| blob | adcfd3f9ef3a5fe1b58be3317cb758838997c943 |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file.
5 {
6 'variables': {
7 'conditions': [
8 ['OS=="linux"', {
9 'compile_suid_client': 1,
10 'compile_credentials': 1,
11 }, {
12 'compile_suid_client': 0,
13 'compile_credentials': 0,
14 }],
15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or '
16 'target_arch=="mipsel")', {
17 'compile_seccomp_bpf_demo': 1,
18 }, {
19 'compile_seccomp_bpf_demo': 0,
20 }],
21 ],
22 },
23 'target_defaults': {
24 'target_conditions': [
25 # All linux/ files will automatically be excluded on Android
26 # so make sure we re-include them explicitly.
27 ['OS == "android"', {
28 'sources/': [
29 ['include', '^linux/'],
30 ],
31 }],
32 ],
33 },
34 'targets': [
35 # We have two principal targets: sandbox and sandbox_linux_unittests
36 # All other targets are listed as dependencies.
37 # There is one notable exception: for historical reasons, chrome_sandbox is
38 # the setuid sandbox and is its own target.
39 {
40 'target_name': 'sandbox',
41 'type': 'none',
42 'dependencies': [
43 'sandbox_services',
44 ],
45 'conditions': [
46 [ 'compile_suid_client==1', {
47 'dependencies': [
48 'suid_sandbox_client',
49 ],
50 }],
51 # Compile seccomp BPF when we support it.
52 [ 'use_seccomp_bpf==1', {
53 'dependencies': [
54 'seccomp_bpf',
55 'seccomp_bpf_helpers',
56 ],
57 }],
58 ],
59 },
60 {
61 'target_name': 'sandbox_linux_test_utils',
62 'type': 'static_library',
63 'dependencies': [
64 '../testing/gtest.gyp:gtest',
65 ],
66 'include_dirs': [
67 '../..',
68 ],
69 'sources': [
70 'tests/sandbox_test_runner.cc',
71 'tests/sandbox_test_runner.h',
72 'tests/sandbox_test_runner_function_pointer.cc',
73 'tests/sandbox_test_runner_function_pointer.h',
74 'tests/test_utils.cc',
75 'tests/test_utils.h',
76 'tests/unit_tests.cc',
77 'tests/unit_tests.h',
78 ],
79 'conditions': [
80 [ 'use_seccomp_bpf==1', {
81 'sources': [
82 'seccomp-bpf/bpf_tester_compatibility_delegate.h',
83 'seccomp-bpf/bpf_tests.h',
84 'seccomp-bpf/sandbox_bpf_test_runner.cc',
85 'seccomp-bpf/sandbox_bpf_test_runner.h',
86 ],
87 'dependencies': [
88 'seccomp_bpf',
89 ]
90 }],
91 ],
92 },
93 {
94 # The main sandboxing test target.
95 'target_name': 'sandbox_linux_unittests',
96 'includes': [
97 'sandbox_linux_test_sources.gypi',
98 ],
99 'type': 'executable',
100 },
101 {
102 # This target is the shared library used by Android APK (i.e.
103 # JNI-friendly) tests.
104 'target_name': 'sandbox_linux_jni_unittests',
105 'includes': [
106 'sandbox_linux_test_sources.gypi',
107 ],
108 'type': 'shared_library',
109 'conditions': [
110 [ 'OS == "android"', {
111 'dependencies': [
112 '../testing/android/native_test.gyp:native_test_native_code',
113 ],
114 }],
115 ],
116 },
117 {
118 'target_name': 'seccomp_bpf',
119 'type': '<(component)',
120 'sources': [
121 'bpf_dsl/bpf_dsl.cc',
122 'bpf_dsl/bpf_dsl.h',
123 'bpf_dsl/cons.h',
124 'seccomp-bpf/basicblock.cc',
125 'seccomp-bpf/basicblock.h',
126 'seccomp-bpf/codegen.cc',
127 'seccomp-bpf/codegen.h',
128 'seccomp-bpf/die.cc',
129 'seccomp-bpf/die.h',
130 'seccomp-bpf/errorcode.cc',
131 'seccomp-bpf/errorcode.h',
132 'seccomp-bpf/instruction.h',
133 'seccomp-bpf/linux_seccomp.h',
134 'seccomp-bpf/sandbox_bpf.cc',
135 'seccomp-bpf/sandbox_bpf.h',
136 'seccomp-bpf/sandbox_bpf_policy.cc',
137 'seccomp-bpf/sandbox_bpf_policy.h',
138 'seccomp-bpf/syscall.cc',
139 'seccomp-bpf/syscall.h',
140 'seccomp-bpf/syscall_iterator.cc',
141 'seccomp-bpf/syscall_iterator.h',
142 'seccomp-bpf/trap.cc',
143 'seccomp-bpf/trap.h',
144 'seccomp-bpf/verifier.cc',
145 'seccomp-bpf/verifier.h',
146 ],
147 'dependencies': [
148 '../base/base.gyp:base',
149 'sandbox_services_headers',
150 ],
151 'defines': [
152 'SANDBOX_IMPLEMENTATION',
153 ],
154 'include_dirs': [
155 '../..',
156 ],
157 },
158 {
159 'target_name': 'seccomp_bpf_helpers',
160 'type': '<(component)',
161 'sources': [
162 'seccomp-bpf-helpers/baseline_policy.cc',
163 'seccomp-bpf-helpers/baseline_policy.h',
164 'seccomp-bpf-helpers/sigsys_handlers.cc',
165 'seccomp-bpf-helpers/sigsys_handlers.h',
166 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
167 'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
168 'seccomp-bpf-helpers/syscall_sets.cc',
