OLD | NEW |
| (Empty) |
1 # Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 # Use of this source code is governed by a BSD-style license that can be | |
3 # found in the LICENSE file. | |
4 | |
5 { | |
6 'variables': { | |
7 'conditions': [ | |
8 ['OS=="linux"', { | |
9 'compile_suid_client': 1, | |
10 'compile_credentials': 1, | |
11 'use_base_test_suite': 1, | |
12 }, { | |
13 'compile_suid_client': 0, | |
14 'compile_credentials': 0, | |
15 'use_base_test_suite': 0, | |
16 }], | |
17 ['OS=="linux" and (target_arch=="ia32" or target_arch=="x64" or ' | |
18 'target_arch=="mipsel")', { | |
19 'compile_seccomp_bpf_demo': 1, | |
20 }, { | |
21 'compile_seccomp_bpf_demo': 0, | |
22 }], | |
23 ], | |
24 }, | |
25 'target_defaults': { | |
26 'target_conditions': [ | |
27 # All linux/ files will automatically be excluded on Android | |
28 # so make sure we re-include them explicitly. | |
29 ['OS == "android"', { | |
30 'sources/': [ | |
31 ['include', '^linux/'], | |
32 ], | |
33 }], | |
34 ], | |
35 }, | |
36 'targets': [ | |
37 # We have two principal targets: sandbox and sandbox_linux_unittests | |
38 # All other targets are listed as dependencies. | |
39 # There is one notable exception: for historical reasons, chrome_sandbox is | |
40 # the setuid sandbox and is its own target. | |
41 { | |
42 'target_name': 'sandbox', | |
43 'type': 'none', | |
44 'dependencies': [ | |
45 'sandbox_services', | |
46 ], | |
47 'conditions': [ | |
48 [ 'compile_suid_client==1', { | |
49 'dependencies': [ | |
50 'suid_sandbox_client', | |
51 ], | |
52 }], | |
53 # Compile seccomp BPF when we support it. | |
54 [ 'use_seccomp_bpf==1', { | |
55 'dependencies': [ | |
56 'seccomp_bpf', | |
57 'seccomp_bpf_helpers', | |
58 ], | |
59 }], | |
60 ], | |
61 }, | |
62 { | |
63 'target_name': 'sandbox_linux_test_utils', | |
64 'type': 'static_library', | |
65 'dependencies': [ | |
66 '../testing/gtest.gyp:gtest', | |
67 ], | |
68 'include_dirs': [ | |
69 '../..', | |
70 ], | |
71 'sources': [ | |
72 'tests/sandbox_test_runner.cc', | |
73 'tests/sandbox_test_runner.h', | |
74 'tests/sandbox_test_runner_function_pointer.cc', | |
75 'tests/sandbox_test_runner_function_pointer.h', | |
76 'tests/test_utils.cc', | |
77 'tests/test_utils.h', | |
78 'tests/unit_tests.cc', | |
79 'tests/unit_tests.h', | |
80 ], | |
81 'conditions': [ | |
82 [ 'use_seccomp_bpf==1', { | |
83 'sources': [ | |
84 'seccomp-bpf/bpf_tester_compatibility_delegate.h', | |
85 'seccomp-bpf/bpf_tests.h', | |
86 'seccomp-bpf/sandbox_bpf_test_runner.cc', | |
87 'seccomp-bpf/sandbox_bpf_test_runner.h', | |
88 ], | |
89 'dependencies': [ | |
90 'seccomp_bpf', | |
91 ] | |
92 }], | |
93 [ 'use_base_test_suite==1', { | |
94 'dependencies': [ | |
95 '../base/base.gyp:test_support_base', | |
96 ], | |
97 'defines': [ | |
98 'SANDBOX_USES_BASE_TEST_SUITE', | |
99 ], | |
100 }], | |
101 ], | |
102 }, | |
103 { | |
104 # The main sandboxing test target. | |
