sandbox_linux.gypi revision 116680a4aac90f2aa7413d9095a592090648e557
1# Copyright (c) 2012 The Chromium Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5{ 6 'variables': { 7 'conditions': [ 8 ['OS=="linux"', { 9 'compile_suid_client': 1, 10 'compile_credentials': 1, 11 }, { 12 'compile_suid_client': 0, 13 'compile_credentials': 0, 14 }], 15 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64")', { 16 'compile_seccomp_bpf_demo': 1, 17 }, { 18 'compile_seccomp_bpf_demo': 0, 19 }], 20 ], 21 }, 22 'target_defaults': { 23 'target_conditions': [ 24 # All linux/ files will automatically be excluded on Android 25 # so make sure we re-include them explicitly. 26 ['OS == "android"', { 27 'sources/': [ 28 ['include', '^linux/'], 29 ], 30 }], 31 ], 32 }, 33 'targets': [ 34 # We have two principal targets: sandbox and sandbox_linux_unittests 35 # All other targets are listed as dependencies. 36 # There is one notable exception: for historical reasons, chrome_sandbox is 37 # the setuid sandbox and is its own target. 38 { 39 'target_name': 'sandbox', 40 'type': 'none', 41 'dependencies': [ 42 'sandbox_services', 43 ], 44 'conditions': [ 45 [ 'compile_suid_client==1', { 46 'dependencies': [ 47 'suid_sandbox_client', 48 ], 49 }], 50 # Compile seccomp BPF when we support it. 51 [ 'use_seccomp_bpf==1', { 52 'dependencies': [ 53 'seccomp_bpf', 54 'seccomp_bpf_helpers', 55 ], 56 }], 57 ], 58 }, 59 { 60 'target_name': 'sandbox_linux_test_utils', 61 'type': 'static_library', 62 'dependencies': [ 63 '../testing/gtest.gyp:gtest', 64 ], 65 'include_dirs': [ 66 '../..', 67 ], 68 'sources': [ 69 'tests/sandbox_test_runner.cc', 70 'tests/sandbox_test_runner.h', 71 'tests/sandbox_test_runner_function_pointer.cc', 72 'tests/sandbox_test_runner_function_pointer.h', 73 'tests/test_utils.cc', 74 'tests/test_utils.h', 75 'tests/unit_tests.cc', 76 'tests/unit_tests.h', 77 ], 78 'conditions': [ 79 [ 'use_seccomp_bpf==1', { 80 'sources': [ 81 'seccomp-bpf/bpf_tester_compatibility_delegate.h', 82 'seccomp-bpf/bpf_tests.h', 83 'seccomp-bpf/sandbox_bpf_test_runner.cc', 84 'seccomp-bpf/sandbox_bpf_test_runner.h', 85 ], 86 'dependencies': [ 87 'seccomp_bpf', 88 ] 89 }], 90 ], 91 }, 92 { 93 # The main sandboxing test target. 94 'target_name': 'sandbox_linux_unittests', 95 'includes': [ 96 'sandbox_linux_test_sources.gypi', 97 ], 98 'type': 'executable', 99 }, 100 { 101 # This target is the shared library used by Android APK (i.e. 102 # JNI-friendly) tests. 103 'target_name': 'sandbox_linux_jni_unittests', 104 'includes': [ 105 'sandbox_linux_test_sources.gypi', 106 ], 107 'type': 'shared_library', 108 'conditions': [ 109 [ 'OS == "android"', { 110 'dependencies': [ 111 '../testing/android/native_test.gyp:native_test_native_code', 112 ], 113 }], 114 ], 115 }, 116 { 117 'target_name': 'seccomp_bpf', 118 'type': '<(component)', 119 'sources': [ 120 'bpf_dsl/bpf_dsl.cc', 121 'bpf_dsl/bpf_dsl.h', 122 'bpf_dsl/cons.h', 123 'seccomp-bpf/basicblock.cc', 