sandbox_linux.gypi revision 0de6073388f4e2780db8536178b129cd8f6ab386
1# Copyright (c) 2012 The Chromium Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5{ 6 'variables': { 7 'conditions': [ 8 ['OS=="linux"', { 9 'compile_suid_client': 1, 10 'compile_credentials': 1, 11 }, { 12 'compile_suid_client': 0, 13 'compile_credentials': 0, 14 }], 15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', { 16 'compile_seccomp_bpf_demo': 1, 17 }, { 18 'compile_seccomp_bpf_demo': 0, 19 }], 20 ], 21 }, 22 'target_defaults': { 23 'target_conditions': [ 24 # All linux/ files will automatically be excluded on Android 25 # so make sure we re-include them explicitly. 26 ['OS == "android"', { 27 'sources/': [ 28 ['include', '^linux/'], 29 ], 30 }], 31 ], 32 }, 33 'targets': [ 34 # We have two principal targets: sandbox and sandbox_linux_unittests 35 # All other targets are listed as dependencies. 36 # There is one notable exception: for historical reasons, chrome_sandbox is 37 # the setuid sandbox and is its own target. 38 { 39 'target_name': 'sandbox', 40 'type': 'none', 41 'dependencies': [ 42 'sandbox_services', 43 ], 44 'conditions': [ 45 [ 'compile_suid_client==1', { 46 'dependencies': [ 47 'suid_sandbox_client', 48 ], 49 }], 50 # Compile seccomp BPF when we support it. 51 [ 'use_seccomp_bpf==1', { 52 'dependencies': [ 53 'seccomp_bpf', 54 'seccomp_bpf_helpers', 55 ], 56 }], 57 ], 58 }, 59 { 60 'target_name': 'sandbox_linux_test_utils', 61 'type': 'static_library', 62 'dependencies': [ 63 '../testing/gtest.gyp:gtest', 64 ], 65 'include_dirs': [ 66 '../..', 67 ], 68 'sources': [ 69 'tests/sandbox_test_runner.h', 70 'tests/sandbox_test_runner_function_pointer.cc', 71 'tests/sandbox_test_runner_function_pointer.h', 72 'tests/test_utils.cc', 73 'tests/test_utils.h', 74 'tests/unit_tests.cc', 75 'tests/unit_tests.h', 76 ], 77 'conditions': [ 78 [ 'use_seccomp_bpf==1', { 79 'sources': [ 80 'seccomp-bpf/bpf_tester_compatibility_delegate.h', 81 'seccomp-bpf/bpf_tests.h', 82 'seccomp-bpf/sandbox_bpf_test_runner.cc', 83 'seccomp-bpf/sandbox_bpf_test_runner.h', 84 ], 85 'dependencies': [ 86 'seccomp_bpf', 87 ] 88 }], 89 ], 90 }, 91 { 92 # The main sandboxing test target. 93 'target_name': 'sandbox_linux_unittests', 94 'includes': [ 95 'sandbox_linux_test_sources.gypi', 96 ], 97 'type': 'executable', 98 }, 99 { 100 # This target is the shared library used by Android APK (i.e. 101 # JNI-friendly) tests. 102 'target_name': 'sandbox_linux_jni_unittests', 103 'includes': [ 104 'sandbox_linux_test_sources.gypi', 105 ], 106 'type': 'shared_library', 107 'conditions': [ 108 [ 'OS == "android" and gtest_target_type == "shared_library"', { 109 'dependencies': [ 110 '../testing/android/native_test.gyp:native_test_native_code', 111 ], 112 }], 113 ], 114 }, 115 { 116 'target_name': 'seccomp_bpf', 117 'type': '<(component)', 118 'sources': [ 119 'seccomp-bpf/basicblock.cc', 120 'seccomp-bpf/basicblock.h', 121 'seccomp-bpf/codegen.cc', 122 'seccomp-bpf/codegen.h', 123 'seccomp-bpf/die.cc', 124 'seccomp-bpf/die.h', 125 'seccomp-bpf/errorcode.cc', 126 'seccomp-bpf/errorcode.h', 127 'seccomp-bpf/instruction.h', 128 'seccomp-bpf/linux_seccomp.h', 129 'seccomp-bpf/sandbox_bpf.cc', 130 'seccomp-bpf/sandbox_bpf.h', 131 'seccomp-bpf/sandbox_bpf_compatibility_policy.h', 132 'seccomp-bpf/sandbox_bpf_policy.h', 133 'seccomp-bpf/syscall.cc', 134 'seccomp-bpf/syscall.h', 135 'seccomp-bpf/syscall_iterator.cc', 136 'seccomp-bpf/syscall_iterator.h', 137 'seccomp-bpf/trap.cc', 138 'seccomp-bpf/trap.h', 139 'seccomp-bpf/verifier.cc', 140 'seccomp-bpf/verifier.h', 141 ], 142 'dependencies': [ 143 '../base/base.gyp:base', 144 'sandbox_services_headers', 145 ], 146 'defines': [ 147 'SANDBOX_IMPLEMENTATION', 148 ], 149 'include_dirs': [ 150 '../..', 151 ], 152 }, 153 { 154 'target_name': 'seccomp_bpf_helpers', 155 'type': '<(component)', 156 'sources': [ 157 'seccomp-bpf-helpers/baseline_policy.cc', 158 'seccomp-bpf-helpers/baseline_policy.h', 159 'seccomp-bpf-helpers/sigsys_handlers.cc', 160 'seccomp-bpf-helpers/sigsys_handlers.h', 161 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc', 162 'seccomp-bpf-helpers/syscall_parameters_restrictions.h', 163 'seccomp-bpf-helpers/syscall_sets.cc', 164 'seccomp-bpf-helpers/syscall_sets.h', 165 ], 166 'dependencies': [ 167 '../base/base.gyp:base', 168 'seccomp_bpf', 169 ], 170 'defines': [ 171 'SANDBOX_IMPLEMENTATION', 172 ], 173 'include_dirs': [ 174 '../..', 175 ], 176 }, 177 { 178 # A demonstration program for the seccomp-bpf sandbox. 