sandbox_linux.gypi revision 0de6073388f4e2780db8536178b129cd8f6ab386 
1# Copyright (c) 2012 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5{
6  'variables': {
7    'conditions': [
8      ['OS=="linux"', {
9        'compile_suid_client': 1,
10        'compile_credentials': 1,
11      }, {
12        'compile_suid_client': 0,
13        'compile_credentials': 0,
14      }],
15      ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', {
16        'compile_seccomp_bpf_demo': 1,
17      }, {
18        'compile_seccomp_bpf_demo': 0,
19      }],
20    ],
21  },
22  'target_defaults': {
23    'target_conditions': [
24      # All linux/ files will automatically be excluded on Android
25      # so make sure we re-include them explicitly.
26      ['OS == "android"', {
27        'sources/': [
28          ['include', '^linux/'],
29        ],
30      }],
31    ],
32  },
33  'targets': [
34    # We have two principal targets: sandbox and sandbox_linux_unittests
35    # All other targets are listed as dependencies.
36    # There is one notable exception: for historical reasons, chrome_sandbox is
37    # the setuid sandbox and is its own target.
38    {
39      'target_name': 'sandbox',
40      'type': 'none',
41      'dependencies': [
42        'sandbox_services',
43      ],
44      'conditions': [
45        [ 'compile_suid_client==1', {
46          'dependencies': [
47            'suid_sandbox_client',
48          ],
49        }],
50        # Compile seccomp BPF when we support it.
51        [ 'use_seccomp_bpf==1', {
52          'dependencies': [
53            'seccomp_bpf',
54            'seccomp_bpf_helpers',
55          ],
56        }],
57      ],
58    },
59    {
60      'target_name': 'sandbox_linux_test_utils',
61      'type': 'static_library',
62      'dependencies': [
63        '../testing/gtest.gyp:gtest',
64      ],
65      'include_dirs': [
66        '../..',
67      ],
68      'sources': [
69        'tests/sandbox_test_runner.h',
70        'tests/sandbox_test_runner_function_pointer.cc',
71        'tests/sandbox_test_runner_function_pointer.h',
72        'tests/test_utils.cc',
73        'tests/test_utils.h',
74        'tests/unit_tests.cc',
75        'tests/unit_tests.h',
76      ],
77      'conditions': [
78        [ 'use_seccomp_bpf==1', {
79          'sources': [
80            'seccomp-bpf/bpf_tester_compatibility_delegate.h',
81            'seccomp-bpf/bpf_tests.h',
82            'seccomp-bpf/sandbox_bpf_test_runner.cc',
83            'seccomp-bpf/sandbox_bpf_test_runner.h',
84          ],
85          'dependencies': [
86            'seccomp_bpf',
87          ]
88        }],
89      ],
90    },
91    {
92      # The main sandboxing test target.
93      'target_name': 'sandbox_linux_unittests',
94      'includes': [
95        'sandbox_linux_test_sources.gypi',
96      ],
97      'type': 'executable',
98    },
99    {
100      # This target is the shared library used by Android APK (i.e.
101      # JNI-friendly) tests.
102      'target_name': 'sandbox_linux_jni_unittests',
103      'includes': [
104        'sandbox_linux_test_sources.gypi',
105      ],
106      'type': 'shared_library',
107      'conditions': [
108        [ 'OS == "android" and gtest_target_type == "shared_library"', {
109          'dependencies': [
110            '../testing/android/native_test.gyp:native_test_native_code',
111          ],
112        }],
113      ],
114    },
115    {
116      'target_name': 'seccomp_bpf',
117      'type': '<(component)',
118      'sources': [
119        'seccomp-bpf/basicblock.cc',
120        'seccomp-bpf/basicblock.h',
121        'seccomp-bpf/codegen.cc',
122        'seccomp-bpf/codegen.h',
123        'seccomp-bpf/die.cc',
124        'seccomp-bpf/die.h',
125        'seccomp-bpf/errorcode.cc',
126        'seccomp-bpf/errorcode.h',
127        'seccomp-bpf/instruction.h',
128        'seccomp-bpf/linux_seccomp.h',
129        'seccomp-bpf/sandbox_bpf.cc',
130        'seccomp-bpf/sandbox_bpf.h',
131        'seccomp-bpf/sandbox_bpf_compatibility_policy.h',
132        'seccomp-bpf/sandbox_bpf_policy.h',
133        'seccomp-bpf/syscall.cc',
134        'seccomp-bpf/syscall.h',
135        'seccomp-bpf/syscall_iterator.cc',
136        'seccomp-bpf/syscall_iterator.h',
137        'seccomp-bpf/trap.cc',
138        'seccomp-bpf/trap.h',
139        'seccomp-bpf/verifier.cc',
140        'seccomp-bpf/verifier.h',
141      ],
142      'dependencies': [
143        '../base/base.gyp:base',
144        'sandbox_services_headers',
145      ],
146      'defines': [
147        'SANDBOX_IMPLEMENTATION',
148      ],
149      'include_dirs': [
150        '../..',
151      ],
152    },
153    {
154      'target_name': 'seccomp_bpf_helpers',
155      'type': '<(component)',
156      'sources': [
157        'seccomp-bpf-helpers/baseline_policy.cc',
158        'seccomp-bpf-helpers/baseline_policy.h',
159        'seccomp-bpf-helpers/sigsys_handlers.cc',
160        'seccomp-bpf-helpers/sigsys_handlers.h',
161        'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
162        'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
163        'seccomp-bpf-helpers/syscall_sets.cc',
164        'seccomp-bpf-helpers/syscall_sets.h',
165      ],
166      'dependencies': [
167        '../base/base.gyp:base',
168        'seccomp_bpf',
169      ],
170      'defines': [
171        'SANDBOX_IMPLEMENTATION',
172      ],
173      'include_dirs': [
174        '../..',
175      ],
176    },
177    {
178      # A demonstration program for the seccomp-bpf sandbox.
