| OLD | NEW |
|---|
| 1 # Copyright 2014 The Chromium Authors. All rights reserved. | 1 # Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 # Use of this source code is governed by a BSD-style license that can be | 2 # Use of this source code is governed by a BSD-style license that can be |
| 3 # found in the LICENSE file. | 3 # found in the LICENSE file. |
| 4 | 4 |
| 5 import("//build/config/features.gni") | 5 import("//build/config/features.gni") |
| 6 import("//build/config/nacl/config.gni") |
| 6 import("//testing/test.gni") | 7 import("//testing/test.gni") |
| 7 | 8 |
| 8 declare_args() { | 9 declare_args() { |
| 9 compile_suid_client = is_linux | 10 compile_suid_client = is_linux |
| 10 | 11 |
| 11 compile_credentials = is_linux | 12 compile_credentials = is_linux |
| 12 | 13 |
| 13 # On Android, use plain GTest. | 14 # On Android, use plain GTest. |
| 14 use_base_test_suite = is_linux | 15 use_base_test_suite = is_linux |
| 15 } | 16 } |
| 16 | 17 |
| 18 if (is_nacl_nonsfi) { |
| 19 config("nacl_nonsfi_warnings") { |
| 20 # There are number of platform specific functions in |
| 21 # seccomp-bpf syscall helpers, which are not being used. |
| 22 cflags = [ "-Wno-unused-function" ] |
| 23 } |
| 24 } |
| 25 |
| 17 # We have two principal targets: sandbox and sandbox_linux_unittests | 26 # We have two principal targets: sandbox and sandbox_linux_unittests |
| 18 # All other targets are listed as dependencies. | 27 # All other targets are listed as dependencies. |
| 19 # There is one notable exception: for historical reasons, chrome_sandbox is | 28 # There is one notable exception: for historical reasons, chrome_sandbox is |
| 20 # the setuid sandbox and is its own target. | 29 # the setuid sandbox and is its own target. |
| 21 | 30 |
| 22 group("sandbox") { | 31 group("sandbox") { |
| 23 deps = [ | 32 deps = [ |
| 24 ":sandbox_services", | 33 ":sandbox_services", |
| 25 ] | 34 ] |
| 26 | 35 |
| 27 if (compile_suid_client) { | 36 if (compile_suid_client || is_nacl_nonsfi) { |
| 28 deps += [ ":suid_sandbox_client" ] | 37 deps += [ ":suid_sandbox_client" ] |
| 29 } | 38 } |
| 30 if (use_seccomp_bpf) { | 39 if (use_seccomp_bpf || is_nacl_nonsfi) { |
| 31 deps += [ | 40 deps += [ |
| 32 ":seccomp_bpf", | 41 ":seccomp_bpf", |
| 33 ":seccomp_bpf_helpers", | 42 ":seccomp_bpf_helpers", |
| 34 ] | 43 ] |
| 35 } | 44 } |
| 36 } | 45 } |
| 37 | 46 |
| 38 source_set("sandbox_linux_test_utils") { | 47 source_set("sandbox_linux_test_utils") { |
| 39 testonly = true | 48 testonly = true |
| 40 sources = [ | 49 sources = [ |
| (...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 236 "seccomp-bpf/trap.cc", | 245 "seccomp-bpf/trap.cc", |
| 237 "seccomp-bpf/trap.h", | 246 "seccomp-bpf/trap.h", |
| 238 ] | 247 ] |
| 239 defines = [ "SANDBOX_IMPLEMENTATION" ] | 248 defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 240 | 249 |
| 241 deps = [ | 250 deps = [ |
| 242 ":sandbox_services", | 251 ":sandbox_services", |
| 243 ":sandbox_services_headers", | 252 ":sandbox_services_headers", |
| 244 "//base", | 253 "//base", |
| 245 ] | 254 ] |
| 255 |
| 256 if (is_nacl_nonsfi) { |
| 257 cflags = [ "-fgnu-inline-asm" ] |
| 258 sources -= [ |
| 259 "bpf_dsl/bpf_dsl_forward.h", |
| 260 "bpf_dsl/bpf_dsl_impl.h", |
| 261 "bpf_dsl/cons.h", |
| 262 "bpf_dsl/errorcode.h", |
| 263 "bpf_dsl/linux_syscall_ranges.h", |
| 264 "bpf_dsl/seccomp_macros.h", |
| 265 "bpf_dsl/trap_registry.h", |
| 266 ] |
| 267 } |
| 246 } | 268 } |
| 247 | 269 |
| 248 component("seccomp_bpf_helpers") { | 270 component("seccomp_bpf_helpers") { |
| 249 sources = [ | 271 sources = [ |
| 250 "seccomp-bpf-helpers/baseline_policy.cc", | 272 "seccomp-bpf-helpers/baseline_policy.cc", |
| 251 "seccomp-bpf-helpers/baseline_policy.h", | 273 "seccomp-bpf-helpers/baseline_policy.h", |
| 252 "seccomp-bpf-helpers/sigsys_handlers.cc", | 274 "seccomp-bpf-helpers/sigsys_handlers.cc", |