105 'target_name': 'sandbox_linux_unittests', | |
106 'includes': [ | |
107 'sandbox_linux_test_sources.gypi', | |
108 ], | |
109 'type': 'executable', | |
110 }, | |
111 { | |
112 # This target is the shared library used by Android APK (i.e. | |
113 # JNI-friendly) tests. | |
114 'target_name': 'sandbox_linux_jni_unittests', | |
115 'includes': [ | |
116 'sandbox_linux_test_sources.gypi', | |
117 ], | |
118 'type': 'shared_library', | |
119 'conditions': [ | |
120 [ 'OS == "android"', { | |
121 'dependencies': [ | |
122 '../testing/android/native_test.gyp:native_test_native_code', | |
123 ], | |
124 }], | |
125 ], | |
126 }, | |
127 { | |
128 'target_name': 'seccomp_bpf', | |
129 'type': '<(component)', | |
130 'sources': [ | |
131 'bpf_dsl/bpf_dsl.cc', | |
132 'bpf_dsl/bpf_dsl.h', | |
133 'bpf_dsl/bpf_dsl_forward.h', | |
134 'bpf_dsl/bpf_dsl_impl.h', | |
135 'bpf_dsl/codegen.cc', | |
136 'bpf_dsl/codegen.h', | |
137 'bpf_dsl/cons.h', | |
138 'bpf_dsl/errorcode.h', | |
139 'bpf_dsl/linux_syscall_ranges.h', | |
140 'bpf_dsl/policy.cc', | |
141 'bpf_dsl/policy.h', | |
142 'bpf_dsl/policy_compiler.cc', | |
143 'bpf_dsl/policy_compiler.h', | |
144 'bpf_dsl/seccomp_macros.h', | |
145 'bpf_dsl/seccomp_macros.h', | |
146 'bpf_dsl/syscall_set.cc', | |
147 'bpf_dsl/syscall_set.h', | |
148 'bpf_dsl/trap_registry.h', | |
149 'seccomp-bpf/die.cc', | |
150 'seccomp-bpf/die.h', | |
151 'seccomp-bpf/sandbox_bpf.cc', | |
152 'seccomp-bpf/sandbox_bpf.h', | |
153 'seccomp-bpf/syscall.cc', | |
154 'seccomp-bpf/syscall.h', | |
155 'seccomp-bpf/trap.cc', | |
156 'seccomp-bpf/trap.h', | |
157 ], | |
158 'dependencies': [ | |
159 '../base/base.gyp:base', | |
160 'sandbox_services', | |
161 'sandbox_services_headers', | |
162 ], | |
163 'defines': [ | |
164 'SANDBOX_IMPLEMENTATION', | |
165 ], | |
166 'includes': [ | |
167 # Disable LTO due to compiler bug | |
168 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57703 | |
169 '../../build/android/disable_gcc_lto.gypi', | |
170 ], | |
171 'include_dirs': [ | |
172 '../..', | |
173 ], | |
174 }, | |
175 { | |
176 'target_name': 'seccomp_bpf_helpers', | |
177 'type': '<(component)', | |
178 'sources': [ | |
179 'seccomp-bpf-helpers/baseline_policy.cc', | |
180 'seccomp-bpf-helpers/baseline_policy.h', | |
181 'seccomp-bpf-helpers/sigsys_handlers.cc', | |
182 'seccomp-bpf-helpers/sigsys_handlers.h', | |
183 'seccomp-bpf-helpers/syscall_parameters_restrictions.cc', | |
184 'seccomp-bpf-helpers/syscall_parameters_restrictions.h', | |
185 'seccomp-bpf-helpers/syscall_sets.cc', | |
186 'seccomp-bpf-helpers/syscall_sets.h', | |
187 ], | |
188 'dependencies': [ | |
189 '../base/base.gyp:base', | |
190 'sandbox_services', | |
191 'seccomp_bpf', | |
192 ], | |
193 'defines': [ | |
194 'SANDBOX_IMPLEMENTATION', | |
195 ], | |
196 'include_dirs': [ | |
197 '../..', | |
198 ], | |
199 }, | |
200 { | |
201 # The setuid sandbox, for Linux | |
202 'target_name': 'chrome_sandbox', | |