124 'seccomp-bpf/basicblock.h', 125 'seccomp-bpf/codegen.cc', 126 'seccomp-bpf/codegen.h', 127 'seccomp-bpf/die.cc', 128 'seccomp-bpf/die.h', 129 'seccomp-bpf/errorcode.cc', 130 'seccomp-bpf/errorcode.h', 131 'seccomp-bpf/instruction.h', 132 'seccomp-bpf/linux_seccomp.h', 133 'seccomp-bpf/sandbox_bpf.cc', 134 'seccomp-bpf/sandbox_bpf.h', 135 'seccomp-bpf/sandbox_bpf_compatibility_policy.h', 136 'seccomp-bpf/sandbox_bpf_policy.cc', 137 'seccomp-bpf/sandbox_bpf_policy.h', 138 'seccomp-bpf/syscall.cc', 139 'seccomp-bpf/syscall.h', 140 'seccomp-bpf/syscall_iterator.cc', 141 'seccomp-bpf/syscall_iterator.h', 142 'seccomp-bpf/trap.cc', 143 'seccomp-bpf/trap.h', 144 'seccomp-bpf/verifier.cc', 145 'seccomp-bpf/verifier.h', 146 ], 147 'dependencies': [ 148 '../base/base.gyp:base', 149 'sandbox_services_headers', 150 ], 151 'defines': [ 152 'SANDBOX_IMPLEMENTATION', 153 ], 154 'include_dirs': [ 155 '../..', 156 ], 157 }, 158 { 159 'target_name': 'seccomp_bpf_helpers', 160 'type': '<(component)', 161 'sources': [ 162 'seccomp-bpf-helpers/baseline_policy.cc', 163 'seccomp-bpf-helpers/baseline_policy.h', 164 'seccomp-bpf-helpers/sigsys_handlers.cc', 165 'seccomp-bpf-helpers/sigsys_handlers.h', 166 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc', 167 'seccomp-bpf-helpers/syscall_parameters_restrictions.h', 168 'seccomp-bpf-helpers/syscall_sets.cc', 169 'seccomp-bpf-helpers/syscall_sets.h', 170 ], 171 'dependencies': [ 172 '../base/base.gyp:base', 173 'seccomp_bpf', 174 ], 175 'defines': [ 176 'SANDBOX_IMPLEMENTATION', 177 ], 178 'include_dirs': [ 179 '../..', 180 ], 181 }, 182 { 183 # A demonstration program for the seccomp-bpf sandbox. 184 'target_name': 'seccomp_bpf_demo', 185 'conditions': [ 186 ['compile_seccomp_bpf_demo==1', { 187 'type': 'executable', 188 'sources': [ 189 'seccomp-bpf/demo.cc', 190 ], 191 'dependencies': [ 192 'seccomp_bpf', 193 ], 194 }, { 195 'type': 'none', 196 }], 197 ], 198 'include_dirs': [ 199 '../../', 200 ], 201 }, 202 { 203 # The setuid sandbox, for Linux 204 'target_name': 'chrome_sandbox', 205 'type': 'executable', 206 'sources': [ 207 'suid/common/sandbox.h', 208 'suid/common/suid_unsafe_environment_variables.h', 209 'suid/linux_util.c', 210 'suid/linux_util.h', 211 'suid/process_util.h', 212 'suid/process_util_linux.c', 213 'suid/sandbox.c', 214 ], 215 'cflags': [ 216 # For ULLONG_MAX 217 '-std=gnu99', 218 ], 219 'include_dirs': [ 220 '../..', 221 ], 222 # Do not use any sanitizer tools with this binary. http://crbug.com/382766 223 'cflags/': [ 224 ['exclude', '-fsanitize'], 225 ], 226 'ldflags/': [ 227 ['exclude', '-fsanitize'], 228 ], 229 }, 230 { 'target_name': 'sandbox_services', 231 'type': '<(component)', 232 'sources': [ 233 'services/broker_process.cc', 234 'services/broker_process.h', 235 'services/init_process_reaper.cc', 236 'services/init_process_reaper.h', 237 'services/scoped_process.cc', 238 'services/scoped_process.h', 239 'services/thread_helpers.cc', 240 