| 253 "seccomp-bpf-helpers/sigsys_handlers.h", | 275 "seccomp-bpf-helpers/sigsys_handlers.h", |
| 254 "seccomp-bpf-helpers/syscall_parameters_restrictions.cc", | 276 "seccomp-bpf-helpers/syscall_parameters_restrictions.cc", |
| 255 "seccomp-bpf-helpers/syscall_parameters_restrictions.h", | 277 "seccomp-bpf-helpers/syscall_parameters_restrictions.h", |
| 256 "seccomp-bpf-helpers/syscall_sets.cc", | 278 "seccomp-bpf-helpers/syscall_sets.cc", |
| 257 "seccomp-bpf-helpers/syscall_sets.h", | 279 "seccomp-bpf-helpers/syscall_sets.h", |
| 258 ] | 280 ] |
| 259 defines = [ "SANDBOX_IMPLEMENTATION" ] | 281 defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 260 | 282 |
| 261 deps = [ | 283 deps = [ |
| 262 "//base", | 284 "//base", |
| 263 ":sandbox_services", | 285 ":sandbox_services", |
| 264 ":seccomp_bpf", | 286 ":seccomp_bpf", |
| 265 ] | 287 ] |
| 288 |
| 289 if (is_nacl_nonsfi) { |
| 290 sources -= [ |
| 291 "seccomp-bpf-helpers/baseline_policy.cc", |
| 292 "seccomp-bpf-helpers/baseline_policy.h", |
| 293 "seccomp-bpf-helpers/syscall_sets.cc", |
| 294 "seccomp-bpf-helpers/syscall_sets.h", |
| 295 ] |
| 296 configs += [ ":nacl_nonsfi_warnings" ] |
| 297 } |
| 266 } | 298 } |
| 267 | 299 |
| 268 if (is_linux) { | 300 if (is_linux) { |
| 269 # The setuid sandbox for Linux. | 301 # The setuid sandbox for Linux. |
| 270 executable("chrome_sandbox") { | 302 executable("chrome_sandbox") { |
| 271 sources = [ | 303 sources = [ |
| 272 "suid/common/sandbox.h", | 304 "suid/common/sandbox.h", |
| 273 "suid/common/suid_unsafe_environment_variables.h", | 305 "suid/common/suid_unsafe_environment_variables.h", |
| 274 "suid/process_util.h", | 306 "suid/process_util.h", |
| 275 "suid/process_util_linux.c", | 307 "suid/process_util_linux.c", |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 321 "syscall_broker/broker_process.cc", | 353 "syscall_broker/broker_process.cc", |
| 322 "syscall_broker/broker_process.h", | 354 "syscall_broker/broker_process.h", |
| 323 ] | 355 ] |
| 324 | 356 |
| 325 defines = [ "SANDBOX_IMPLEMENTATION" ] | 357 defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 326 | 358 |
| 327 deps = [ | 359 deps = [ |
| 328 "//base", | 360 "//base", |
| 329 ] | 361 ] |
| 330 | 362 |
| 331 if (compile_credentials) { | 363 if (compile_credentials || is_nacl_nonsfi) { |
| 332 sources += [ | 364 sources += [ |
| 333 "services/credentials.cc", | 365 "services/credentials.cc", |
| 334 "services/credentials.h", | 366 "services/credentials.h", |
| 335 "services/namespace_sandbox.cc", | 367 "services/namespace_sandbox.cc", |
| 336 "services/namespace_sandbox.h", | 368 "services/namespace_sandbox.h", |
| 337 "services/namespace_utils.cc", | 369 "services/namespace_utils.cc", |
| 338 "services/namespace_utils.h", | 370 "services/namespace_utils.h", |
| 339 ] | 371 ] |
| 340 | 372 |
| 341 deps += [ ":sandbox_services_headers" ] | 373 deps += [ ":sandbox_services_headers" ] |
| 342 } | 374 } |
| 375 |
| 376 if (is_nacl_nonsfi) { |
| 377 sources -= [ |
| 378 "services/init_process_reaper.cc", |
| 379 "services/init_process_reaper.h", |
| 380 "services/scoped_process.cc", |
| 381 "services/scoped_process.h", |
| 382 "services/yama.cc", |
| 383 "services/yama.h", |
| 384 "syscall_broker/broker_channel.cc", |
| 385 "syscall_broker/broker_channel.h", |
| 386 "syscall_broker/broker_client.cc", |
| 387 "syscall_broker/broker_client.h", |
| 388 "syscall_broker/broker_common.h", |
| 389 "syscall_broker/broker_file_permission.cc", |
| 390 "syscall_broker/broker_file_permission.h", |
| 391 "syscall_broker/broker_host.cc", |
| 392 "syscall_broker/broker_host.h", |
| 393 "syscall_broker/broker_policy.cc", |
| 394 "syscall_broker/broker_policy.h", |
| 395 "syscall_broker/broker_process.cc", |
| 396 "syscall_broker/broker_process.h", |
| 397 ] |
| 398 } |
| 343 } | 399 } |
| 344 | 400 |
| 345 source_set("sandbox_services_headers") { | 401 source_set("sandbox_services_headers") { |