179      'target_name': 'seccomp_bpf_demo',
180      'conditions': [
181        ['compile_seccomp_bpf_demo==1', {
182          'type': 'executable',
183          'sources': [
184            'seccomp-bpf/demo.cc',
185          ],
186          'dependencies': [
187            'seccomp_bpf',
188          ],
189        }, {
190          'type': 'none',
191        }],
192      ],
193      'include_dirs': [
194        '../../',
195      ],
196    },
197    {
198      # The setuid sandbox, for Linux
199      'target_name': 'chrome_sandbox',
200      'type': 'executable',
201      'sources': [
202        'suid/common/sandbox.h',
203        'suid/common/suid_unsafe_environment_variables.h',
204        'suid/linux_util.c',
205        'suid/linux_util.h',
206        'suid/process_util.h',
207        'suid/process_util_linux.c',
208        'suid/sandbox.c',
209      ],
210      'cflags': [
211        # For ULLONG_MAX
212        '-std=gnu99',
213      ],
214      'include_dirs': [
215        '../..',
216      ],
217    },
218    { 'target_name': 'sandbox_services',
219      'type': '<(component)',
220      'sources': [
221        'services/broker_process.cc',
222        'services/broker_process.h',
223        'services/init_process_reaper.cc',
224        'services/init_process_reaper.h',
225        'services/scoped_process.cc',
226        'services/scoped_process.h',
227        'services/thread_helpers.cc',
228        'services/thread_helpers.h',
229        'services/yama.h',
230        'services/yama.cc',
231      ],
232      'dependencies': [
233        '../base/base.gyp:base',
234      ],
235      'defines': [
236        'SANDBOX_IMPLEMENTATION',
237      ],
238      'conditions': [
239        ['compile_credentials==1', {
240          'sources': [
241            'services/credentials.cc',
242            'services/credentials.h',
243          ],
244          'dependencies': [
245            # for capabilities.cc.
246            '../build/linux/system.gyp:libcap',
247          ],
248        }],
249      ],
250      'include_dirs': [
251        '..',
252      ],
253    },
254    { 'target_name': 'sandbox_services_headers',
255      'type': 'none',
256      'sources': [
257        'services/android_arm_ucontext.h',
258        'services/android_ucontext.h',
259        'services/android_i386_ucontext.h',
260        'services/arm_linux_syscalls.h',
261        'services/linux_syscalls.h',
262        'services/x86_32_linux_syscalls.h',
263        'services/x86_64_linux_syscalls.h',
264      ],
265      'include_dirs': [
266        '..',
267      ],
268    },
269    {
270      # We make this its own target so that it does not interfere
271      # with our tests.
272      'target_name': 'libc_urandom_override',
273      'type': 'static_library',
274      'sources': [
275        'services/libc_urandom_override.cc',
276        'services/libc_urandom_override.h',
277      ],
278      'dependencies': [
279        '../base/base.gyp:base',
280      ],
281      'include_dirs': [
282        '..',
283      ],
284    },
285    {
286      'target_name': 'suid_sandbox_client',
287      'type': '<(component)',
288      'sources': [
289        'suid/common/sandbox.h',
290        'suid/common/suid_unsafe_environment_variables.h',
291        'suid/client/setuid_sandbox_client.cc',
292        'suid/client/setuid_sandbox_client.h',
293      ],
294      'defines': [
295        'SANDBOX_IMPLEMENTATION',
296      ],
297      'dependencies': [
298        '../base/base.gyp:base',
299        'sandbox_services',
300      ],
301      'include_dirs': [
302        '..',
303      ],
304    },
305  ],
306  'conditions': [
307    [ 'OS=="android"', {
308      'targets': [
309        {
310        'target_name': 'sandbox_linux_unittests_stripped',
311        'type': 'none',
312        'dependencies': [ 'sandbox_linux_unittests' ],
313        'actions': [{
314          'action_name': 'strip sandbox_linux_unittests',
315          'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
316          'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
317          'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
318          }],
319        }
320      ],
321    }],
322    # Strategy copied from base_unittests_apk in base/base.gyp.
323    [ 'OS=="android" and gtest_target_type == "shared_library"', {
324      'targets': [
325        {
326        'target_name': 'sandbox_linux_jni_unittests_apk',
327        'type': 'none',
328        'variables': {
329          'test_suite_name': 'sandbox_linux_jni_unittests',
330        },
331        'dependencies': [
332          'sandbox_linux_jni_unittests',
333        ],
334        'includes': [ '../../build/apk_test.gypi' ],
335        }
336      ],
337    }],
338  ],
339}
340