [
206 ['compile_credentials==1', {
207 'sources': [
208 'services/credentials.cc',
209 'services/credentials.h',
210 ],
211 'dependencies': [
212 # for capabilities.cc.
213 '../build/linux/system.gyp:libcap',
214 ],
215 }],
216 ],
217 'include_dirs': [
218 '..',
219 ],
220 },
221 { 'target_name': 'sandbox_services_headers',
222 'type': 'none',
223 'sources': [
224 'services/android_arm_ucontext.h',
225 'services/android_ucontext.h',
226 'services/android_i386_ucontext.h',
227 'services/arm_linux_syscalls.h',
228 'services/linux_syscalls.h',
229 'services/x86_32_linux_syscalls.h',
230 'services/x86_64_linux_syscalls.h',
231 ],
232 'include_dirs': [
233 '..',
234 ],
235 },
236 {
237 # We make this its own target so that it does not interfere
238 # with our tests.
239 'target_name': 'libc_urandom_override',
240 'type': 'static_library',
241 'sources': [
242 'services/libc_urandom_override.cc',
243 'services/libc_urandom_override.h',
244 ],
245 'dependencies': [
246 '../base/base.gyp:base',
247 ],
248 'include_dirs': [
249 '..',
250 ],
251 },
252 {
253 'target_name': 'suid_sandbox_client',
254 'type': '<(component)',
255 'sources': [
256 'suid/common/sandbox.h',
257 'suid/common/suid_unsafe_environment_variables.h',
258 'suid/client/setuid_sandbox_client.cc',
259 'suid/client/setuid_sandbox_client.h',
260 ],
261 'defines': [
262 'SANDBOX_IMPLEMENTATION',
263 ],
264 'dependencies': [
265 '../base/base.gyp:base',
266 'sandbox_services',
267 ],
268 'include_dirs': [
269 '..',
270 ],
271 },
272 ],
273 'conditions': [
274 [ 'OS=="android"', {
275 'targets': [
276 {
277 'target_name': 'sandbox_linux_unittests_stripped',
278 'type': 'none',
279 'dependencies': [ 'sandbox_linux_unittests' ],
280 'actions': [{
281 'action_name': 'strip sandbox_linux_unittests',
282 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
283 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
284 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
285 }],
286 }
287 ],
288 }],
289 # Strategy copied from base_unittests_apk in base/base.gyp.
290 [ 'OS=="android" and gtest_target_type == "shared_library"', {
291 'targets': [
292 {
293 'target_name': 'sandbox_linux_jni_unittests_apk',
294 'type': 'none',
295 'variables': {
296 'test_suite_name': 'sandbox_linux_jni_unittests',
297 'input_shlib_path':
298 '<(SHARED_LIB_DIR)/<(SHARED_LIB_PREFIX)'
299 'sandbox_linux_jni_unittests'
300 '<(SHARED_LIB_SUFFIX)',
301 },
302 'dependencies': [
303 'sandbox_linux_jni_unittests',
304 ],
305 'includes': [ '../../build/apk_test.gypi' ],
306 }
307 ],
308 }],
309 ],
310 }