203 'type': 'executable', | |
204 'sources': [ | |
205 'suid/common/sandbox.h', | |
206 'suid/common/suid_unsafe_environment_variables.h', | |
207 'suid/process_util.h', | |
208 'suid/process_util_linux.c', | |
209 'suid/sandbox.c', | |
210 ], | |
211 'cflags': [ | |
212 # For ULLONG_MAX | |
213 '-std=gnu99', | |
214 ], | |
215 'include_dirs': [ | |
216 '../..', | |
217 ], | |
218 # Do not use any sanitizer tools with this binary. http://crbug.com/382766 | |
219 'cflags/': [ | |
220 ['exclude', '-fsanitize'], | |
221 ], | |
222 'ldflags/': [ | |
223 ['exclude', '-fsanitize'], | |
224 ], | |
225 }, | |
226 { 'target_name': 'sandbox_services', | |
227 'type': '<(component)', | |
228 'sources': [ | |
229 'services/init_process_reaper.cc', | |
230 'services/init_process_reaper.h', | |
231 'services/proc_util.cc', | |
232 'services/proc_util.h', | |
233 'services/resource_limits.cc', | |
234 'services/resource_limits.h', | |
235 'services/scoped_process.cc', | |
236 'services/scoped_process.h', | |
237 'services/syscall_wrappers.cc', | |
238 'services/syscall_wrappers.h', | |
239 'services/thread_helpers.cc', | |
240 'services/thread_helpers.h', | |
241 'services/yama.cc', | |
242 'services/yama.h', | |
243 'syscall_broker/broker_channel.cc', | |
244 'syscall_broker/broker_channel.h', | |
245 'syscall_broker/broker_client.cc', | |
246 'syscall_broker/broker_client.h', | |
247 'syscall_broker/broker_common.h', | |
248 'syscall_broker/broker_file_permission.cc', | |
249 'syscall_broker/broker_file_permission.h', | |
250 'syscall_broker/broker_host.cc', | |
251 'syscall_broker/broker_host.h', | |
252 'syscall_broker/broker_policy.cc', | |
253 'syscall_broker/broker_policy.h', | |
254 'syscall_broker/broker_process.cc', | |
255 'syscall_broker/broker_process.h', | |
256 ], | |
257 'dependencies': [ | |
258 '../base/base.gyp:base', | |
259 ], | |
260 'defines': [ | |
261 'SANDBOX_IMPLEMENTATION', | |
262 ], | |
263 'conditions': [ | |
264 ['compile_credentials==1', { | |
265 'sources': [ | |
266 'services/credentials.cc', | |
267 'services/credentials.h', | |
268 'services/namespace_sandbox.cc', | |
269 'services/namespace_sandbox.h', | |
270 'services/namespace_utils.cc', | |
271 'services/namespace_utils.h', | |
272 ], | |
273 'dependencies': [ | |
274 # for capability.h. | |
275 'sandbox_services_headers', | |
276 ], | |
277 }], | |
278 ], | |
279 'include_dirs': [ | |
280 '..', | |
281 ], | |
282 }, | |
283 { 'target_name': 'sandbox_services_headers', | |
284 'type': 'none', | |
285 'sources': [ | |
286 'system_headers/arm64_linux_syscalls.h', | |
287 'system_headers/arm64_linux_ucontext.h', | |
288 'system_headers/arm_linux_syscalls.h', | |
289 'system_headers/arm_linux_ucontext.h', | |
290 'system_headers/capability.h', | |
291 'system_headers/i386_linux_ucontext.h', | |
292 'system_headers/linux_futex.h', | |
293 'system_headers/linux_seccomp.h', | |
294 'system_headers/linux_syscalls.h', | |