179 'target_name': 'seccomp_bpf_demo', 180 'conditions': [ 181 ['compile_seccomp_bpf_demo==1', { 182 'type': 'executable', 183 'sources': [ 184 'seccomp-bpf/demo.cc', 185 ], 186 'dependencies': [ 187 'seccomp_bpf', 188 ], 189 }, { 190 'type': 'none', 191 }], 192 ], 193 'include_dirs': [ 194 '../../', 195 ], 196 }, 197 { 198 # The setuid sandbox, for Linux 199 'target_name': 'chrome_sandbox', 200 'type': 'executable', 201 'sources': [ 202 'suid/common/sandbox.h', 203 'suid/common/suid_unsafe_environment_variables.h', 204 'suid/linux_util.c', 205 'suid/linux_util.h', 206 'suid/process_util.h', 207 'suid/process_util_linux.c', 208 'suid/sandbox.c', 209 ], 210 'cflags': [ 211 # For ULLONG_MAX 212 '-std=gnu99', 213 ], 214 'include_dirs': [ 215 '../..', 216 ], 217 }, 218 { 'target_name': 'sandbox_services', 219 'type': '<(component)', 220 'sources': [ 221 'services/broker_process.cc', 222 'services/broker_process.h', 223 'services/init_process_reaper.cc', 224 'services/init_process_reaper.h', 225 'services/scoped_process.cc', 226 'services/scoped_process.h', 227 'services/thread_helpers.cc', 228 'services/thread_helpers.h', 229 'services/yama.h', 230 'services/yama.cc', 231 ], 232 'dependencies': [ 233 '../base/base.gyp:base', 234 ], 235 'defines': [ 236 'SANDBOX_IMPLEMENTATION', 237 ], 238 'conditions': [ 239 ['compile_credentials==1', { 240 'sources': [ 241 'services/credentials.cc', 242 'services/credentials.h', 243 ], 244 'dependencies': [ 245 # for capabilities.cc. 246 '../build/linux/system.gyp:libcap', 247 ], 248 }], 249 ], 250 'include_dirs': [ 251 '..', 252 ], 253 }, 254 { 'target_name': 'sandbox_services_headers', 255 'type': 'none', 256 'sources': [ 257 'services/android_arm_ucontext.h', 258 'services/android_ucontext.h', 259 'services/android_i386_ucontext.h', 260 'services/arm_linux_syscalls.h', 261 'services/linux_syscalls.h', 262 'services/x86_32_linux_syscalls.h', 263 'services/x86_64_linux_syscalls.h', 264 ], 265 'include_dirs': [ 266 '..', 267 ], 268 }, 269 { 270 # We make this its own target so that it does not interfere 271 # with our tests. 272 'target_name': 'libc_urandom_override', 273 'type': 'static_library', 274 'sources': [ 275 'services/libc_urandom_override.cc', 276 'services/libc_urandom_override.h', 277 ], 278 'dependencies': [ 279 '../base/base.gyp:base', 280 ], 281 'include_dirs': [ 282 '..', 283 ], 284 }, 285 { 286 'target_name': 'suid_sandbox_client', 287 'type': '<(component)', 288 'sources': [ 289 'suid/common/sandbox.h', 290 'suid/common/suid_unsafe_environment_variables.h', 291 'suid/client/setuid_sandbox_client.cc', 292 'suid/client/setuid_sandbox_client.h', 293 ], 294 'defines': [ 295 'SANDBOX_IMPLEMENTATION', 296 ], 297 'dependencies': [ 298 '../base/base.gyp:base', 299 'sandbox_services', 300 ], 301 'include_dirs': [ 302 '..', 303 ], 304 }, 305 ], 306 'conditions': [ 307 [ 'OS=="android"', { 308 'targets': [ 309 { 310 'target_name': 'sandbox_linux_unittests_stripped', 311 'type': 'none', 312 'dependencies': [ 'sandbox_linux_unittests' ], 313 'actions': [{ 314 'action_name': 'strip sandbox_linux_unittests', 315 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ], 316 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ], 317 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ], 318 }], 319 } 320 ], 321 }], 322 # Strategy copied from base_unittests_apk in base/base.gyp. 323 [ 'OS=="android" and gtest_target_type == "shared_library"', { 324 'targets': [ 325 { 326 'target_name': 'sandbox_linux_jni_unittests_apk', 327 'type': 'none', 328 'variables': { 329 'test_suite_name': 'sandbox_linux_jni_unittests', 330 }, 331 'dependencies': [ 332 'sandbox_linux_jni_unittests', 333 ], 334 'includes': [ '../../build/apk_test.gypi' ], 335 } 336 ], 337 }], 338 ], 339} 340