| 346 sources = [ | 402 sources = [ |
| 347 "system_headers/arm64_linux_syscalls.h", | 403 "system_headers/arm64_linux_syscalls.h", |
| 348 "system_headers/arm64_linux_ucontext.h", | 404 "system_headers/arm64_linux_ucontext.h", |
| 349 "system_headers/arm_linux_syscalls.h", | 405 "system_headers/arm_linux_syscalls.h", |
| 350 "system_headers/arm_linux_ucontext.h", | 406 "system_headers/arm_linux_ucontext.h", |
| 351 "system_headers/i386_linux_ucontext.h", | 407 "system_headers/i386_linux_ucontext.h", |
| 352 "system_headers/linux_futex.h", | 408 "system_headers/linux_futex.h", |
| 353 "system_headers/linux_seccomp.h", | 409 "system_headers/linux_seccomp.h", |
| 354 "system_headers/linux_signal.h", | 410 "system_headers/linux_signal.h", |
| 355 "system_headers/linux_syscalls.h", | 411 "system_headers/linux_syscalls.h", |
| 356 "system_headers/linux_time.h", | 412 "system_headers/linux_time.h", |
| 357 "system_headers/linux_ucontext.h", | 413 "system_headers/linux_ucontext.h", |
| 358 "system_headers/x86_32_linux_syscalls.h", | 414 "system_headers/x86_32_linux_syscalls.h", |
| 359 "system_headers/x86_64_linux_syscalls.h", | 415 "system_headers/x86_64_linux_syscalls.h", |
| 360 ] | 416 ] |
| 361 } | 417 } |
| 362 | 418 |
| 363 if (compile_suid_client) { | 419 if (compile_suid_client || is_nacl_nonsfi) { |
| 364 component("suid_sandbox_client") { | 420 component("suid_sandbox_client") { |
| 365 sources = [ | 421 sources = [ |
| 366 "suid/client/setuid_sandbox_client.cc", | 422 "suid/client/setuid_sandbox_client.cc", |
| 367 "suid/client/setuid_sandbox_client.h", | 423 "suid/client/setuid_sandbox_client.h", |
| 368 "suid/client/setuid_sandbox_host.cc", | 424 "suid/client/setuid_sandbox_host.cc", |
| 369 "suid/client/setuid_sandbox_host.h", | 425 "suid/client/setuid_sandbox_host.h", |
| 370 "suid/common/sandbox.h", | 426 "suid/common/sandbox.h", |
| 371 "suid/common/suid_unsafe_environment_variables.h", | 427 "suid/common/suid_unsafe_environment_variables.h", |
| 372 ] | 428 ] |
| 373 defines = [ "SANDBOX_IMPLEMENTATION" ] | 429 defines = [ "SANDBOX_IMPLEMENTATION" ] |
| 374 | 430 |
| 375 deps = [ | 431 deps = [ |
| 376 ":sandbox_services", | 432 ":sandbox_services", |
| 377 "//base", | 433 "//base", |
| 378 ] | 434 ] |
| 435 |
| 436 if (is_nacl_nonsfi) { |
| 437 sources -= [ |
| 438 "suid/client/setuid_sandbox_host.cc", |
| 439 "suid/client/setuid_sandbox_host.h", |
| 440 "suid/common/sandbox.h", |
| 441 "suid/common/suid_unsafe_environment_variables.h", |
| 442 ] |
| 443 } |
| 379 } | 444 } |
| 380 } | 445 } |
| 381 | 446 |
| 382 if (is_android) { | 447 if (is_android) { |
| 383 # TODO(GYP) enable this. Needs an android_strip wrapper python script. | 448 # TODO(GYP) enable this. Needs an android_strip wrapper python script. |
| 384 #action("sandbox_linux_unittests_stripped") { | 449 #action("sandbox_linux_unittests_stripped") { |
| 385 # script = "android_stip.py" | 450 # script = "android_stip.py" |
| 386 # | 451 # |
| 387 # in_file = "$root_out_dir/sandbox_linux_unittests" | 452 # in_file = "$root_out_dir/sandbox_linux_unittests" |
| 388 # | 453 # |
| (...skipping 15 matching lines...) Expand all Loading... |
| 404 # 'type': 'none', | 469 # 'type': 'none', |
| 405 # 'variables': { | 470 # 'variables': { |
| 406 # 'test_suite_name': 'sandbox_linux_jni_unittests', | 471 # 'test_suite_name': 'sandbox_linux_jni_unittests', |
| 407 # }, | 472 # }, |
| 408 # 'dependencies': [ | 473 # 'dependencies': [ |
| 409 # 'sandbox_linux_jni_unittests', | 474 # 'sandbox_linux_jni_unittests', |
| 410 # ], | 475 # ], |
| 411 # 'includes': [ '../../build/apk_test.gypi' ], | 476 # 'includes': [ '../../build/apk_test.gypi' ], |
| 412 # } | 477 # } |
| 413 } | 478 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1395573003:
Build nacl_helper_nonsfi with GN (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master