'services/thread_helpers.h', 241 'services/yama.h', 242 'services/yama.cc', 243 ], 244 'dependencies': [ 245 '../base/base.gyp:base', 246 ], 247 'defines': [ 248 'SANDBOX_IMPLEMENTATION', 249 ], 250 'conditions': [ 251 ['compile_credentials==1', { 252 'sources': [ 253 'services/credentials.cc', 254 'services/credentials.h', 255 ], 256 'dependencies': [ 257 # for capabilities.cc. 258 '../build/linux/system.gyp:libcap', 259 ], 260 }], 261 ], 262 'include_dirs': [ 263 '..', 264 ], 265 }, 266 { 'target_name': 'sandbox_services_headers', 267 'type': 'none', 268 'sources': [ 269 'services/android_arm_ucontext.h', 270 'services/android_futex.h', 271 'services/android_ucontext.h', 272 'services/android_i386_ucontext.h', 273 'services/arm_linux_syscalls.h', 274 'services/linux_syscalls.h', 275 'services/x86_32_linux_syscalls.h', 276 'services/x86_64_linux_syscalls.h', 277 ], 278 'include_dirs': [ 279 '..', 280 ], 281 }, 282 { 283 # We make this its own target so that it does not interfere 284 # with our tests. 285 'target_name': 'libc_urandom_override', 286 'type': 'static_library', 287 'sources': [ 288 'services/libc_urandom_override.cc', 289 'services/libc_urandom_override.h', 290 ], 291 'dependencies': [ 292 '../base/base.gyp:base', 293 ], 294 'include_dirs': [ 295 '..', 296 ], 297 }, 298 { 299 'target_name': 'suid_sandbox_client', 300 'type': '<(component)', 301 'sources': [ 302 'suid/common/sandbox.h', 303 'suid/common/suid_unsafe_environment_variables.h', 304 'suid/client/setuid_sandbox_client.cc', 305 'suid/client/setuid_sandbox_client.h', 306 ], 307 'defines': [ 308 'SANDBOX_IMPLEMENTATION', 309 ], 310 'dependencies': [ 311 '../base/base.gyp:base', 312 'sandbox_services', 313 ], 314 'include_dirs': [ 315 '..', 316 ], 317 }, 318 ], 319 'conditions': [ 320 [ 'OS=="android"', { 321 'targets': [ 322 { 323 'target_name': 'sandbox_linux_unittests_stripped', 324 'type': 'none', 325 'dependencies': [ 'sandbox_linux_unittests' ], 326 'actions': [{ 327 'action_name': 'strip sandbox_linux_unittests', 328 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ], 329 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ], 330 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ], 331 }], 332 } 333 ], 334 }], 335 [ 'OS=="android"', { 336 'targets': [ 337 { 338 'target_name': 'sandbox_linux_jni_unittests_apk', 339 'type': 'none', 340 'variables': { 341 'test_suite_name': 'sandbox_linux_jni_unittests', 342 }, 343 'dependencies': [ 344 'sandbox_linux_jni_unittests', 345 ], 346 'includes': [ '../../build/apk_test.gypi' ], 347 } 348 ], 349 }], 350 ['test_isolation_mode != "noop"', { 351 'targets': [ 352 { 353 'target_name': 'sandbox_linux_unittests_run', 354 'type': 'none', 355 'dependencies': [ 356 'sandbox_linux_unittests', 357 ], 358 'includes': [ 359 '../../build/isolate.gypi', 360 '../sandbox_linux_unittests.isolate', 361 ], 362 'sources': [ 363 '../sandbox_linux_unittests.isolate', 364 ], 365 }, 366 ], 367 }], 368 ], 369} 370