295 'system_headers/linux_time.h', | |
296 'system_headers/linux_ucontext.h', | |
297 'system_headers/mips_linux_syscalls.h', | |
298 'system_headers/mips_linux_ucontext.h', | |
299 'system_headers/x86_32_linux_syscalls.h', | |
300 'system_headers/x86_64_linux_syscalls.h', | |
301 ], | |
302 'include_dirs': [ | |
303 '..', | |
304 ], | |
305 }, | |
306 { | |
307 # We make this its own target so that it does not interfere | |
308 # with our tests, and so that it may be selectively included | |
309 # in ports which need it. | |
310 'target_name': 'libc_urandom_override', | |
311 'type': 'static_library', | |
312 'sources': [ | |
313 'services/libc_urandom_override.cc', | |
314 'services/libc_urandom_override.h', | |
315 ], | |
316 'dependencies': [ | |
317 '../base/base.gyp:base', | |
318 ], | |
319 'include_dirs': [ | |
320 '..', | |
321 ], | |
322 }, | |
323 { | |
324 'target_name': 'suid_sandbox_client', | |
325 'type': '<(component)', | |
326 'sources': [ | |
327 'suid/common/sandbox.h', | |
328 'suid/common/suid_unsafe_environment_variables.h', | |
329 'suid/client/setuid_sandbox_client.cc', | |
330 'suid/client/setuid_sandbox_client.h', | |
331 'suid/client/setuid_sandbox_host.cc', | |
332 'suid/client/setuid_sandbox_host.h', | |
333 ], | |
334 'defines': [ | |
335 'SANDBOX_IMPLEMENTATION', | |
336 ], | |
337 'dependencies': [ | |
338 '../base/base.gyp:base', | |
339 'sandbox_services', | |
340 ], | |
341 'include_dirs': [ | |
342 '..', | |
343 ], | |
344 }, | |
345 { | |
346 'target_name': 'bpf_dsl_golden', | |
347 'type': 'none', | |
348 'actions': [ | |
349 { | |
350 'action_name': 'generate', | |
351 'inputs': [ | |
352 'bpf_dsl/golden/generate.py', | |
353 'bpf_dsl/golden/i386/ArgSizePolicy.txt', | |
354 'bpf_dsl/golden/i386/BasicPolicy.txt', | |
355 'bpf_dsl/golden/i386/ElseIfPolicy.txt', | |
356 'bpf_dsl/golden/i386/MaskingPolicy.txt', | |
357 'bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt', | |
358 'bpf_dsl/golden/i386/NegativeConstantsPolicy.txt', | |
359 'bpf_dsl/golden/i386/SwitchPolicy.txt', | |
360 'bpf_dsl/golden/x86-64/ArgSizePolicy.txt', | |
361 'bpf_dsl/golden/x86-64/BasicPolicy.txt', | |
362 'bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt', | |
363 'bpf_dsl/golden/x86-64/ElseIfPolicy.txt', | |
364 'bpf_dsl/golden/x86-64/MaskingPolicy.txt', | |
365 'bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt', | |
366 'bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt', | |
367 'bpf_dsl/golden/x86-64/SwitchPolicy.txt', | |
368 ], | |
369 'outputs': [ | |
370 '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_file
s.h', | |
371 ], | |
372 'action': [ | |
373 'python', | |
374 'linux/bpf_dsl/golden/generate.py', | |
375 '<(SHARED_INTERMEDIATE_DIR)/sandbox/linux/bpf_dsl/golden/golden_file
s.h', | |
376 'linux/bpf_dsl/golden/i386/ArgSizePolicy.txt', | |
377 'linux/bpf_dsl/golden/i386/BasicPolicy.txt', | |