169 'seccomp-bpf-helpers/syscall_sets.h',
170 ],
171 'dependencies': [
172 '../base/base.gyp:base',
173 'seccomp_bpf',
174 ],
175 'defines': [
176 'SANDBOX_IMPLEMENTATION',
177 ],
178 'include_dirs': [
179 '../..',
180 ],
181 },
182 {
183 # The setuid sandbox, for Linux
184 'target_name': 'chrome_sandbox',
185 'type': 'executable',
186 'sources': [
187 'suid/common/sandbox.h',
188 'suid/common/suid_unsafe_environment_variables.h',
189 'suid/process_util.h',
190 'suid/process_util_linux.c',
191 'suid/sandbox.c',
192 ],
193 'cflags': [
194 # For ULLONG_MAX
195 '-std=gnu99',
196 ],
197 'include_dirs': [
198 '../..',
199 ],
200 # Do not use any sanitizer tools with this binary. http://crbug.com/382766
201 'cflags/': [
202 ['exclude', '-fsanitize'],
203 ],
204 'ldflags/': [
205 ['exclude', '-fsanitize'],
206 ],
207 },
208 { 'target_name': 'sandbox_services',
209 'type': '<(component)',
210 'sources': [
211 'services/broker_process.cc',
212 'services/broker_process.h',
213 'services/init_process_reaper.cc',
214 'services/init_process_reaper.h',
215 'services/scoped_process.cc',
216 'services/scoped_process.h',
217 'services/thread_helpers.cc',
218 'services/thread_helpers.h',
219 'services/yama.h',
220 'services/yama.cc',
221 ],
222 'dependencies': [
223 '../base/base.gyp:base',
224 ],
225 'defines': [
226 'SANDBOX_IMPLEMENTATION',
227 ],
228 'conditions': [
229 ['compile_credentials==1', {
230 'sources': [
231 'services/credentials.cc',
232 'services/credentials.h',
233 ],
234 'dependencies': [
235 # for capabilities.cc.
236 '../build/linux/system.gyp:libcap',
237 ],
238 }],
239 ],
240 'include_dirs': [
241 '..',
242 ],
243 },
244 { 'target_name': 'sandbox_services_headers',
245 'type': 'none',
246 'sources': [
247 'services/android_arm_ucontext.h',
248 'services/android_arm64_ucontext.h',
249 'services/android_futex.h',
250 'services/android_ucontext.h',
251 'services/android_i386_ucontext.h',
252 'services/android_mips_ucontext.h',
253 'services/arm_linux_syscalls.h',
254 'services/arm64_linux_syscalls.h',
255 'services/mips_linux_syscalls.h',
256 'services/linux_syscalls.h',
257 'services/x86_32_linux_syscalls.h',
258 'services/x86_64_linux_syscalls.h',
259 ],
260 'include_dirs': [
261 '..',
262 ],
263 },
264 {
265 # We make this its own target so that it does not interfere
266 # with our tests.
267 'target_name': 'libc_urandom_override',
268 'type': 'static_library',
269 'sources': [
270 'services/libc_urandom_override.cc',
271 'services/libc_urandom_override.h',
272 ],
273 'dependencies': [
274 '../base/base.gyp:base',
275 ],
276 'include_dirs': [
277 '..',
278 ],
279 },
280 {
281 'target_name': 'suid_sandbox_client',
282 'type': '<(component)',
283 'sources': [
284 'suid/common/sandbox.h',
285 'suid/common/suid_unsafe_environment_variables.h',
286 'suid/client/setuid_sandbox_client.cc',
287 'suid/client/setuid_sandbox_client.h',
288 ],
289 'defines': [
290 'SANDBOX_IMPLEMENTATION',
291 ],
292 'dependencies': [
293 '../base/base.gyp:base',
294 'sandbox_services',
295 ],
296 'include_dirs': [
297 '..',
298 ],
299 },
300 ],
301 'conditions': [
302 [ 'OS=="android"', {
303 'targets': [
304 {
305 'target_name': 'sandbox_linux_unittests_stripped',
306 'type': 'none',
307 'dependencies': [ 'sandbox_linux_unittests' ],
308 'actions': [{
309 'action_name': 'strip sandbox_linux_unittests',
310 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
311 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
312 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
313 }],
314 }
315 ],
316 }],
317 [ 'OS=="android"', {
318 'targets': [
319 {
320 'target_name': 'sandbox_linux_jni_unittests_apk',
321 'type': 'none',
322 'variables': {
323 'test_suite_name': 'sandbox_linux_jni_unittests',
324 },
325 'dependencies': [
326 'sandbox_linux_jni_unittests',
327 ],
328 'includes': [ '../../build/apk_test.gypi' ],
329 }
330 ],
331 }],
332 ['test_isolation_mode != "noop"', {
333 'targets': [
334 {
335 'target_name': 'sandbox_linux_unittests_run',
336 'type': 'none',
337 'dependencies': [
338 'sandbox_linux_unittests',
339 ],
340 'includes': [
341 '../../build/isolate.gypi',
342 '../sandbox_linux_unittests.isolate',
343 ],
344 'sources': [
345 '../sandbox_linux_unittests.isolate',
346 ],
347 },
348 ],
349 }],
350 ],
351 }