sandbox_linux.gypi revision 116680a4aac90f2aa7413d9095a592090648e557 
1# Copyright (c) 2012 The Chromium Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5{
6  'variables': {
7    'conditions': [
8      ['OS=="linux"', {
9        'compile_suid_client': 1,
10        'compile_credentials': 1,
11      }, {
12        'compile_suid_client': 0,
13        'compile_credentials': 0,
14      }],
15      ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', {
16        'compile_seccomp_bpf_demo': 1,
17      }, {
18        'compile_seccomp_bpf_demo': 0,
19      }],
20    ],
21  },
22  'target_defaults': {
23    'target_conditions': [
24      # All linux/ files will automatically be excluded on Android
25      # so make sure we re-include them explicitly.
26      ['OS == "android"', {
27        'sources/': [
28          ['include', '^linux/'],
29        ],
30      }],
31    ],
32  },
33  'targets': [
34    # We have two principal targets: sandbox and sandbox_linux_unittests
35    # All other targets are listed as dependencies.
36    # There is one notable exception: for historical reasons, chrome_sandbox is
37    # the setuid sandbox and is its own target.
38    {
39      'target_name': 'sandbox',
40      'type': 'none',
41      'dependencies': [
42        'sandbox_services',
43      ],
44      'conditions': [
45        [ 'compile_suid_client==1', {
46          'dependencies': [
47            'suid_sandbox_client',
48          ],
49        }],
50        # Compile seccomp BPF when we support it.
51        [ 'use_seccomp_bpf==1', {
52          'dependencies': [
53            'seccomp_bpf',
54            'seccomp_bpf_helpers',
55          ],
56        }],
57      ],
58    },
59    {
60      'target_name': 'sandbox_linux_test_utils',
61      'type': 'static_library',
62      'dependencies': [
63        '../testing/gtest.gyp:gtest',
64      ],
65      'include_dirs': [
66        '../..',
67      ],
68      'sources': [
69        'tests/sandbox_test_runner.cc',
70        'tests/sandbox_test_runner.h',
71        'tests/sandbox_test_runner_function_pointer.cc',
72        'tests/sandbox_test_runner_function_pointer.h',
73        'tests/test_utils.cc',
74        'tests/test_utils.h',
75        'tests/unit_tests.cc',
76        'tests/unit_tests.h',
77      ],
78      'conditions': [
79        [ 'use_seccomp_bpf==1', {
80          'sources': [
81            'seccomp-bpf/bpf_tester_compatibility_delegate.h',
82            'seccomp-bpf/bpf_tests.h',
83            'seccomp-bpf/sandbox_bpf_test_runner.cc',
84            'seccomp-bpf/sandbox_bpf_test_runner.h',
85          ],
86          'dependencies': [
87            'seccomp_bpf',
88          ]
89        }],
90      ],
91    },
92    {
93      # The main sandboxing test target.
94      'target_name': 'sandbox_linux_unittests',
95      'includes': [
96        'sandbox_linux_test_sources.gypi',
97      ],
98      'type': 'executable',
99    },
100    {
101      # This target is the shared library used by Android APK (i.e.
102      # JNI-friendly) tests.
