1# Copyright (c) 2012 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5{
6  'variables': {
7    'conditions': [
8      ['OS=="linux"', {
9        'compile_suid_client': 1,
10        'compile_credentials': 1,
11      }, {
12        'compile_suid_client': 0,
13        'compile_credentials': 0,
14      }],
15      ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or '
16         'target_arch=="mipsel")', {
17        'compile_seccomp_bpf_demo': 1,
18      }, {
19        'compile_seccomp_bpf_demo': 0,
20      }],
21    ],
22  },
23  'target_defaults': {
24    'target_conditions': [
25      # All linux/ files will automatically be excluded on Android
26      # so make sure we re-include them explicitly.
27      ['OS == "android"', {
28        'sources/': [
29          ['include', '^linux/'],
30        ],
31      }],
32    ],
33  },
34  'targets': [
35    # We have two principal targets: sandbox and sandbox_linux_unittests
36    # All other targets are listed as dependencies.
37    # There is one notable exception: for historical reasons, chrome_sandbox is
38    # the setuid sandbox and is its own target.
39    {
40      'target_name': 'sandbox',
41      'type': 'none',
42      'dependencies': [
43        'sandbox_services',
44      ],
45      'conditions': [
46        [ 'compile_suid_client==1', {
47          'dependencies': [
48            'suid_sandbox_client',
49          ],
50        }],
51        # Compile seccomp BPF when we support it.
52        [ 'use_seccomp_bpf==1', {
53          'dependencies': [
54            'seccomp_bpf',
55            'seccomp_bpf_helpers',
56          ],
57        }],
58      ],
59    },
60    {
61      'target_name': 'sandbox_linux_test_utils',
62      'type': 'static_library',
63      'dependencies': [
64        '../testing/gtest.gyp:gtest',
65      ],
66      'include_dirs': [
67        '../..',
68      ],
69      'sources': [
70        'tests/sandbox_test_runner.cc',
71        'tests/sandbox_test_runner.h',
72        'tests/sandbox_test_runner_function_pointer.cc',
73        'tests/sandbox_test_runner_function_pointer.h',
74        'tests/test_utils.cc',
75        'tests/test_utils.h',
76        'tests/unit_tests.cc',
77        'tests/unit_tests.h',
78      ],
79      'conditions': [
80        [ 'use_seccomp_bpf==1', {
81          'sources': [
82            'seccomp-bpf/bpf_tester_compatibility_delegate.h',
83            'seccomp-bpf/bpf_tests.h',
84            'seccomp-bpf/sandbox_bpf_test_runner.cc',
85            'seccomp-bpf/sandbox_bpf_test_runner.h',
86          ],
87          'dependencies': [
88            'seccomp_bpf',
89          ]
90        }],
91      ],
92    },
93    {
94      # The main sandboxing test target.
95      'target_name': 'sandbox_linux_unittests',
96      'includes': [
97        'sandbox_linux_test_sources.gypi',
98      ],
99      'type': 'executable',
100    },
101    {
102      # This target is the shared library used by Android APK (i.e.
103      # JNI-friendly) tests.
104      'target_name': 'sandbox_linux_jni_unittests',
105      'includes': [
106        'sandbox_linux_test_sources.gypi',
107      ],
108      'type': 'shared_library',
109      'conditions': [
110        [ 'OS == "android"', {
111          'dependencies': [
112            '../testing/android/native_test.gyp:native_test_native_code',
113          ],
114        }],
115      ],
116    },
117    {
118      'target_name': 'seccomp_bpf',
119      'type': '<(component)',
120      'sources': [
121        'bpf_dsl/bpf_dsl.cc',
122        'bpf_dsl/bpf_dsl.h',
123        'bpf_dsl/cons.h',
124        'seccomp-bpf/basicblock.cc',
125        'seccomp-bpf/basicblock.h',
126        'seccomp-bpf/codegen.cc',
127        'seccomp-bpf/codegen.h',
128        'seccomp-bpf/die.cc',
129        'seccomp-bpf/die.h',
130        'seccomp-bpf/errorcode.cc',
131        'seccomp-bpf/errorcode.h',
132        'seccomp-bpf/instruction.h',
133        'seccomp-bpf/linux_seccomp.h',
134        'seccomp-bpf/sandbox_bpf.cc',
135        'seccomp-bpf/sandbox_bpf.h',
136        'seccomp-bpf/sandbox_bpf_policy.cc',
137        'seccomp-bpf/sandbox_bpf_policy.h',
138        'seccomp-bpf/syscall.cc',
139        'seccomp-bpf/syscall.h',
140        'seccomp-bpf/syscall_iterator.cc',
141        'seccomp-bpf/syscall_iterator.h',
142        'seccomp-bpf/trap.cc',
143        'seccomp-bpf/trap.h',
144        'seccomp-bpf/verifier.cc',
145        'seccomp-bpf/verifier.h',
146      ],
147      'dependencies': [
148        '../base/base.gyp:base',
149        'sandbox_services_headers',
150      ],
151      'defines': [
152        'SANDBOX_IMPLEMENTATION',
153      ],
154      'include_dirs': [
155        '../..',
156      ],
157    },
158    {
159      'target_name': 'seccomp_bpf_helpers',
160      'type': '<(component)',
161      'sources': [
162        'seccomp-bpf-helpers/baseline_policy.cc',
163        'seccomp-bpf-helpers/baseline_policy.h',
164        'seccomp-bpf-helpers/sigsys_handlers.cc',
165        'seccomp-bpf-helpers/sigsys_handlers.h',
166        'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
167        'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
168        'seccomp-bpf-helpers/syscall_sets.cc',
169        'seccomp-bpf-helpers/syscall_sets.h',
170      ],
171      'dependencies': [