378 'linux/bpf_dsl/golden/i386/ElseIfPolicy.txt', | |
379 'linux/bpf_dsl/golden/i386/MaskingPolicy.txt', | |
380 'linux/bpf_dsl/golden/i386/MoreBooleanLogicPolicy.txt', | |
381 'linux/bpf_dsl/golden/i386/NegativeConstantsPolicy.txt', | |
382 'linux/bpf_dsl/golden/i386/SwitchPolicy.txt', | |
383 'linux/bpf_dsl/golden/x86-64/ArgSizePolicy.txt', | |
384 'linux/bpf_dsl/golden/x86-64/BasicPolicy.txt', | |
385 'linux/bpf_dsl/golden/x86-64/BooleanLogicPolicy.txt', | |
386 'linux/bpf_dsl/golden/x86-64/ElseIfPolicy.txt', | |
387 'linux/bpf_dsl/golden/x86-64/MaskingPolicy.txt', | |
388 'linux/bpf_dsl/golden/x86-64/MoreBooleanLogicPolicy.txt', | |
389 'linux/bpf_dsl/golden/x86-64/NegativeConstantsPolicy.txt', | |
390 'linux/bpf_dsl/golden/x86-64/SwitchPolicy.txt', | |
391 ], | |
392 'message': 'Generating header from golden files ...', | |
393 }, | |
394 ], | |
395 }, | |
396 ], | |
397 'conditions': [ | |
398 [ 'OS=="android"', { | |
399 'targets': [ | |
400 { | |
401 'target_name': 'sandbox_linux_unittests_stripped', | |
402 'type': 'none', | |
403 'dependencies': [ 'sandbox_linux_unittests' ], | |
404 'actions': [{ | |
405 'action_name': 'strip sandbox_linux_unittests', | |
406 'inputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests' ], | |
407 'outputs': [ '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped' ], | |
408 'action': [ '<(android_strip)', '<@(_inputs)', '-o', '<@(_outputs)' ], | |
409 }], | |
410 }, | |
411 { | |
412 'target_name': 'sandbox_linux_unittests_deps', | |
413 'type': 'none', | |
414 'dependencies': [ | |
415 'sandbox_linux_unittests_stripped', | |
416 ], | |
417 # For the component build, ensure dependent shared libraries are | |
418 # stripped and put alongside sandbox_linux_unittests to simplify pushing | |
419 # to the device. | |
420 'variables': { | |
421 'output_dir': '<(PRODUCT_DIR)/sandbox_linux_unittests_deps/', | |
422 'native_binary': '<(PRODUCT_DIR)/sandbox_linux_unittests_stripped', | |
423 'include_main_binary': 0, | |
424 }, | |
425 'includes': [ | |
426 '../../build/android/native_app_dependencies.gypi' | |
427 ], | |
428 }], | |
429 }], | |
430 [ 'OS=="android"', { | |
431 'targets': [ | |
432 { | |
433 'target_name': 'sandbox_linux_jni_unittests_apk', | |
434 'type': 'none', | |
435 'variables': { | |
436 'test_suite_name': 'sandbox_linux_jni_unittests', | |
437 }, | |
438 'dependencies': [ | |
439 'sandbox_linux_jni_unittests', | |
440 ], | |
441 'includes': [ '../../build/apk_test.gypi' ], | |
442 } | |
443 ], | |
444 }], | |
445 ['test_isolation_mode != "noop"', { | |
446 'targets': [ | |
447 { | |
448 'target_name': 'sandbox_linux_unittests_run', | |
449 'type': 'none', | |
450 'dependencies': [ | |
451 'sandbox_linux_unittests', | |
452 ], | |
453 'includes': [ | |
454 '../../build/isolate.gypi', | |
455 ], | |
456 'sources': [ | |
457 '../sandbox_linux_unittests.isolate', | |
458 ], | |
459 }, | |
460 ], | |
461 }], | |
462 ], | |
463 } | |
OLD | NEW |