103      'target_name': 'sandbox_linux_jni_unittests',
104      'includes': [
105        'sandbox_linux_test_sources.gypi',
106      ],
107      'type': 'shared_library',
108      'conditions': [
109        [ 'OS == "android"', {
110          'dependencies': [
111            '../testing/android/native_test.gyp:native_test_native_code',
112          ],
113        }],
114      ],
115    },
116    {
117      'target_name': 'seccomp_bpf',
118      'type': '<(component)',
119      'sources': [
120        'bpf_dsl/bpf_dsl.cc',
121        'bpf_dsl/bpf_dsl.h',
122        'bpf_dsl/cons.h',
123        'seccomp-bpf/basicblock.cc',
124        'seccomp-bpf/basicblock.h',
125        'seccomp-bpf/codegen.cc',
126        'seccomp-bpf/codegen.h',
127        'seccomp-bpf/die.cc',
128        'seccomp-bpf/die.h',
129        'seccomp-bpf/errorcode.cc',
130        'seccomp-bpf/errorcode.h',
131        'seccomp-bpf/instruction.h',
132        'seccomp-bpf/linux_seccomp.h',
133        'seccomp-bpf/sandbox_bpf.cc',
134        'seccomp-bpf/sandbox_bpf.h',
135        'seccomp-bpf/sandbox_bpf_compatibility_policy.h',
136        'seccomp-bpf/sandbox_bpf_policy.cc',
137        'seccomp-bpf/sandbox_bpf_policy.h',
138        'seccomp-bpf/syscall.cc',
139        'seccomp-bpf/syscall.h',
140        'seccomp-bpf/syscall_iterator.cc',
141        'seccomp-bpf/syscall_iterator.h',
142        'seccomp-bpf/trap.cc',
143        'seccomp-bpf/trap.h',
144        'seccomp-bpf/verifier.cc',
145        'seccomp-bpf/verifier.h',
146      ],
147      'dependencies': [
148        '../base/base.gyp:base',
149        'sandbox_services_headers',
150      ],
151      'defines': [
152        'SANDBOX_IMPLEMENTATION',
153      ],
154      'include_dirs': [
155        '../..',
156      ],
157    },
158    {
159      'target_name': 'seccomp_bpf_helpers',
160      'type': '<(component)',
161      'sources': [
162        'seccomp-bpf-helpers/baseline_policy.cc',
163        'seccomp-bpf-helpers/baseline_policy.h',
164        'seccomp-bpf-helpers/sigsys_handlers.cc',
165        'seccomp-bpf-helpers/sigsys_handlers.h',
166        'seccomp-bpf-helpers/syscall_parameters_restrictions.cc',
167        'seccomp-bpf-helpers/syscall_parameters_restrictions.h',
168        'seccomp-bpf-helpers/syscall_sets.cc',
169        'seccomp-bpf-helpers/syscall_sets.h',
170      ],
171      'dependencies': [
172        '../base/base.gyp:base',
173        'seccomp_bpf',
174      ],
175      'defines': [
176        'SANDBOX_IMPLEMENTATION',
177      ],
178      'include_dirs': [
179        '../..',
180      ],
181    },
182    {
183      # A demonstration program for the seccomp-bpf sandbox.
184      'target_name': 'seccomp_bpf_demo',
185      'conditions': [
186        ['compile_seccomp_bpf_demo==1', {
187          'type': 'executable',
188          'sources': [
189            'seccomp-bpf/demo.cc',
190          ],
191          'dependencies': [
192            'seccomp_bpf',
193          ],
194        }, {
195          'type': 'none',
196        }],
197      ],
198      'include_dirs': [
199        '../../',
200      ],
201    },
202    {
203      # The setuid sandbox, for Linux
204      'target_name': 'chrome_sandbox',
205      'type': 'executable',
206      'sources': [
207        'suid/common/sandbox.h',
208        'suid/common/suid_unsafe_environment_variables.h',
209        'suid/linux_util.c',
210        'suid/linux_util.h',
211        'suid/process_util.h',
212        'suid/process_util_linux.c',
213        'suid/sandbox.c',
214      ],
215      'cflags': [
216        # For ULLONG_MAX
217        '-std=gnu99',
218      ],
219      'include_dirs': [
220        '../..',
221      ],
222      # Do not use any sanitizer tools with this binary. http://crbug.com/382766
223      'cflags/': [
224        ['exclude', '-fsanitize'],
225      ],
226      'ldflags/': [
227        ['exclude', '-fsanitize'],
228      ],
229    },
230    { 'target_name': 'sandbox_services',
231      'type': '<(component)',
232      'sources': [
233        'services/broker_process.cc',
234        'services/broker_process.h',
235        'services/init_process_reaper.cc',
236        'services/init_process_reaper.h',
237        'services/scoped_process.cc',
238        'services/scoped_process.h',
239        'services/thread_helpers.cc',
240        'services/thread_helpers.h',
241        'services/yama.h',
242        'services/yama.cc',
243      ],
244      'dependencies': [
245        '../base/base.gyp:base',
246      ],
247      'defines': [
248        'SANDBOX_IMPLEMENTATION',
249      ],
250      'conditions': [
251        ['compile_credentials==1', {
252          'sources': [
253            'services/credentials.cc',
254            'services/credentials.h',
255          ],
256          'dependencies': [
257            # for capabilities.cc.