172        '../base/base.gyp:base',
173        'seccomp_bpf',
174      ],
175      'defines': [
176        'SANDBOX_IMPLEMENTATION',
177      ],
178      'include_dirs': [
179        '../..',
180      ],
181    },
182    {
183      # The setuid sandbox, for Linux
184      'target_name': 'chrome_sandbox',
185      'type': 'executable',
186      'sources': [
187        'suid/common/sandbox.h',
188        'suid/common/suid_unsafe_environment_variables.h',
189        'suid/process_util.h',
190        'suid/process_util_linux.c',
191        'suid/sandbox.c',
192      ],
193      'cflags': [
194        # For ULLONG_MAX
195        '-std=gnu99',
196      ],
197      'include_dirs': [
198        '../..',
199      ],
200      # Do not use any sanitizer tools with this binary. http://crbug.com/382766
201      'cflags/': [
202        ['exclude', '-fsanitize'],
203      ],
204      'ldflags/': [
205        ['exclude', '-fsanitize'],
206      ],
207    },
208    { 'target_name': 'sandbox_services',
209      'type': '<(component)',
210      'sources': [
211        'services/broker_process.cc',
212        'services/broker_process.h',
213        'services/init_process_reaper.cc',
214        'services/init_process_reaper.h',
215        'services/scoped_process.cc',
216        'services/scoped_process.h',
217        'services/thread_helpers.cc',
218        'services/thread_helpers.h',
219        'services/yama.h',
220        'services/yama.cc',
221      ],
222      'dependencies': [
223        '../base/base.gyp:base',
224      ],
225      'defines': [
226        'SANDBOX_IMPLEMENTATION',
227      ],
228      'conditions': [
229        ['compile_credentials==1', {
230          'sources': [
231            'services/credentials.cc',
232            'services/credentials.h',
233          ],
234          'dependencies': [
235            # for capabilities.cc.
236            '../build/linux/system.gyp:libcap',
237          ],
238        }],
239      ],
240      'include_dirs': [
241        '..',
242      ],
243    },
244    { 'target_name': 'sandbox_services_headers',
245      'type': 'none',
246      'sources': [
247        'services/android_arm_ucontext.h',
248        'services/android_arm64_ucontext.h',
249        'services/android_futex.h',
250        'services/android_ucontext.h',
251        'services/android_i386_ucontext.h',
252        'services/android_mips_ucontext.h',
253        'services/arm_linux_syscalls.h',
254        'services/arm64_linux_syscalls.h',
255        'services/mips_linux_syscalls.h',
256        'services/linux_syscalls.h',
257        'services/x86_32_linux_syscalls.h',
258        'services/x86_64_linux_syscalls.h',
259      ],
260      'include_dirs': [
261        '..',
262      ],
263    },
264    {
265      # We make this its own target so that it does not interfere
266      # with our tests.
267      'target_name': 'libc_urandom_override',
268      'type': 'static_library',
269      'sources': [
270        'services/libc_urandom_override.cc',
271        'services/libc_urandom_override.h',
272      ],
273      'dependencies': [
274        '../base/base.gyp:base',
275      ],
276      'include_dirs': [
277        '..',
278      ],
279    },
280    {
281      'target_name': 'suid_sandbox_client',
282      'type': '<(component)',
283      'sources': [
284        'suid/common/sandbox.h',
285        'suid/common/suid_unsafe_environment_variables.h',
286        'suid/client/setuid_sandbox_client.cc',
287        'suid/client/setuid_sandbox_client.h',
288      ],
289      'defines': [
290        'SANDBOX_IMPLEMENTATION',
291      ],
292      'dependencies': [
293        '../base/base.gyp:base',
294        'sandbox_services',
295      ],
296      'include_dirs': [
297        '..',
298      ],
299    },
300  ],
301  'conditions': [
302    [ 'OS=="android"', {
303      'targets': [
304        {
305        'target_name': 'sandbox_linux_unittests_stripped',
306        'type': 'none',
307        'dependencies': [ 'sandbox_linux_unittests' ],
308        'actions': [{
309          'action_name': 'strip sandbox_linux_unittests',
310          'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
311          'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
312          'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
313          }],
314        }
315      ],
316    }],
317    [ 'OS=="android"', {
318      'targets': [
319        {
320        'target_name': 'sandbox_linux_jni_unittests_apk',
321        'type': 'none',
322        'variables': {
323          'test_suite_name': 'sandbox_linux_jni_unittests',
324        },
325        'dependencies': [
326          'sandbox_linux_jni_unittests',
327        ],
328        'includes': [ '../../build/apk_test.gypi' ],
329        }
330      ],
331    }],
332    ['test_isolation_mode != "noop"', {
333      'targets': [
334        {
335          'target_name': 'sandbox_linux_unittests_run',
336          'type': 'none',
337          'dependencies': [
338            'sandbox_linux_unittests',
339          ],
340          'includes': [
341            '../../build/isolate.gypi',
342            '../sandbox_linux_unittests.isolate',
343          ],
344          'sources': [
345            '../sandbox_linux_unittests.isolate',
346          ],
347        },
348      ],
349    }],
350  ],
351}
352