258            '../build/linux/system.gyp:libcap',
259          ],
260        }],
261      ],
262      'include_dirs': [
263        '..',
264      ],
265    },
266    { 'target_name': 'sandbox_services_headers',
267      'type': 'none',
268      'sources': [
269        'services/android_arm_ucontext.h',
270        'services/android_futex.h',
271        'services/android_ucontext.h',
272        'services/android_i386_ucontext.h',
273        'services/arm_linux_syscalls.h',
274        'services/linux_syscalls.h',
275        'services/x86_32_linux_syscalls.h',
276        'services/x86_64_linux_syscalls.h',
277      ],
278      'include_dirs': [
279        '..',
280      ],
281    },
282    {
283      # We make this its own target so that it does not interfere
284      # with our tests.
285      'target_name': 'libc_urandom_override',
286      'type': 'static_library',
287      'sources': [
288        'services/libc_urandom_override.cc',
289        'services/libc_urandom_override.h',
290      ],
291      'dependencies': [
292        '../base/base.gyp:base',
293      ],
294      'include_dirs': [
295        '..',
296      ],
297    },
298    {
299      'target_name': 'suid_sandbox_client',
300      'type': '<(component)',
301      'sources': [
302        'suid/common/sandbox.h',
303        'suid/common/suid_unsafe_environment_variables.h',
304        'suid/client/setuid_sandbox_client.cc',
305        'suid/client/setuid_sandbox_client.h',
306      ],
307      'defines': [
308        'SANDBOX_IMPLEMENTATION',
309      ],
310      'dependencies': [
311        '../base/base.gyp:base',
312        'sandbox_services',
313      ],
314      'include_dirs': [
315        '..',
316      ],
317    },
318  ],
319  'conditions': [
320    [ 'OS=="android"', {
321      'targets': [
322        {
323        'target_name': 'sandbox_linux_unittests_stripped',
324        'type': 'none',
325        'dependencies': [ 'sandbox_linux_unittests' ],
326        'actions': [{
327          'action_name': 'strip sandbox_linux_unittests',
328          'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ],
329          'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ],
330          'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ],
331          }],
332        }
333      ],
334    }],
335    [ 'OS=="android"', {
336      'targets': [
337        {
338        'target_name': 'sandbox_linux_jni_unittests_apk',
339        'type': 'none',
340        'variables': {
341          'test_suite_name': 'sandbox_linux_jni_unittests',
342        },
343        'dependencies': [
344          'sandbox_linux_jni_unittests',
345        ],
346        'includes': [ '../../build/apk_test.gypi' ],
347        }
348      ],
349    }],
350    ['test_isolation_mode != "noop"', {
351      'targets': [
352        {
353          'target_name': 'sandbox_linux_unittests_run',
354          'type': 'none',
355          'dependencies': [
356            'sandbox_linux_unittests',
357          ],
358          'includes': [
359            '../../build/isolate.gypi',
360            '../sandbox_linux_unittests.isolate',
361          ],
362          'sources': [
363            '../sandbox_linux_unittests.isolate',
364          ],
365        },
366      ],
367    }],
368  ],
369}
370